Merge pull request #279423 from cloga/lochen/credential-less-new

add related link

Author: prmerger-automator[bot]

articles/machine-learning/prompt-flow/how-to-manage-compute-session.md

@@ -77,8 +77,8 @@ One flow binds to one compute session. You can start a compute session on a flow
         |---|---|
         |Azure Machine Learning workspace|Contributor|
         |Azure Storage|Contributor (control plane) + Storage Blob Data Contributor + Storage File Data Privileged Contributor (data plane, consume flow draft in fileshare and data in blob)|
+        |Azure Key Vault (when using [access policies permission model](../../key-vault/general/assign-access-policy.md))|Contributor + any access policy permissions besides **purge** operations, this is `default mode` for linked Azure Key Vault.|
         |Azure Key Vault (when using [RBAC permission model](../../key-vault/general/rbac-guide.md))|Contributor (control plane) + Key Vault Administrator (data plane)|
-        |Azure Key Vault (when using [access policies permission model](../../key-vault/general/assign-access-policy.md))|Contributor + any access policy permissions besides **purge** operations|
         |Azure Container Registry|Contributor|
         |Azure Application Insights|Contributor|
 

articles/machine-learning/prompt-flow/troubleshoot-guidance.md

@@ -271,6 +271,10 @@ If you encounter an error like "Access denied to list workspace secret", check w
 
 ### How do I use credential-less datastore in prompt flow?
 
+To use credential-less storage in Azure AI studio. You need basically do following things:
+- Change the data store auth type to None.
+- Grant project MSI and user blob/file data contributor permission on storage.
+
 #### Change auth type of datastore to None
 
 You can follow [Identity-based data authentication](../how-to-administrate-data-authentication.md#identity-based-data-authentication) this part to make your datastore credential-less. 
@@ -300,4 +304,4 @@ To use credential-less datastore in prompt flow, you need to grant enough permis
     - `Storage Blob Data Contributor` on the storage account, at least need read/write (better also include delete) permission.
     - `Storage File Data Privileged Contributor` on the storage account, at least need read/write (better also include delete) permission.
     - Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account at least, if you want to use prompt flow to authoring and test flow.
-- If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need to grant workspace MSI as `Storage Table Data Contributor` to storage account linked with workspace.
+- If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need to grant workspace MSI as `Storage Table Data Contributor` to storage account linked with workspace.