You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Allowed methods: `DELETE, GET, HEAD, POST, OPTIONS, PUT`
85
85
86
-
:::image type="content" source="./media/faq/resource-sharing-setting-storage-account.png" alt-text="Screenshot that shows datastore with wrong account key." lightbox = "./media/faq/resource-sharing-setting-storage-account.png":::
86
+
:::image type="content" source="./media/faq/resource-sharing-setting-storage-account.png" alt-text="Screenshot that shows Resource sharing config of storage account." lightbox = "./media/faq/resource-sharing-setting-storage-account.png":::
87
87
88
88
## Compute session related issues
89
89
@@ -275,21 +275,21 @@ If you encounter an error like "Access denied to list workspace secret", check w
275
275
276
276
You can follow [Identity-based data authentication](../how-to-administrate-data-authentication.md#identity-based-data-authentication) this part to make your datastore credential-less.
277
277
278
-
You need to change auth type of datastore to None, which stands for meid_token based auth. For blob/adls gen1/adls gen2 based datastore, you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
278
+
You need to change auth type of datastore to None, which stands for meid_token based auth. For blob/adls gen1/adls gen2 based datastore (at least for `workspaceblobstore`), you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
279
279
280
280
:::image type="content" source="./media/faq/datastore_auth_type.png" alt-text="Screenshot of auth type for datastore. " lightbox = "./media/faq/datastore_auth_type.png":::
281
281
282
-
For fileshare based datastore, you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`.
282
+
For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`.
283
283
284
284
:::image type="content" source="./media/faq/datastore-update-rest.png" alt-text="Screenshot of rest for datastore update. " lightbox = "./media/faq/datastore-update-rest.png":::
285
285
286
286
#### Grant permission to user identity or managed identity
287
287
288
288
To use credential-less datastore in prompt flow, you need to grant enough permissions to user identity or managed identity to access the datastore.
289
289
- If you're using user identity this default option in prompt flow, you need to make sure the user identity has following role on the storage account:
290
-
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better have delete) permission.
291
-
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better have delete) permission
290
+
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better also include delete) permission.
291
+
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better also include delete) permission
292
292
- If you're using user assigned managed identity, you need to make sure the managed identity has following role on the storage account:
293
-
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better have delete) permission.
294
-
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better have delete) permission
293
+
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better also include delete) permission.
294
+
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better also include delete) permission
295
295
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account, if your want use prompt flow to authoring and test flow.
0 commit comments