You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/prompt-flow/troubleshoot-guidance.md
+7-10Lines changed: 7 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -275,21 +275,18 @@ If you encounter an error like "Access denied to list workspace secret", check w
275
275
276
276
You can follow [Identity-based data authentication](../how-to-administrate-data-authentication.md#identity-based-data-authentication) this part to make your datastore credential-less.
277
277
278
-
You need to change auth type of datastore to None, which stands for meid_token based auth.
278
+
You need to change auth type of datastore to None, which stands for meid_token based auth. You can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
279
279
280
280
:::image type="content" source="./media/faq/datastore-auth-type.png" alt-text="Screenshot of auth type for datastore. " lightbox = "./media/faq/datastore-auth-type.png":::
281
281
282
-
For blob/adls gen1/adls gen2 based datastore (at least for `workspaceblobstore` and `workspaceartifactstore`), you can make change from datastore detail page, or CLI/SDK: https://github.com/Azure/azureml-examples/tree/main/cli/resources/datastore
282
+
For blobbased datastore, you can change auth type and also enable workspace MSI to access the storage account.
283
283
284
-
:::image type="content" source="./media/faq/datastore-update-auth-type.png" alt-text="Screenshot of update auth type for datastore. " lightbox = "./media/faq/datastore-update-auth-type.png":::
284
+
:::image type="content" source="./media/faq/datastore-update-auth-type.png" alt-text="Screenshot of update auth type for blob based datastore. " lightbox = "./media/faq/datastore-update-auth-type.png":::
285
285
286
-
For fileshare based datastore (at least for `workspaceworkingdirectory`), you can only change auth type for REST API: [datastores-create-or-update](/rest/api/azureml/datastores/create-or-update?tabs=HTTP#code-try-0). You can first use [datastores-get](/rest/api/azureml/datastores/get?tabs=HTTP#code-try-0) to get the body properties of datastore, then change `"credentialsType": "None"`.
286
+
For file share based datastore, you can change auth type only.
287
287
288
-
:::image type="content" source="./media/faq/fileshare-datastore-update-auth-type.png" alt-text="Screenshot of update auth type for fileshare based datastore. " lightbox = "./media/faq/fileshare-datastore-update-auth-type.png":::
288
+
:::image type="content" source="./media/faq/datastore-update-auth-type-file.png" alt-text="Screenshot of update auth type for file share based datastore. " lightbox = "./media/faq/datastore-update-auth-type-file.png":::
289
289
290
-
For `workspaceartifactstore` data store you need also specify `subscriptionId`, `accountName` and `"serviceDataAccessAuthIdentity": "WorkspaceSystemAssignedIdentity"`, as you can not do this in UI side.
291
-
292
-
:::image type="content" source="./media/faq/datastore-update-rest.png" alt-text="Screenshot of rest for datastore update. " lightbox = "./media/faq/datastore-update-rest.png":::
293
290
294
291
#### Grant permission to user identity or managed identity
295
292
@@ -302,5 +299,5 @@ To use credential-less datastore in prompt flow, you need to grant enough permis
302
299
- If you're using user assigned managed identity, you need to make sure the managed identity has following role on the storage account:
303
300
- `Storage Blob Data Contributor`on the storage account, at least need read/write (better also include delete) permission.
304
301
- `Storage File Data Privileged Contributor`on the storage account, at least need read/write (better also include delete) permission.
305
-
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account at least, if your want use prompt flow to authoring and test flow.
306
-
- If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need to grant workspace MSI as `Storage Table Data Contributor` to storage account linked with workspace.
302
+
- Meanwhile, you need to assign user identity `Storage Blob Data Read` role to storage account at least, if you want to use prompt flow to authoring and test flow.
303
+
- If you still can't view the flow detail page and the first time you using prompt flow is earlier than 2024-01-01, you need to grant workspace MSI as `Storage Table Data Contributor` to storage account linked with workspace.
0 commit comments