Merge pull request #2 from dem108/patch-12

msakande · web-flow · commit a25cce6bc068 · 2022-12-14T13:32:17.000-06:00
clarify identity permission requirement
diff --git a/articles/machine-learning/how-to-secure-online-endpoint.md b/articles/machine-learning/how-to-secure-online-endpoint.md
@@ -46,6 +46,8 @@ The following diagram shows how communications flow through private endpoints to
 
 * The Azure Container Registry and Azure Storage Account must be in the same Azure Resource Group as the workspace.
 
+* In case you want to use [user-assigned managed identity](/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp) to create and manage online endpoints and online deployments, the identity should have proper permission described in the section for [service authentication](https://learn.microsoft.com/en-us/azure/machine-learning/how-to-identity-based-service-authentication?tabs=cli#workspace). For example, you need to assign the proper RBAC permission for Azure Key Vault on the identity.
+
 > [!IMPORTANT]
 > The end-to-end example in this article comes from the files in the __azureml-examples__ GitHub repository. To clone the samples repository and switch to the repository's `cli/` directory, use the following commands: 
 >

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,8 @@ The following diagram shows how communications flow through private endpoints to`
`46`	`46`
`47`	`47`	`* The Azure Container Registry and Azure Storage Account must be in the same Azure Resource Group as the workspace.`
`48`	`48`
	`49`	+* In case you want to use [user-assigned managed identity](/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp) to create and manage online endpoints and online deployments, the identity should have proper permission described in the section for [service authentication](https://learn.microsoft.com/en-us/azure/machine-learning/how-to-identity-based-service-authentication?tabs=cli#workspace). For example, you need to assign the proper RBAC permission for Azure Key Vault on the identity.
	`50`	`+`
`49`	`51`	`> [!IMPORTANT]`
`50`	`52`	> The end-to-end example in this article comes from the files in the __azureml-examples__ GitHub repository. To clone the samples repository and switch to the repository's `cli/` directory, use the following commands:
`51`	`53`	`>`