Merge pull request #238762 from mingweihe/user/mingweihe/optimize-docs-for-UAI-workspace

prmerger-automator[bot] · web-flow · commit d5e88ff47d40 · 2023-05-26T17:56:23.000Z
optimize docs for UAI workspace
diff --git a/articles/machine-learning/how-to-identity-based-service-authentication.md b/articles/machine-learning/how-to-identity-based-service-authentication.md
@@ -62,25 +62,22 @@ For automated creation of role assignments on your user-assigned managed identit
 > [!TIP]
 > For a workspace with [customer-managed keys for encryption](concept-data-encryption.md), you can pass in a user-assigned managed identity to authenticate from storage to Key Vault. Use the `user-assigned-identity-for-cmk-encryption` (CLI) or `user_assigned_identity_for_cmk_encryption` (SDK) parameters to pass in the managed identity. This managed identity can be the same or different as the workspace primary user assigned managed identity.
 
-To create a workspace with user assigned identity, use one of the following methods:
+#### To create a workspace with multiple user assigned identities, use one of the following methods:
 
 # [Azure CLI](#tab/cli)
 
 [!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
 
 ```azurecli
-az ml workspace create -f workspace_uai.yml
+az ml workspace create -f workspace_creation_with_multiple_UAIs.yml --subscription <subscription ID> --resource-group <resource group name> --name <workspace name>
 ```
 
-Where the contents of *workspace_uai.yml* are as follows:
+Where the contents of *workspace_creation_with_multiple_UAIs.yml* are as follows:
 
 ```yaml
-name: <workspace name>
 location: <region name>
-resource_group: <resource group name>
 identity:
    type: user_assigned
-   tenant_id: <tenant ID>
    user_assigned_identities:
     '<UAI resource ID 1>': {}
     '<UAI resource ID 2>': {}
@@ -97,41 +94,73 @@ primary_user_assigned_identity: <one of the UAI resource IDs in the above list>
 ```python
 from azure.ai.ml import MLClient, load_workspace
 from azure.identity import DefaultAzureCredential
+
 sub_id="<subscription ID>"
 rg_name="<resource group name>"
 ws_name="<workspace name>"
+
 client = MLClient(DefaultAzureCredential(), sub_id, rg_name)
-wps = load_workspace("workspace_uai.yml")
+wps = load_workspace("workspace_creation_with_multiple_UAIs.yml")
+
 workspace = client.workspaces.begin_create(workspace=wps).result()
-# update SAI workspace to SAI&UAI workspace
-wps = load_workspace("workspace_sai_and_uai.yml")
-workspace = client.workspaces.begin_update(workspace=wps).result()
 ```
 
-Where the contents of *workspace_sai_and_uai.yml* are as follows:
+# [Studio](#tab/azure-studio)
+
+Not supported currently.
+
+---
+
+#### To update user assigned identities for a workspace, includes adding a new one or deleting the existing ones, use one of the following methods:
+
+# [Azure CLI](#tab/cli)
+
+[!INCLUDE [cli v2](../../includes/machine-learning-cli-v2.md)]
+
+```azurecli
+az ml workspace update -f workspace_update_with_multiple_UAIs.yml --subscription <subscription ID> --resource-group <resource group name> --name <workspace name>
+```
+
+Where the contents of *workspace_update_with_multiple_UAIs.yml* are as follows:
 
 ```yaml
-name: <workspace name>
-location: <region name>
-resource_group: <resource group name>
 identity:
-   type: system_assigned, user_assigned
-   tenant_id: <tenant ID>
+   type: user_assigned
    user_assigned_identities:
     '<UAI resource ID 1>': {}
     '<UAI resource ID 2>': {}
-storage_account: <storage acccount resource ID>
-key_vault: <key vault resource ID>
-image_build_compute: <compute(virtual machine) resource ID>
 primary_user_assigned_identity: <one of the UAI resource IDs in the above list>
 ```
 
+# [Python SDK](#tab/python)
+
+[!INCLUDE [sdk v2](../../includes/machine-learning-sdk-v2.md)]
+
+```python
+from azure.ai.ml import MLClient, load_workspace
+from azure.identity import DefaultAzureCredential
+
+sub_id="<subscription ID>"
+rg_name="<resource group name>"
+ws_name="<workspace name>"
+
+client = MLClient(DefaultAzureCredential(), sub_id, rg_name)
+wps = load_workspace("workspace_update_with_multiple_UAIs.yml")
+
+workspace = client.workspaces.begin_update(workspace=wps).result()
+```
+
 # [Studio](#tab/azure-studio)
 
 Not supported currently.
 
 ---
 
+> [!TIP]
+> To add a new UAI, you can specify the new UAI ID under the section user_assigned_identities in addition to the existing UAIs, it's required to pass all the existing UAI IDs.<br>
+To delete one or more existing UAIs, you can put the UAI IDs which needs to be preserved under the section user_assigned_identities, the rest UAI IDs would be deleted.<br>
+To update identity type from SAI to UAI|SAI, you can change type from "user_assigned" to "system_assigned, user_assigned".
+
 ### Compute cluster
 
 > [!NOTE]
