search

Azure / MachineLearningNotebooks

Python notebooks with ML and deep learning examples with Azure Machine Learning Python SDK | Microsoft
https://docs.microsoft.com/azure/machine-learning/service/
MIT License
4.01k stars 2.49k forks source link

Model Registering with managed application failing with all the Authentication #1475

Open sarthakvijayvergiya opened 3 years ago

sarthakvijayvergiya commented 3 years ago

I am trying to register model inside deployment script using automatic deployment from managed application getting below error

{ "error": { "code": "UserError", "message": "\nOperation returned an invalid status code 'Forbidden'. The possible reason could be:\n1. You are not authorized to access this resource, or directory listing denied.\n2. you may not login your azure service, or use other subscription, you can check your\ndefault account by running azure cli commend:\n'az account list -o table'.\n3. You have multiple objects/login session opened, please close all session and try again.\n " } }

shivanissambare commented 3 years ago

Hi, you need to have at least contributor access to the workspace to perform model registration.

https://docs.microsoft.com/en-us/azure/machine-learning/concept-enterprise-security#restrict-access-to-resources-and-operations

sarthakvijayvergiya commented 3 years ago

Hey @shivanissambare, We had tried with owner access that is giving same error.

shivanissambare commented 3 years ago

ideally if you have owner level permission, this is present but make sure in the RBAC permissions you have following string : Microsoft.MachineLearningServices/workspaces/models/write

https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

sarthakvijayvergiya commented 3 years ago

yes, that is present.. We are creating machine learning workspace from arm template and after that with using deployment script inside azure container instance we are executing python script for registering model and this whole solution is deployed as service catalog definition and where we are getting this above error..

** If we are running without service catalog definition deploy directly from arm template it's working..

krabhishek8260 commented 3 years ago

How are you getting the token to auth for model registration? How are you registering models? Is it using REST APIs?

sarthakvijayvergiya commented 3 years ago

` session = azureml.core.authentication.InteractiveLoginAuthentication(tenant_id=tenant_id)

try: ws = Workspace(subscription_id = subscription_id, resource_group = resource_group_name, workspace_name = aml_workspace_name ) ws.write_config()

print('Library configuration succeeded')

except: print('Workspace not found')

print("Registering grocery model on ML workspace")

model = Model.register(model_path = "xxxx", model_name="xxxxx", tags={"model": "xxxx", "device": "xxxx", "framework": "xxxx"}, workspace=ws)`

krabhishek8260 commented 2 years ago

You might want to reach out to service catalog support to see why it fails from there. From AzureML perspective this checks out as you are able to register model from ARM template.