search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.35k stars 2.71k forks source link

Scope of permissions to storage for Document Translation's Managed Identity #33942

Open hamer101 opened 5 months ago

hamer101 commented 5 months ago

The Managed Identities for Document Translation guide states that one has to assign a role of Storage Blob Data Contributor in a storage scope to the MI of the Translator service. It is quite a high-level permission, especially given the usecase of translating single files.

Since the mentioned usecase imples a whole flow of managing related blobs, it would be great for the DocumentTranslationClient's begin_translation() method to simply mimic the behavior of DocumentAnalysisClient's class begin_analyze_document() with its acceptance of files as IO[bytes].

Although I understand its purpose is to be more container-batch oriented, so to lower the access scope demand down to specific containers would be just as fine. Would you be willing to consider it?

Additionally, I think that the particulars regarding the permission scopes should be more visible in documentation :)

kristapratico commented 5 months ago

@hamer101 thanks for your feedback. Adding @krishna-doss-mohan to comment on the request.