Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/LocalDevelopmentSetup.md
Original file line number Diff line number Diff line change
Expand Up @@ -273,8 +273,8 @@ az cosmosdb sql role assignment create --resource-group <solution-accelerator-rg
**Assign the required roles:**

```bash
# Azure AI User role
az role assignment create --assignee <aad-user-upn> --role "Azure AI User" --scope /subscriptions/<subscription-id>/resourceGroups/<solution-accelerator-rg>/providers/Microsoft.CognitiveServices/accounts/<foundry-account-name>/projects/<foundry-project-name>
# Foundry User role
az role assignment create --assignee <aad-user-upn> --role "Foundry User" --scope /subscriptions/<subscription-id>/resourceGroups/<solution-accelerator-rg>/providers/Microsoft.CognitiveServices/accounts/<foundry-account-name>/projects/<foundry-project-name>
```

```bash
Expand Down
4 changes: 2 additions & 2 deletions docs/re-use-foundry-project.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,9 @@ Replace `<Existing Foundry Project Resource ID>` with the value obtained from St
Proceed with the next steps in the [deployment guide](DeploymentGuide.md#deployment-steps).

> **Note:**
> After deployment, if you want to access agents created by the accelerator via the Azure AI Foundry Portal, or if you plan to debug or run the application locally, you must assign yourself either the **Azure AI User** or **Azure AI Developer** role for the Foundry resource.
> After deployment, if you want to access agents created by the accelerator via the Azure AI Foundry Portal, or if you plan to debug or run the application locally, you must assign yourself either the **Foundry User** or **Azure AI Developer** role for the Foundry resource.
> You can do this in the Azure Portal under the Foundry resource's "Access control (IAM)" section,
> **or** run the following command in your terminal (replace `<aad-user-upn>` with your Azure AD user principal name and `<resource-id>` with the Resource ID you copied in Step 5):
> ```bash
> az role assignment create --assignee <aad-user-upn> --role "Azure AI User" --scope <resource-id>
> az role assignment create --assignee <aad-user-upn> --role "Foundry User" --scope <resource-id>
> ```
6 changes: 3 additions & 3 deletions infra/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -854,7 +854,7 @@ module existingAiFoundryAiServicesDeployments 'modules/ai-services-deployments.b
]
roleAssignments: [
{
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
principalId: userAssignedIdentity.outputs.principalId
principalType: 'ServicePrincipal'
}
Expand Down Expand Up @@ -935,7 +935,7 @@ module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-service
managedIdentities: { userAssignedResourceIds: [userAssignedIdentity!.outputs.resourceId] } //To create accounts or projects, you must enable a managed identity on your resource
roleAssignments: [
{
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
principalId: userAssignedIdentity.outputs.principalId
principalType: 'ServicePrincipal'
}
Expand All @@ -950,7 +950,7 @@ module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-service
principalType: 'ServicePrincipal'
}
{
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
principalId: deployingUserPrincipalId
principalType: deployerPrincipalType
}
Expand Down
30 changes: 15 additions & 15 deletions infra/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "8490920419623942773"
"version": "0.43.8.12551",
"templateHash": "12475542446442392463"
},
"name": "Multi-Agent Custom Automation Engine",
"description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\r\n\r\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\r\n"
"description": "This module contains the resources required to deploy the [Multi-Agent Custom Automation Engine solution accelerator](https://github.com/microsoft/Multi-Agent-Custom-Automation-Engine-Solution-Accelerator) for both Sandbox environments and WAF aligned environments.\n\n> **Note:** This module is not intended for broad, generic use, as it was designed by the Commercial Solution Areas CTO team, as a Microsoft Solution Accelerator. Feature requests and bug fix requests are welcome if they support the needs of this organization but may not be incorporated if they aim to make this module more generic than what it needs to be for its primary use case. This module will likely be updated to leverage AVM resource modules in the future. This may result in breaking changes in upcoming versions when these features are implemented.\n"
},
"parameters": {
"solutionName": {
Expand Down Expand Up @@ -4991,8 +4991,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "4286500745908716598"
"version": "0.43.8.12551",
"templateHash": "9540091515555271756"
}
},
"definitions": {
Expand Down Expand Up @@ -24308,8 +24308,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "6570260143045999127"
"version": "0.43.8.12551",
"templateHash": "7866379492866507946"
}
},
"definitions": {
Expand Down Expand Up @@ -28012,8 +28012,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "14513113443903512301"
"version": "0.43.8.12551",
"templateHash": "2868048678223903575"
}
},
"parameters": {
Expand Down Expand Up @@ -42561,8 +42561,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "15053339789155096730"
"version": "0.43.8.12551",
"templateHash": "18345308984648474640"
}
},
"definitions": {
Expand Down Expand Up @@ -43593,8 +43593,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "16493651611122310009"
"version": "0.43.8.12551",
"templateHash": "1009721598684973971"
},
"name": "Site App Settings",
"description": "This module deploys a Site App Setting."
Expand Down Expand Up @@ -54840,8 +54840,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.42.1.51946",
"templateHash": "4859654437121510695"
"version": "0.43.8.12551",
"templateHash": "9739523049889844356"
}
},
"parameters": {
Expand Down
6 changes: 3 additions & 3 deletions infra/main_custom.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -853,7 +853,7 @@ module existingAiFoundryAiServicesDeployments 'modules/ai-services-deployments.b
]
roleAssignments: [
{
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
principalId: userAssignedIdentity.outputs.principalId
principalType: 'ServicePrincipal'
}
Expand Down Expand Up @@ -934,7 +934,7 @@ module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-service
managedIdentities: { userAssignedResourceIds: [userAssignedIdentity!.outputs.resourceId] } //To create accounts or projects, you must enable a managed identity on your resource
roleAssignments: [
{
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
principalId: userAssignedIdentity.outputs.principalId
principalType: 'ServicePrincipal'
}
Expand All @@ -949,7 +949,7 @@ module aiFoundryAiServices 'br:mcr.microsoft.com/bicep/avm/res/cognitive-service
principalType: 'ServicePrincipal'
}
{
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Foundry User
principalId: deployingUserPrincipalId
principalType: deployerPrincipalType
}
Expand Down
14 changes: 7 additions & 7 deletions infra/scripts/assign_azure_ai_user_role.sh
Original file line number Diff line number Diff line change
Expand Up @@ -25,25 +25,25 @@ fi

IFS=',' read -r -a principal_ids_array <<< $principal_ids

echo "Assigning Azure AI User role role to users"
echo "Assigning Foundry User role to users"
Comment thread
Prajwal-Microsoft marked this conversation as resolved.

echo "Using provided Azure AI resource id: $aif_resource_id"

for principal_id in "${principal_ids_array[@]}"; do

# Check if the user has the Azure AI User role
echo "Checking if user - ${principal_id} has the Azure AI User role"
# Check if the user has the Foundry User role
echo "Checking if user - ${principal_id} has the Foundry User role"
role_assignment=$(MSYS_NO_PATHCONV=1 az role assignment list --role 53ca6127-db72-4b80-b1b0-d745d6d5456d --scope $aif_resource_id --assignee $principal_id --query "[].roleDefinitionId" -o tsv)
if [ -z "$role_assignment" ]; then
echo "User - ${principal_id} does not have the Azure AI User role. Assigning the role."
echo "User - ${principal_id} does not have the Foundry User role. Assigning the role."
MSYS_NO_PATHCONV=1 az role assignment create --assignee $principal_id --role 53ca6127-db72-4b80-b1b0-d745d6d5456d --scope $aif_resource_id --output none
if [ $? -eq 0 ]; then
echo "Azure AI User role assigned successfully."
echo "Foundry User role assigned successfully."
else
echo "Failed to assign Azure AI User role."
echo "Failed to assign Foundry User role."
exit 1
fi
else
echo "User - ${principal_id} already has the Azure AI User role."
echo "User - ${principal_id} already has the Foundry User role."
fi
done
Loading