Enabling access to storage

Using role assignments

As a part of the deployment process, NannyML Cloud creates a managed identity aptly called nannyml.

By granting that managed identity the correct roles and permissions, you can have the NannyML Cloud instance read data from a storage container!

Setting permissions on your storage account

1. Navigate to your storage account using the Azure portal. In this example, we have a storage account with a container called model-monitoring. The access level has been set to private. There are three files present, representing reference data, analysis data, and target data.

2. Navigate to the Access Control (IAM) pane.

3. Now click the Add role assignment button in the bottom left corner.

4. This window will give you a very long overview of available roles. You can select any applicable role here, but something like Blob Data Reader should give sufficient permissions to read the data in this storage container. Search for the role using the search bar, select it and hit the Next button in the bottom left corner.

5. Now you'll select the member to assign the role to. In this case you'll assign it to a managed identity, so select that option. Then hit the + Select members link to open up the search pane.

6. In the search pane, first, select the subscription under which the NannyML Cloud managed application was deployed. In the Managed identity dropdown, select the User-assigned managed identity option. Finally, in the search bar under the Select header, filter for nannyml and select the correct option.

7. Confirm the selected member and hit the Select button.

8. Now click the Review + assign button in the bottom left to create the role assignment.

Setting up the data source in NannyML Cloud

Now you can use the details of the storage container to access your data within NannyML cloud.

1. Set up a new model in NannyML Cloud. Select the Upload via Azure Blob Storage option.

2. Now provide the details about the storage container we've just tweaked the access control for. Note that we don't have to provide any kind of authentication token or key.
3. We now have access to the file!