Update service principal role to AzureML Compute Operator for improved security

[miguelgfierro]

Description

Related Issues

References

Checklist:

• I have followed the contribution guidelines and code style for this project.
• I have added tests covering my contributions.
• I have updated the documentation accordingly.
• I have signed the commits, e.g. git commit -s -m "your commit message".
• This PR is being made to staging branch AND NOT TO main branch.

[miguelgfierro]

Issue #2170

[miguelgfierro]

We added the reader role to the SP and tried again to run the tests: https://github.com/recommenders-team/recommenders/actions/runs/10996608019

We got a new error:

File "/opt/hostedtoolcache/Python/3.10.15/x64/lib/python3.10/site-packages/azure/ai/ml/_telemetry/activity.py", line 292, in wrapper
      return f(*args, **kwargs)
    File "/opt/hostedtoolcache/Python/3.10.15/x64/lib/python3.10/site-packages/azure/ai/ml/operations/_environment_operations.py", line 205, in create_or_update
      raise ex
    File "/opt/hostedtoolcache/Python/3.10.15/x64/lib/python3.10/site-packages/azure/ai/ml/operations/_environment_operations.py", line 1[89](https://github.com/recommenders-team/recommenders/actions/runs/10996608019/job/30530173646#step:3:95), in create_or_update
      else self._version_operations.create_or_update(
    File "/opt/hostedtoolcache/Python/3.10.15/x64/lib/python3.10/site-packages/azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
      return func(*args, **kwargs)
    File "/opt/hostedtoolcache/Python/3.10.15/x64/lib/python3.10/site-packages/azure/ai/ml/_restclient/v2023_04_01_preview/operations/_environment_versions_operations.py", line 546, in create_or_update
      raise HttpResponseError(response=response, model=error, error_format=ARMErrorFormat)
  azure.core.exceptions.HttpResponseError: (AuthorizationFailed) The client 'e4d8d62a-df42-4e04-9741-d9ab05ba6ab6' with object id 'e4d8d62a-df42-4e04-9741-d9ab05ba6ab6' does not have authorization to perform action 'Microsoft.MachineLearningServices/workspaces/environments/versions/write' over scope '/subscriptions/***/resourceGroups/recommenders_project_resources/providers/Microsoft.MachineLearningServices/workspaces/azureml-test-workspace/environments/recommenders-83ebb5cbb[96](https://github.com/recommenders-team/recommenders/actions/runs/10996608019/job/30530173646#step:3:102)6c4c7cab1c7e45defaf84578dc03f-python3_10-spark/versions/3' or the scope is invalid. If access was recently granted, please refresh your credentials.
  Code: AuthorizationFailed
  Message: The client 'e4d8d62a-df42-4e04-[97](https://github.com/recommenders-team/recommenders/actions/runs/10996608019/job/30530173646#step:3:103)41-d9ab05ba6ab6' with object id 'e4d8d62a-df42-4e04-9741-d9ab05ba6ab6' does not have authorization to perform action 'Microsoft.MachineLearningServices/workspaces/environments/versions/write' over scope '/subscriptions/***/resourceGroups/recommenders_project_resources/providers/Microsoft.MachineLearningServices/workspaces/azureml-test-workspace/environments/recommenders-83ebb5cbb966c4c7cab1c7e45defaf84578dc03f-python3_10-spark/versions/3' or the scope is invalid. If access was recently granted, please refresh your credentials.

We tried to also add AzureML Data Scientist. Testing: https://github.com/recommenders-team/recommenders/actions/runs/10996798072/job/30530817759

[anargyri]

Some documentation on the roles https://learn.microsoft.com/en-us/azure/machine-learning/how-to-assign-roles?view=azureml-api-2&tabs=team-lead#default-roles

[miguelgfierro]

Everything worked. Merging.