Merge pull request #441 from iyangchen/patch-1

Court72 · web-flow · commit 409880f2d76d · 2025-06-13T14:32:38.000-06:00
Update RBAC requirements
diff --git a/articles/machine-learning/how-to-assign-roles.md b/articles/machine-learning/how-to-assign-roles.md
@@ -289,6 +289,10 @@ The following table is a summary of Azure Machine Learning activities and the pe
 
 3. These scenarios don't include the permissions needed to create workspace dependent resources. For more information, see the write permissions for [Storage](https://learn.microsoft.com/azure/role-based-access-control/permissions/storage#microsoftstorage), [OperationalInsights](https://learn.microsoft.com/azure/role-based-access-control/permissions/monitor#microsoftoperationalinsights), [Key Vault](https://learn.microsoft.com/azure/role-based-access-control/permissions/security#microsoftkeyvault) and [Container Registry](https://learn.microsoft.com/azure/role-based-access-control/permissions/containers#microsoftcontainerregistry).
 
+4. When attaching user-managed identities, you also need to have `Microsoft.ManagedIdentity/userAssignedIdentities/assign/action` permission on the identities. For more information, see [Azure built-in roles for Identity](/azure/role-based-access-control/built-in-roles/identity).
+
+5. When specifying a serverless compute custom subnet, you also need to have `Microsoft.Network/virtualNetworks/subnets/join/action` on the virtual network. For more information, see [Azure permissions for Networking](/azure/role-based-access-control/permissions/networking).
+
 ###  Deploy into a virtual network or subnet
 
 [!INCLUDE [network-rbac](includes/network-rbac.md)]
