Fixes

Author: jonburchel

articles/ai-foundry/concepts/disable-preview-features-with-rbac.md

@@ -87,13 +87,13 @@ Use this matrix to determine which data actions to include (enable) or exclude (
 
 | Feature | To ENABLE (include all these dataActions) | To DISABLE (ensure none of these are granted) |
 |---------|-------------------------------------------|-----------------------------------------------|
-| Agents (Foundry agent service)<br>@Hemant ✅ | `Microsoft.CognitiveServices/accounts/AIServices/agents/read`<br>`Microsoft.CognitiveServices/accounts/AIServices/agents/write`<br>`Microsoft.CognitiveServices/accounts/AIServices/agents/delete` | Exclude all three agent actions (or add the wildcard `Microsoft.CognitiveServices/accounts/AIServices/agents/*` to NotActions). |
-| Content Understanding (Multi-Modal Intelligence)<br>@Kate Browne 🟨 | `Microsoft.CognitiveServices/accounts/MultiModalIntelligence/analyzers/read`<br>`.../analyzers/write`<br>`.../analyzers/delete`<br>`Microsoft.CognitiveServices/accounts/MultiModalIntelligence/classifiers/read`<br>`.../classifiers/write`<br>`.../classifiers/delete`<br>`Microsoft.CognitiveServices/accounts/MultiModalIntelligence/batchAnalysisJobs/*`<br>Optional: any `/labelingProjects` trees your teams use* | Exclude every action beginning `Microsoft.CognitiveServices/accounts/MultiModalIntelligence/` |
-| Assistants (Azure OpenAI Assistants API)<br>@salman 🟨 | `Microsoft.CognitiveServices/accounts/OpenAI/assistants/*` (read, write, delete + children)<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/files/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/messages/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/*` | Remove every action starting `Microsoft.CognitiveServices/accounts/OpenAI/assistants/` |
-| Fine-tuning<br>@Prakhar ✅ | `Microsoft.CognitiveServices/accounts/OpenAI/fine-tunes/read`<br>`.../fine-tunes/write`<br>`.../fine-tunes/delete`<br>Optional (RLHF): `Microsoft.CognitiveServices/accounts/OpenAI/1p-jobs/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/fine-tunes/files/*`<br>`.../fine-tunes/uploads/*`<br>`.../fine-tunes/stored-completions/*`<br>`.../fine-tunes/evals/*`<br>`.../fine-tunes/models/*` | Remove all `Microsoft.CognitiveServices/accounts/OpenAI/fine-tunes/*` (and any `.../1p-jobs/*` if present). |
-| Tracing / Telemetry (Azure Monitor reads)<br>@Sebastian Kohlmeier Han ✅ | `Microsoft.Insights/alertRules/read`<br>`Microsoft.Insights/diagnosticSettings/read`<br>`Microsoft.Insights/logDefinitions/read`<br>`Microsoft.Insights/metricdefinitions/read`<br>`Microsoft.Insights/metrics/read` | Omit the Azure Monitor read actions (or list them in NotActions). |
-| Risk + Alerts (Content Safety)<br>Ken Archer / Ying ✅ | `Microsoft.CognitiveServices/accounts/ContentSafety/*` — at minimum:<br>…`Analyze Text`<br>…`Analyze Image`<br>…`Analyze Protected Material`<br>…`Unified Analyze` | Exclude every action starting `Microsoft.CognitiveServices/accounts/ContentSafety/` and avoid assigning any role on the Content Safety resource. |
-| Governance (Foundry management center)<br>@Xi | `Microsoft.CognitiveServices/accounts/write`<br>`Microsoft.CognitiveServices/accounts/delete`<br>Plus any required VNet / Private Endpoint / Key Vault reference writes you govern. | Grant only `Microsoft.CognitiveServices/accounts/read` and remove any write/delete actions on the account resource. |
+| Agents (Foundry agent service) | `Microsoft.CognitiveServices/accounts/AIServices/agents/read`<br>`Microsoft.CognitiveServices/accounts/AIServices/agents/write`<br>`Microsoft.CognitiveServices/accounts/AIServices/agents/delete` | Exclude all three agent actions (or add the wildcard `Microsoft.CognitiveServices/accounts/AIServices/agents/*` to NotActions). |
+| Content Understanding (Multi-Modal Intelligence) | `Microsoft.CognitiveServices/accounts/MultiModalIntelligence/analyzers/read`<br>&nbsp;&nbsp;&nbsp;`.../analyzers/write`<br>&nbsp;&nbsp;&nbsp;`.../analyzers/delete`<br>`Microsoft.CognitiveServices/accounts/MultiModalIntelligence/classifiers/read`<br>&nbsp;&nbsp;&nbsp;`.../classifiers/write`<br>&nbsp;&nbsp;&nbsp;`.../classifiers/delete`<br>`Microsoft.CognitiveServices/accounts/MultiModalIntelligence/batchAnalysisJobs/*`<br>Optional: any `/labelingProjects` trees your teams use* | Exclude every action beginning `Microsoft.CognitiveServices/accounts/MultiModalIntelligence/` |
+| Assistants (Azure OpenAI Assistants API) | `Microsoft.CognitiveServices/accounts/OpenAI/assistants/*` (read, write, delete + children)<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/files/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/messages/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/assistants/vector_stores/*` | Remove every action starting `Microsoft.CognitiveServices/accounts/OpenAI/assistants/` |
+| Fine-tuning | `Microsoft.CognitiveServices/accounts/OpenAI/fine-tunes/read`<br>&nbsp;&nbsp;&nbsp;`.../fine-tunes/write`<br>&nbsp;&nbsp;&nbsp;`.../fine-tunes/delete`<br>Optional (RLHF): `Microsoft.CognitiveServices/accounts/OpenAI/1p-jobs/*`<br>`Microsoft.CognitiveServices/accounts/OpenAI/fine-tunes/files/*`<br>`.../fine-tunes/uploads/*`<br>&nbsp;&nbsp;&nbsp;`.../fine-tunes/stored-completions/*`<br>&nbsp;&nbsp;&nbsp;`.../fine-tunes/evals/*`<br>&nbsp;&nbsp;&nbsp;`.../fine-tunes/models/*` | Remove all `Microsoft.CognitiveServices/accounts/OpenAI/fine-tunes/*` (and any `.../1p-jobs/*` if present). |
+| Tracing / Telemetry (Azure Monitor reads) | `Microsoft.Insights/alertRules/read`<br>`Microsoft.Insights/diagnosticSettings/read`<br>`Microsoft.Insights/logDefinitions/read`<br>`Microsoft.Insights/metricdefinitions/read`<br>`Microsoft.Insights/metrics/read` | Omit the Azure Monitor read actions (or list them in NotActions). |
+| Risk + Alerts (Content Safety) | `Microsoft.CognitiveServices/accounts/ContentSafety/*` - at minimum:<br>&nbsp;&nbsp;&nbsp;`.../Analyze Text`<br>&nbsp;&nbsp;&nbsp;`.../Analyze Image`<br>&nbsp;&nbsp;&nbsp;`.../Analyze Protected Material`<br>&nbsp;&nbsp;&nbsp;`.../Unified Analyze` | Exclude every action starting `Microsoft.CognitiveServices/accounts/ContentSafety/` and avoid assigning any role on the Content Safety resource. |
+| Governance (Foundry management center) | `Microsoft.CognitiveServices/accounts/write`<br>`Microsoft.CognitiveServices/accounts/delete`<br>Plus any required VNet / Private Endpoint / Key Vault reference writes you govern. | Grant only `Microsoft.CognitiveServices/accounts/read` and remove any write/delete actions on the account resource. |
 
 *Optional labeling projects: include only if teams label documents inside Foundry.