Merge pull request #255857 from RoseHJM/ade-streamlined-attach-3

ADE - streamlined catalog attach - 3

Author: denrea

articles/deployment-environments/how-to-configure-catalog.md

@@ -59,35 +59,53 @@ As a security best practice, if you choose to use user-assigned identities, use
 
 ## Assign a subscription role assignment to the managed identity
 
-The identity that's attached to the dev center in Azure Deployment Environments should be assigned the Owner role for all the deployment subscriptions and the Reader role for all subscriptions that contain the relevant project. When a user creates or deploys an environment, the service grants appropriate access to the deployment identity that's attached to the project environment type. The deployment identity uses the access to perform deployments on behalf of the user. You can use the managed identity to empower developers to create environments without granting them access to the subscription.
+The identity that's attached to the dev center should be assigned the Contributor and User Access Administrator roles for all the deployment subscriptions and the Reader role for all subscriptions that contain the relevant project. When a user creates or deploys an environment, the service grants appropriate access to the deployment identity that's attached to the project environment type. The deployment identity uses the access to perform deployments on behalf of the user. You can use the managed identity to empower developers to create environments without granting them access to the subscription.
 
 ### Add a role assignment to a system-assigned managed identity
 
-1. In the Azure portal, go to your dev center.
+1. In the Azure portal, navigate to your dev center.
 1. On the left menu under **Settings**, select **Identity**.
 1. Under **System assigned** > **Permissions**, select **Azure role assignments**.
 
     :::image type="content" source="./media/configure-managed-identity/system-assigned-azure-role-assignment.png" alt-text="Screenshot that shows the Azure role assignment for system-assigned identity.":::
 
-1. On **Azure role assignments**, select **Add role assignment (Preview)**, and then enter or select the following information:
+1. To give Contributor access to the subscription, select **Add role assignment (Preview)**, enter or select the following information, and then select **Save**:
+    
+    |Name     |Value     |
+    |---------|----------|
+    |**Scope**|Subscription|
+    |**Subscription**|Select the subscription in which to use the managed identity.|
+    |**Role**|Contributor|
 
-    1. For **Scope**, select **Subscription**.
-    1. For **Subscription**, select the subscription in which to use the managed identity.
-    1. For **Role**, select **Owner**.
-    1. Select **Save**.
+1. To give User Access Administrator access to the subscription, select **Add role assignment (Preview)**, enter or select the following information, and then select **Save**:
+
+    |Name     |Value     |
+    |---------|----------|
+    |**Scope**|Subscription|
+    |**Subscription**|Select the subscription in which to use the managed identity.|
+    |**Role**|User Access Administrator|
 
 ### Add a role assignment to a user-assigned managed identity
 
 1. In the Azure portal, go to your dev center.
 1. On the left menu under **Settings**, select **Identity**.
 1. Under **User assigned**, select the identity.
 1. On the left menu, select **Azure role assignments**.
-1. On **Azure role assignments**, select **Add role assignment (Preview)**, and then enter or select the following information:
-
-    1. For **Scope**, select **Subscription**.
-    1. For **Subscription**, select the subscription in which to use the managed identity.
-    1. For **Role**, select **Owner**.
-    1. Select **Save**.
+1. To give Contributor access to the subscription, select **Add role assignment (Preview)**, enter or select the following information, and then select **Save**:
+    
+    |Name     |Value     |
+    |---------|----------|
+    |**Scope**|Subscription|
+    |**Subscription**|Select the subscription in which to use the managed identity.|
+    |**Role**|Contributor|
+
+1. To give User Access Administrator access to the subscription, select **Add role assignment (Preview)**, enter or select the following information, and then select **Save**:
+
+    |Name     |Value     |
+    |---------|----------|
+    |**Scope**|Subscription|
+    |**Subscription**|Select the subscription in which to use the managed identity.|
+    |**Role**|User Access Administrator|
 
 ## Grant the managed identity access to the key vault secret
 

articles/deployment-environments/how-to-configure-managed-identity.md

@@ -153,7 +153,7 @@ To add a catalog to your dev center, you first need to gather some information.
 To add a catalog, you must specify the GitHub repo URL, the branch, and the folder that contains your environment definitions. You can gather this information before you begin the process of adding the catalog to the dev center.
 
 > [!TIP]
-> If you are attaching an Azure DevOps repository, use these steps: [Get the clone URL of an Azure DevOps repository](how-to-configure-catalog.md#get-the-clone-url-of-an-azure-devops-repository).
+> If you are attaching an Azure DevOps repository, use these steps: [Get the clone URL of an Azure DevOps repository](how-to-configure-catalog.md#get-the-clone-url-for-your-azure-devops-repository).
 
 1. On your [GitHub](https://github.com) account page, select **<> Code**, and then select copy.
 1. Take a note of the branch that you're working in.