Roll back bug errors

ShawnJackson · web-flow · commit 2f9ca1486c06 · 2025-04-09T15:36:50.000-05:00
diff --git a/articles/backup/backup-azure-database-postgresql.md b/articles/backup/backup-azure-database-postgresql.md
@@ -40,7 +40,8 @@ You can configure a backup on multiple PostgreSQL databases across multiple Azur
 
    > [!NOTE]
    > You don't need to back up the databases **azure_maintenance** and **azure_sys**. Additionally, you can't back up a database that's already backed up to a Backup vault.
-
+
+
 
    >
    > You can back up private endpoint-enabled Azure Database for PostgreSQL servers by allowing trusted Microsoft services in the network settings.
@@ -54,11 +55,12 @@ You can configure a backup on multiple PostgreSQL databases across multiple Azur
 1. To specify the secret information, use one of the following options:
 
    - **Enter secret URI**: Use this option if the secret URI is shared or known to you. You can get the secret URI from the key vault by selecting a secret and then copying the **Secret Identifier** value.
-
+
       :::image type="content" source="./media/backup-azure-database-postgresql/enter-secret-uri-inline.png" alt-text="Screenshot that shows how to get a secret U R I." lightbox="./media/backup-azure-database-postgresql/enter-secret-uri-expanded.png":::
-      However, with this option, Azure Backup has no visibility into the key vault that you referenced. Access permissions on the key vault can't be granted inline. For the backup operation to succeed, the backup admin, along with the PostgreSQL and/or key vault admin, needs to ensure that the Backup vault's [access on the key vault is granted manually](backup-azure-database-postgresql-overview.md#access-permissions-on-the-key-vault) outside the [configure backup](#configure-a-backup-on-postgresql-databases) flow.
+
       However, with this option, Azure Backup has no visibility into the key vault that you referenced. Access permissions on the key vault can't be granted inline. For the backup operation to succeed, the backup admin, along with the PostgreSQL and/or key vault admin, needs to ensure that the Backup vault's [access on the key vault is granted manually](backup-azure-database-postgresql-overview.md#access-permissions-on-the-key-vault) outside the [configure backup](#configure-a-backup-on-postgresql-databases) flow.
-
+
+
 
 
    - **Select from key vault**: Use this option if you know the key vault and secret names. Then click **Select a key vault and secret** and enter the details.
@@ -75,35 +77,39 @@ You can configure a backup on multiple PostgreSQL databases across multiple Azur
 
    The Azure Backup service validates that it has all the necessary [access permissions](backup-azure-database-postgresql-overview.md#key-vault-based-authentication-model) to read secret details from the key vault and connect to the database. During this process, the status of the chosen data sources on the **Configure Backup** pane appears as **Validating**.
 
-   :::image type="content" source="./media/backup-azure-database-postgresql/validation-of-secret-inline.png" alt-text="Screenshot that shows the in-progress validation of secrets." lightbox="./media/backup-azure-database-postgresql/validation-of-secret-expanded.png":::
-
-   If one or more access permissions are missing, the service displays one of the following error messages:
+   - **User cannot assign roles**: This message appears when you (as the backup admin) don't have the write access on the Azure Database for PostgreSQL server and/or key vault to assign missing permissions as listed under **View details**.
 
      Download the assignment template by selecting the **Download role assignment template** button on the action menu, and then have the PostgreSQL and/or key vault admin run it. It's an Azure Resource Manager template that helps you assign the necessary permissions on the required resources.
 
+     Download the assignment template by selecting the **Download role assignment template** button on the action menu, and then have the PostgreSQL and/or key vault admin run it. It's an Azure Resource Manager template that helps you assign the necessary permissions on the required resources.
+
+
      Download the assignment template from by selecting the **Download role assignment template** button on the action menu, and then have the PostgreSQL and/or key vault admin run it. It's an Azure Resource Manager template that helps you assign the necessary permissions on the required resources.
 
      :::image type="content" source="./media/backup-azure-database-postgresql/download-role-assignment-template-inline.png" alt-text="Screenshot that shows the option to download a role assignment template." lightbox="./media/backup-azure-database-postgresql/download-role-assignment-template-expanded.png":::
-
+     :::image type="content" source="./media/backup-azure-database-postgresql/role-assignment-not-done-inline.png" alt-text="Screenshot that shows the error about the role assignment not done." lightbox="./media/backup-azure-database-postgresql/role-assignment-not-done-expanded.png":::
       After the template is run successfully, select **Re-validate** on the **Configure Backup** pane.
-
    - **Role assignment not done**: This message appears when you (as the backup admin) have write access on the Azure Database for PostgreSQL server and/or key vault to assign missing permissions as listed under **View details**. Use the **Assign missing roles** button on the action menu to grant permissions on the Azure Database for PostgreSQL server and/or the key vault inline.
 
-1. Select **Assign missing roles** on the action menu and assign roles. After the process starts, the [missing access permissions](backup-azure-database-postgresql-overview.md#azure-backup-authentication-with-the-postgresql-server) on the key vault and/or the Azure Database for PostgreSQL server are granted to the Backup vault. In the **Scope** area, you can define the scope at which the access permissions should be granted. When the action is complete, revalidation starts.
+1. Select **Assign missing roles** on the action menu and assign roles. After the process starts, the [missing access permissions](backup-azure-database-postgresql-overview.md#azure-backup-authentication-with-the-postgresql-server) on the key vault and/or the Azure Database for PostgreSQL server are granted to the Backup vault. In the **Scope** area, you can define the scope at which the access permissions should be granted. When the action is complete, revalidation starts.
 
 
-1. Select **Assign missing roles** on the action menu and assign roles. After the process starts, the [missing access permissions](backup-azure-database-postgresql-overview.md#azure-backup-authentication-with-the-postgresql-server) on the key vault and/or the Azure Database for PostgreSQL server are granted to the Backup vault. In the **Scope** area, you can define the scope at which the access permissions should be granted. When the action is complete, revalidation starts.
 
+1. Select **Assign missing roles** on the action menu and assign roles. After the process starts, the [missing access permissions](backup-azure-database-postgresql-overview.md#azure-backup-authentication-with-the-postgresql-server) on the key vault and/or the Azure Database for PostgreSQL server are granted to the Backup vault. In the **Scope** area, you can define the scope at which the access permissions should be granted. When the action is complete, revalidation starts.
 
    :::image type="content" source="./media/backup-azure-database-postgresql/assign-missing-roles-inline.png" alt-text="Screenshot that shows the button for assigning missing roles." lightbox="./media/backup-azure-database-postgresql/assign-missing-roles-expanded.png":::
-   The Backup vault accesses secrets from the key vault and runs a test connection to the database to validate that the credentials were entered correctly. The privileges of the database user are also checked to see [if the database user has backup-related permissions on the database](backup-azure-database-postgresql-overview.md#database-users-backup-privileges-on-the-database).
-   :::image type="content" source="./media/backup-azure-database-postgresql/define-scope-of-access-permission-inline.png" alt-text="Screenshot that shows the box for defining the scope of access permissions." lightbox="./media/backup-azure-database-postgresql/define-scope-of-access-permission-expanded.png":::
 
 
+   :::image type="content" source="./media/backup-azure-database-postgresql/define-scope-of-access-permission-inline.png" alt-text="Screenshot that shows the box for defining the scope of access permissions." lightbox="./media/backup-azure-database-postgresql/define-scope-of-access-permission-expanded.png":::
+
+
+
    The Backup vault accesses secrets from the key vault and runs a test connection to the database to validate that the credentials were entered correctly. The privileges of the database user are also checked to see [if the database user has backup-related permissions on the database](backup-azure-database-postgresql-overview.md#database-users-backup-privileges-on-the-database).
-   :::image type="content" source="./media/backup-azure-database-postgresql/backup-vault-accesses-secrets-inline.png" alt-text="Screenshot that shows a Backup vault accessing secrets from a key vault." lightbox="./media/backup-azure-database-postgresql/backup-vault-accesses-secrets-expanded.png":::
+   :::image type="content" source="./media/backup-azure-database-postgresql/backup-vault-accesses-secrets-inline.png" alt-text="Screenshot that shows a Backup vault accessing secrets from a key vault." lightbox="./media/backup-azure-database-postgresql/backup-vault-accesses-secrets-expanded.png":::
+
+
+
 
-
    If a low-privileged user doesn't have backup/restore permissions on the database, the validations fail. A PowerShell script is dynamically generated for each record or selected database. [Run the PowerShell script to grant these privileges to the database user on the database](#create-a-secret-in-the-key-vault). Alternatively, you can assign these privileges by using the pgAdmin or PSQL tool.
 
    :::image type="content" source="./media/backup-azure-database-postgresql/backup-vault-accesses-secrets-inline.png" alt-text="Screenshot that shows a Backup vault accessing secrets from a key vault." lightbox="./media/backup-azure-database-postgresql/backup-vault-accesses-secrets-expanded.png":::
