add an action for NSG flow logs

halkazwini · halkazwini · commit 3fa92b3fe97b · 2024-09-23T16:52:37.000-05:00
diff --git a/articles/network-watcher/required-rbac-permissions.md b/articles/network-watcher/required-rbac-permissions.md
@@ -6,7 +6,7 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: azure-network-watcher
 ms.topic: concept-article
-ms.date: 05/09/2024
+ms.date: 09/23/2024
 
 #CustomerIntent: As an Azure administrator, I want to know the required Azure role-based access control (Azure RBAC) permissions to use each of the Network Watcher capabilities, so I can assign them correctly to users using any of those capabilities.
 ---
@@ -48,12 +48,14 @@ Azure role-based access control (Azure RBAC) enables you to assign only the spec
 > | ---------                                                           | -------------------------------------------------------------- |
 > | Microsoft.Network/networkWatchers/configureFlowLog/action           | Configure a flow Log                                           |
 > | Microsoft.Network/networkWatchers/queryFlowLogStatus/action         | Query status for a flow log                                    |
-> | Microsoft.Network/networkSecurityGroups/write                       | Creates a network security group or updates an existing network security group |
+> | Microsoft.Network/networkSecurityGroups/write <sup>1</sup>          | Creates a network security group or updates an existing network security group |
 Microsoft.Storage/storageAccounts/listServiceSas/Action, </br> Microsoft.Storage/storageAccounts/listAccountSas/Action, <br> Microsoft.Storage/storageAccounts/listKeys/Action | Fetch shared access signatures (SAS) enabling [secure access to storage account](../storage/common/storage-sas-overview.md?toc=/azure/network-watcher/toc.json) and write to the storage account |
 
+<sup>1</sup> Only required with NSG flow logs.
+
 ## Traffic analytics
 
-Since traffic analytics is enabled as part of the Flow log resource, the following permissions are required in addition to all the required permissions for [Flow logs](#flow-logs):
+Since traffic analytics is enabled as part of the flow log resource, the following permissions are required in addition to all the required permissions for [Flow logs](#flow-logs):
 
 > [!div class="mx-tableFixed"]
 > | Action                                                              | Description                                                    |
