Updating format for clarity

whhender · web-flow · commit 540ef379b874 · 2025-07-29T14:17:51.000-04:00
diff --git a/articles/data-factory/concepts-roles-permissions.md b/articles/data-factory/concepts-roles-permissions.md
@@ -12,34 +12,36 @@ ms.author: abnarain
 
 [!INCLUDE[appliesto-adf-xxx-md](includes/appliesto-adf-xxx-md.md)]
 
+Most roles needed for Azure Data Factory are some of the standard [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference): Owner, Contributor, Reader, etc.
 
-This article describes the roles required to create and manage Azure Data Factory resources, and the permissions granted by the Data Factory Contributor role.
+Though there is one special Azure Data Factory role: **Data Factory Contributor**
 
-## Roles and requirements
+This article explains what permissions are needed to perform actions in Azure Data Factory, what capabilities the **Data Factory Contributor** role has, and how to set up permissions.
 
-Most roles needed for Azure Data Factory are some of the standard Azure roles, though there is one special Azure Data Factory role: **Data Factory Contributor**
+## Permissions to create Data Factory instances
 
-**To create Data Factory instances**, the user account that you use to sign in to Azure must be a member of the *contributor* role, the *owner* role, or an *administrator* of the Azure subscription. To view the permissions that you have in the subscription, in the Azure portal, select your username in the upper-right corner, and then select **My permissions**. If you have access to multiple subscriptions, select the appropriate subscription.
+**To create Data Factory instances**, the user account that you use to sign in to Azure must be a member of the *contributor* role, the *owner* role, or an *administrator* of the Azure subscription. 
 
-**To create and manage child resources for Data Factory** - including datasets, linked services, pipelines, triggers, and integration runtimes - the following requirements are applicable:
-- To create and manage child resources in the Azure portal, you must belong to the **Data Factory Contributor** role at the **Resource Group** level or above.
+To view the permissions that you have in the subscription, in the Azure portal, select your username in the upper-right corner, and then select **My permissions**. If you have access to multiple subscriptions, select the appropriate subscription.
+
+## Permissions to create and manage resources within Data Factory
+
+- **To create and manage child resources in the Data Factory portal** - including datasets, linked services, pipelines, triggers, and integration runtimes you need **Data Factory Contributor** OR [**Microsoft Entra ID Contributor**](../role-based-access-control/built-in-roles.md#contributor) permissions at the **Resource Group** level or above.
   
   > [!NOTE]
-  > If you already assigned the **Contributor** role at the **Resource Group** level or above, you do not need the **Data Factory Contributor** role. The [Contributor role](../role-based-access-control/built-in-roles.md#contributor) is a superset role that includes all permissions granted to the [Data Factory Contributor role](../role-based-access-control/built-in-roles.md#data-factory-contributor).
-
-- To create and manage child resources with PowerShell or the SDK, the **contributor** role at the resource level or above is sufficient.
+  > If you already assigned the **Contributor** role at the **Resource Group** level or above, you do not need the **Data Factory Contributor** role. The [Contributor role](../role-based-access-control/built-in-roles.md#contributor) is a superset role that includes all permissions of the [Data Factory Contributor role](../role-based-access-control/built-in-roles.md#data-factory-contributor).
 
-For sample instructions about how to add a user to a role, see the [Add roles](../cost-management-billing/manage/add-change-subscription-administrator.md) article.
+For sample instructions about how to add a user to a Microsoft Entra ID role, see the [Add roles](/entra/identity/role-based-access-control/manage-roles-portal?tabs=admin-center) article.
 
-## Set up permissions
+## Permissions to manage permissions within Data Factory
 
-After you create a Data Factory, you may want to let other users work with the data factory. To give this access to other users, you have to add them to the built-in **Data Factory Contributor** role on the **Resource Group** that contains the Data Factory.
+To give this access to other users, you need **Data Factory Contributor** permissions on the **Resource Group** that contains the Data Factory.
 
-### Scope of the Data Factory Contributor role
+## Scope of the Data Factory Contributor role
 
 Membership of the **Data Factory Contributor** role lets users do the following things:
 - Create, edit, and delete data factories and child resources including datasets, linked services, pipelines, triggers, and integration runtimes.
-- Deploy Resource Manager templates. Resource Manager deployment is the deployment method used by Data Factory in the Azure portal.
+- [Deploy Resource Manager templates.](#resource-manager-template-deployment) Resource Manager deployment is the deployment method used by Data Factory in the Azure portal.
 - Manage App Insights alerts for a data factory.
 - Create support tickets.
 
@@ -51,15 +53,14 @@ The **Data Factory Contributor** role, at the resource group level or above, let
 
 Permissions on Azure Repos and GitHub are independent of Data Factory permissions. As a result, a user with repo permissions who is only a member of the Reader role can edit Data Factory child resources and commit changes to the repo, but can't publish these changes.
 
-
 > [!IMPORTANT]
 > Resource Manager template deployment with the **Data Factory Contributor** role does not elevate your permissions. For example, if you deploy a template that creates an Azure virtual machine, and you don't have permission to create virtual machines, the deployment fails with an authorization error.
 
    In publish context, **Microsoft.DataFactory/factories/write** permission applies to following modes.
 - That permission is only required in Live mode when the customer modifies the global parameters.
 - That permission is always required in Git mode since every time after the customer publishes, the factory object with the last commit ID needs to be updated.
 
-### Custom scenarios and custom roles
+## Custom scenarios and custom roles
 
 Sometimes you may need to grant different access levels for different data factory users. For example:
 - You may need a group where users only have permissions on a specific data factory.
@@ -96,5 +97,4 @@ Here are a few examples that demonstrate what you can achieve with custom roles:
 ## Related content
 
 - Learn more about roles in Azure - [Understand role definitions](../role-based-access-control/role-definitions.md)
-
 - Learn more about the **Data Factory contributor** role - [Data Factory Contributor role](../role-based-access-control/built-in-roles.md#data-factory-contributor).
