Merge pull request #106718 from weixian-zhang/patch-1

Jak-MS · web-flow · commit 548f53d115ae · 2023-03-16T13:47:03.000-07:00
docs(rbac-permissions.md): Include RBAC and permissions for Private Endpoint Approval
diff --git a/articles/private-link/rbac-permissions.md b/articles/private-link/rbac-permissions.md
@@ -129,6 +129,16 @@ This section lists the granular permissions required to deploy a private link se
 }
 ```
 
+## Approval RBAC for private endpoint
+
+Typically, a network administrator creates a private endpoint. Depending on your Azure role-based access control (RBAC) permissions, a private endpoint that you create is either *automatically approved* to send traffic to the API Management instance, or requires the resource owner to *manually approve* the connection.
+
+
+|Approval method     |Minimum RBAC permissions  |
+|---------|---------|
+|Automatic     | `Microsoft.Network/virtualNetworks/**`<br/>`Microsoft.Network/virtualNetworks/subnets/**`<br/>`Microsoft.Network/privateEndpoints/**`<br/>`Microsoft.Network/networkinterfaces/**`<br/>`Microsoft.Network/locations/availablePrivateEndpointTypes/read`<br/>`Microsoft.ApiManagement/service/**`<br/>`Microsoft.ApiManagement/service/privateEndpointConnections/**`        |
+|Manual     | `Microsoft.Network/virtualNetworks/**`<br/>`Microsoft.Network/virtualNetworks/subnets/**`<br/>`Microsoft.Network/privateEndpoints/**`<br/>`Microsoft.Network/networkinterfaces/**`<br/>`Microsoft.Network/locations/availablePrivateEndpointTypes/read`           |
+
 ## Next steps
 
 For more information on private endpoint and private link services in Azure Private link, see:
