Merge pull request #76624 from zhenlan/patch-20

ktoliver · web-flow · commit 5b9253f68264 · 2021-06-11T09:38:36.000-07:00
Update concept-enable-rbac.md
diff --git a/articles/azure-app-configuration/concept-enable-rbac.md b/articles/azure-app-configuration/concept-enable-rbac.md
@@ -23,14 +23,14 @@ The authorization step requires that one or more Azure roles be assigned to the
 ## Assign Azure roles for access rights
 Azure Active Directory (Azure AD) authorizes access rights to secured resources through [Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md).
 
-When an Azure role is assigned to an Azure AD security principal, Azure grants access to those resources for that security principal. Access is scoped to the App Configuration resource. An Azure AD security principal may be a user, or an application service principal, or a [managed identity for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
+When an Azure role is assigned to an Azure AD security principal, Azure grants access to those resources for that security principal. Access is scoped to the App Configuration resource. An Azure AD security principal may be a user, a group, an application service principal, or a [managed identity for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
 
 ## Azure built-in roles for Azure App Configuration
-Azure provides the following Azure built-in roles for authorizing access to App Configuration data using Azure AD and OAuth:
+Azure provides the following Azure built-in roles for authorizing access to App Configuration data using Azure AD:
 
 - **App Configuration Data Owner**: Use this role to give read/write/delete access to App Configuration data. This does not grant access to the App Configuration resource.
 - **App Configuration Data Reader**: Use this role to give read access to App Configuration data. This does not grant access to the App Configuration resource.
-- **Contributor**: Use this role to manage the App Configuration resource. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD.
+- **Contributor** or **Owner**: Use this role to manage the App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role does not grant direct access to the data using Azure AD.
 - **Reader**: Use this role to give read access to the App Configuration resource. This does not grant access to the resource's access keys, nor to the data stored in App Configuration.
 
 > [!NOTE]
