edit pass: azure-database-for-postgresql-backup

Author: ShawnJackson

articles/backup/backup-azure-database-postgresql-overview.md

@@ -70,7 +70,7 @@ Azure Backup follows strict security guidelines from Azure. Permissions on the r
 
 The Azure Backup service needs to connect to the Azure Database for PostgreSQL server while taking each backup. Although a username and password (or a connection string) that correspond to the database are used to make this connection, these credentials aren't stored with Azure Backup. Instead, the database admin needs to securely seed these credentials in [Azure Key Vault as a secret](/azure/key-vault/secrets/about-secrets).
 
-The workload admin is responsible for managing and rotating credentials. Azure Backup calls for the most recent secret details from Key Vault to take the backup.
+The workload admin is responsible for managing and rotating credentials. Azure Backup calls for the most recent secret details from the key vault to take the backup.
 
 :::image type="content" source="./media/backup-azure-database-postgresql-overview/key-vault-based-authentication-model.png" alt-text="Diagram that shows the workload or database flow.":::
 
@@ -93,7 +93,7 @@ The workload admin is responsible for managing and rotating credentials. Azure B
 
 #### Permissions needed for PostgreSQL database restore
 
-Permissions for restore are similar to the ones that you need for backup. You need to [manually grant the permissions on the target Azure Database for PostgreSQL server and the corresponding key vault](#steps-for-manually-granting-access-on-the-azure-database-for-postgresql-server-and-on-key-vault). Unlike in the [configure backup](backup-azure-database-postgresql.md#configure-a-backup-on-postgresql-databases) flow, the experience to grant these permissions inline is currently not available.
+Permissions for restore are similar to the ones that you need for backup. You need to [manually grant the permissions on the target Azure Database for PostgreSQL server and the corresponding key vault](#steps-for-manually-granting-access-on-the-azure-database-for-postgresql-server-and-on-the-key-vault). Unlike in the [configure backup](backup-azure-database-postgresql.md#configure-a-backup-on-postgresql-databases) flow, the experience to grant these permissions inline is currently not available.
 
 Ensure that the database user (corresponding to the credentials stored in the key vault) has the following restore privileges on the database:
 
@@ -111,11 +111,11 @@ To get an automated script and related instructions to use the Microsoft Entra I
 > [!NOTE]
 > All the newly configured protection takes place with the new Key Vault authentication model only. However, all the existing backup instances with protection configured through Microsoft Entra ID-based authentication will continue to exist and have regular backups taken. To restore these backups, you need to follow the Microsoft Entra ID-based authentication.
 
-## Steps for manually granting access on the Azure Database for PostgreSQL server and on Key Vault
+## Steps for manually granting access on the Azure Database for PostgreSQL server and on the key vault
 
 To grant all the access permissions that Azure Backup needs, use the following steps.
 
-### Access permissions for the Azure Database for PostgreSQL server
+### Access permissions on the Azure Database for PostgreSQL server
 
 1. Set the Azure Backup vault's **Reader** access for the managed identity on the Azure Database for PostgreSQL server.
 
@@ -125,14 +125,14 @@ To grant all the access permissions that Azure Backup needs, use the following s
 
    :::image type="content" source="./media/backup-azure-database-postgresql-overview/network-line-of-sight-access-on-azure-postgresql-server.png" alt-text="Screenshot that shows the option to set network line-of-sight access on an Azure Database for PostgreSQL server." lightbox="./media/backup-azure-database-postgresql-overview/network-line-of-sight-access-on-azure-postgresql-server.png":::
 
-### Access permissions for Key Vault (associated with the Azure Database for PostgreSQL server)
+### Access permissions on the key vault
 
-1. Set the Azure Backup vault's **Key Vault Secrets User** access for the managed identity on Key Vault (**Get** and **List** permissions on secrets). To assign permissions, you can use role assignments or access policies. You don't need to add the permissions by using both options, because it doesn't help.
+1. Set the Azure Backup vault's **Key Vault Secrets User** access for the managed identity on the key vault (**Get** and **List** permissions on secrets). To assign permissions, you can use role assignments or access policies. You don't need to add the permissions by using both options, because it doesn't help.
 
    - To use Azure role-based access control (Azure RBAC) authorization:
 
      1. In **Access policies**, set **Permission model** to **Azure role-based access control**.
-     1. In **Access control (IAM)**, grant the Azure Backup vault's **Key Vault Secrets User** access for the managed identity on Key Vault. Bearers of that role will be able to read secrets.
+     1. In **Access control (IAM)**, grant the Azure Backup vault's **Key Vault Secrets User** access for the managed identity on the key vault. Bearers of that role will be able to read secrets.
 
      For more information, see [Provide access to Key Vault keys, certificates, and secrets with Azure role-based access control](/azure/key-vault/general/rbac-guide?tabs=azure-cli).
 

articles/backup/backup-azure-database-postgresql.md

@@ -55,7 +55,7 @@ You can configure a backup on multiple databases across multiple Azure Database
 
       :::image type="content" source="./media/backup-azure-database-postgresql/enter-secret-uri-inline.png" alt-text="Screenshot that shows how to get a secret U R I." lightbox="./media/backup-azure-database-postgresql/enter-secret-uri-expanded.png":::
 
-      However, with this option, Azure Backup has no visibility into the key vault that you referenced. Access permissions on the key vault can't be granted inline. The backup admin, along with the PostgreSQL and/or key vault admin, needs to ensure that the backup vault's [access on the key vault is granted manually](backup-azure-database-postgresql-overview.md#access-permissions-on-the-azure-key-vault-associated-with-the-postgresql-server) outside the [configure backup](#configure-a-backup-on-postgresql-databases) flow for the backup operation to succeed.
+      However, with this option, Azure Backup has no visibility into the key vault that you referenced. Access permissions on the key vault can't be granted inline. The backup admin, along with the PostgreSQL and/or key vault admin, needs to ensure that the backup vault's [access on the key vault is granted manually](backup-azure-database-postgresql-overview.md#access-permissions-on-the-key-vault) outside the [configure backup](#configure-a-backup-on-postgresql-databases) flow for the backup operation to succeed.
 
    - **Select from key vault**: Use this option if you know the key vault and secret names. Then click **Select a key vault and secret** and enter the details.
 

articles/backup/backup-postgresql-cli.md

@@ -295,7 +295,7 @@ keyURI="https://testkeyvaulteus.vault.azure.net/secrets/ossdbkey"
 
 A backup vault has to connect to the PostgreSQL server and then access the database via the keys present in the key vault. So, it requires access to the PostgreSQL server and the key vault. Access is granted to the backup vault's managed identity.
 
-[Read about the permissions](./backup-azure-database-postgresql-overview.md#set-of-permissions-needed-for-azure-postgresql-database-backup) that you should grant to the backup vault's managed identity on the PostgreSQL server and the key vault that stores the keys to the database.
+[Read about the permissions](./backup-azure-database-postgresql-overview.md#permissions-needed-for-postgresql-database-backup) that you should grant to the backup vault's managed identity on the PostgreSQL server and the key vault that stores the keys to the database.
 
 ### Prepare the request
 

articles/backup/backup-postgresql-ps.md

@@ -238,7 +238,7 @@ $keyURI = "https://testkeyvaulteus.vault.azure.net/secrets/ossdbkey"
 
 You need to connect the backup vault to the PostgreSQL server and then access the database via the keys present in the key vault. Therefore, the backup vault requires access to the PostgreSQL server and the key vault. Access is granted to the backup vault's managed identity.
 
-[Read about the appropriate permissions](./backup-azure-database-postgresql-overview.md#set-of-permissions-needed-for-azure-postgresql-database-backup) that you should grant to the backup vault's managed identity on the PostgreSQL server and Azure Key Vault, where the keys to the database are stored.
+[Read about the appropriate permissions](./backup-azure-database-postgresql-overview.md#permissions-needed-for-postgresql-database-backup) that you should grant to the backup vault's managed identity on the PostgreSQL server and Azure Key Vault, where the keys to the database are stored.
 
 ### Prepare the request
 

articles/backup/restore-azure-database-postgresql.md

@@ -13,7 +13,7 @@ ms.author: jsuri
 
 This article explains how to restore a database to an Azure Database for PostgreSQL server that you backed up by using Azure Backup.
 
-You can restore a database to any Azure Database for PostgreSQL server of a different subscription or the same subscription but within the same region of the vault, if the service has the appropriate [set of permissions](backup-azure-database-postgresql-overview.md#azure-backup-authentication-with-the-postgresql-server) on the target server.
+You can restore a database to any Azure Database for PostgreSQL server of a different subscription or the same subscription but within the same region of the vault, if the service has the appropriate [set of permissions](backup-azure-database-postgresql-overview.md#azure-backup-authentication-with-the-azure-database-for-postgresql-server) on the target server.
 
 ## Restore a PostgreSQL database
 
@@ -41,7 +41,7 @@ You can restore a database to any Azure Database for PostgreSQL server of a diff
 
      1. For **Select key vault to authenticate with target server**, select a vault that stores the credentials to connect to the target server.
 
-     1. Select **Review and restore** to trigger validation that checks if the service has [restore permissions on the target server](backup-azure-database-postgresql-overview.md#set-of-permissions-needed-for-azure-postgresql-database-restore). These permissions must be [granted manually](backup-azure-database-postgresql-overview.md#grant-access-on-the-azure-postgresql-server-and-key-vault-manually).
+     1. Select **Review and restore** to trigger validation that checks if the service has [restore permissions on the target server](backup-azure-database-postgresql-overview.md#permissions-needed-for-postgresql-database-restore). These permissions must be [granted manually](backup-azure-database-postgresql-overview.md#steps-for-manually-granting-access-on-the-azure-database-for-postgresql-server-and-on-the-key-vault).
 
      :::image type="content" source="./media/restore-azure-database-postgresql/restore-as-database-inline.png" alt-text="Screenshot that shows the selected option to restore as a database." lightbox="./media/restore-azure-database-postgresql/restore-as-database-expanded.png":::
 

articles/backup/restore-postgresql-database-cli.md

@@ -23,7 +23,7 @@ The examples in this article refer to an existing backup vault named `TestBkpVau
 
 A backup vault uses a managed identity to access other Azure resources. To restore from a backup, the backup vault's managed identity requires a set of permissions on the Azure Database for PostgreSQL server to which the database should be restored.
 
-To assign the relevant permissions for a vault's system-assigned managed identity on the target PostgreSQL server, see the [set of permissions needed to back up PostgreSQL database](./backup-azure-database-postgresql-overview.md#set-of-permissions-needed-for-azure-postgresql-database-restore).
+To assign the relevant permissions for a vault's system-assigned managed identity on the target PostgreSQL server, see the [set of permissions needed to back up PostgreSQL database](./backup-azure-database-postgresql-overview.md#permissions-needed-for-postgresql-database-restore).
 
 To restore the recovery point as files to a storage account, the [backup vault's system-assigned managed identity needs access on the target storage account](./restore-azure-database-postgresql.md#restore-permissions-on-the-target-storage-account).
 

articles/backup/restore-postgresql-database-ps.md

@@ -27,7 +27,7 @@ $TestBkpVault = Get-AzDataProtectionBackupVault -VaultName TestBkpVault -Resourc
 
 A backup vault uses a managed identity to access other Azure resources. To restore from a backup, the backup vault's managed identity requires a set of permissions on the Azure Database for PostgreSQL server to which the database should be restored.
 
-To assign the relevant permissions for a vault's system-assigned managed identity on the target PostgreSQL server, see the [set of permissions needed to back up a PostgreSQL database](./backup-azure-database-postgresql-overview.md#set-of-permissions-needed-for-azure-postgresql-database-restore).
+To assign the relevant permissions for a vault's system-assigned managed identity on the target PostgreSQL server, see the [set of permissions needed to back up a PostgreSQL database](./backup-azure-database-postgresql-overview.md#permissions-needed-for-postgresql-database-restore).
 
 To restore the recovery point as files to a storage account, the [backup vault's system-assigned managed identity needs access on the target storage account](./restore-azure-database-postgresql.md#restore-permissions-on-the-target-storage-account).
 

articles/backup/restore-postgresql-database-use-rest-api.md

@@ -28,7 +28,7 @@ The examples in this article refer to an existing backup vault named `TestBkpVau
 
 A backup vault uses a managed identity to access other Azure resources. To restore from a backup, a backup vault's managed identity requires a set of permissions on the Azure Database for PostgreSQL server to which the database should be restored.
 
-To assign the relevant permissions for vault's system-assigned managed identity on the target PostgreSQL server, see the [permissions needed to back up a PostgreSQL database](./backup-azure-database-postgresql-overview.md#set-of-permissions-needed-for-azure-postgresql-database-restore).
+To assign the relevant permissions for vault's system-assigned managed identity on the target PostgreSQL server, see the [permissions needed to back up a PostgreSQL database](./backup-azure-database-postgresql-overview.md#permissions-needed-for-postgresql-database-restore).
 
 To restore the recovery point as files to a storage account, the backup vault's system-assigned managed identity needs [access on the target storage account](./restore-azure-database-postgresql.md#restore-permissions-on-the-target-storage-account).