Update RBAC role assignment steps - batch 23

Author: dksimpson

articles/automanage/repair-automanage-account.md

@@ -5,7 +5,7 @@ ms.service: automanage
 ms.workload: infrastructure
 ms.topic: conceptual
 ms.date: 11/05/2020
-ms.custom: devx-track-azurepowershell, devx-track-azurecli
+ms.custom: devx-track-azurepowershell, devx-track-azurecli, subject-rbac-steps
 ---
 
 # Repair an Automanage Account
@@ -65,12 +65,24 @@ If you're using an ARM template or the Azure CLI, you'll need the Principal ID (
 - Azure portal: Go to **Azure Active Directory** and search for your Automanage Account by name. Under **Enterprise Applications**, select the Automanage Account name when it appears.
 
 ### Azure portal
+
 1. Under **Subscriptions**, go to the subscription that contains your automanaged VMs.
-1. Go to **Access control (IAM)**.
-1. Select **Add role assignments**.
-1. Select the **Contributor** role and enter the name of your Automanage Account.
-1. Select **Save**.
-1. Repeat steps 3 through 5, this time with the **Resource Policy Contributor** role.
+
+1. Select **Access control (IAM)**.
+
+1. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
+
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
+
+    | Setting | Value |
+    | --- | --- |
+    | Role | Contributor |
+    | Assign access to | User, group, or service principal |
+    | Members | <Name of your Automanage account> |
+
+    ![Add role assignment page in Azure portal.](../../includes/role-based-access-control/media/add-role-assignment-page.png)
+
+1. Repeat steps 2 through 4, and then select the **Resource Policy Contributor** role.
 
 ### ARM template
 Run the following ARM template. You'll need the Principal ID of your Automanage Account. The steps to get it are at the start of this section. Enter the ID when you're prompted.

articles/automation/automation-role-based-access-control.md

@@ -5,7 +5,7 @@ services: automation
 ms.subservice: shared-capabilities
 ms.date: 09/10/2021
 ms.topic: how-to 
-ms.custom: devx-track-azurepowershell
+ms.custom: devx-track-azurepowershell, subject-rbac-steps
 #Customer intent: As an administrator, I want to understand permissions so that I use the least necessary set of permissions.
 ---
 
@@ -328,42 +328,26 @@ The following section shows you how to configure Azure RBAC on your Automation a
 
 ### Configure Azure RBAC using the Azure portal
 
-1. Log in to the [Azure portal](https://portal.azure.com/) and open your Automation account from the Automation Accounts page.
-2. Click on **Access control (IAM)** to open the Access control (IAM) page. You can use this page to add new users, groups, and applications to manage your Automation account and view existing roles that are configurable for the Automation account.
-3. Click the **Role assignments** tab.
+1. Sign in to the [Azure portal](https://portal.azure.com/) and open your Automation account from the **Automation Accounts** page.
 
-   ![Access button](media/automation-role-based-access-control/automation-01-access-button.png)
+1. Select **Access control (IAM)**. Select a role from the list of available roles. You can choose any of the available built-in roles that an Automation account supports or any custom role you may have defined. Assign the role to a user to which you want to give permissions.
 
-#### Add a new user and assign a role
+   For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
 
-1. From the Access control (IAM) page, click **+ Add role assignment**. This action opens the Add role assignment page where you can add a user, group, or application, and assign a corresponding role.
-
-2. Select a role from the list of available roles. You can choose any of the available built-in roles that an Automation account supports or any custom role you may have defined.
-
-3. Type the name of the user that you want to give permissions to in the **Select** field. Choose the user from the list and click **Save**.
-
-   ![Add users](media/automation-role-based-access-control/automation-04-add-users.png)
-
-   Now you should see the user added to the Users page, with the selected role assigned.
-
-   ![List users](media/automation-role-based-access-control/automation-05-list-users.png)
-
-   You can also assign a role to the user from the Roles page.
+   > [!NOTE]
+   > You can only set role-based access control at the Automation account scope and not at any resource below the Automation account.
 
-4. Click **Roles** from the Access control (IAM) page to open the Roles page. You can view the name of the role and the number of users and groups assigned to that role.
+#### Remove role assignments from a user
 
-    ![Assign role from users page](media/automation-role-based-access-control/automation-06-assign-role-from-users-blade.png)
+You can remove the access permission for a user who isn't managing the Automation account, or who no longer works for the organization. The following steps show how to remove the role assignments from a user. For detailed steps, see [Remove Azure role assignments](../../articles/role-based-access-control/role-assignments-remove.md):
 
-   > [!NOTE]
-   > You can only set role-based access control at the Automation account scope and not at any resource below the Automation account.
+1. Open **Access control (IAM)** at a scope, such as management group, subscription, resource group, or resource, where you want to remove access.
 
-#### Remove a user
+1. Select the **Role assignments** tab to view all the role assignments at this scope.
 
-You can remove the access permission for a user who isn't managing the Automation account, or who no longer works for the organization. Following are the steps to remove a user:
+1. In the list of role assignments, add a checkmark next to the user with the role assignment you want to remove.
 
-1. From the Access control (IAM) page, select the user to remove and click **Remove**.
-2. Click the **Remove** button in the assignment details pane.
-3. Click **Yes** to confirm removal.
+1. Select **Remove**.
 
    ![Remove users](media/automation-role-based-access-control/automation-08-remove-users.png)
 

articles/automation/media/automation-role-based-access-control/automation-01-access-button.png

@@ -5,6 +5,7 @@ services: azure-functions
 ms.subservice: start-stop-vms
 ms.date: 06/25/2021
 ms.topic: conceptual
+ms.custon: subject-rbac-steps
 ---
 
 # Deploy Start/Stop VMs v2 (preview)
@@ -61,17 +62,23 @@ To simplify management and removal, we recommend you deploy Start/Stop VMs v2 (p
 
 After the Start/Stop deployment completes, perform the following steps to enable Start/Stop VMs v2 (preview) to take action across multiple subscriptions.
 
-1. Copy the value for the Azure Function App Name that you specified during the deployment.
+1. Copy the value for the Azure Function App name that you specified during the deployment.
 
-1. In the portal, navigate to your secondary subscription. Select the subscription, and then select **Access Control (IAM)**
+1. In the Azure portal, navigate to your secondary subscription.
 
-1. Select **Add** and then select **Add role assignment**.
+1. Select **Access control (IAM)**.
 
-1. Select the **Contributor** role from the **Role** drop down list.
+1. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
 
-1. Enter the Azure Function Application Name in the **Select** field. Select the function name in the results.
+1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
 
-1. Select **Save** to commit your changes.
+    | Setting | Value |
+    | --- | --- |
+    | Role | Contributor |
+    | Assign access to | User, group, or service principal |
+    | Members | <Your Azure Function App name> |
+
+    ![Add role assignment page in Azure portal.](../../includes/role-based-access-control/media/add-role-assignment-page.png)
 
 ## Configure schedules overview