Update RBAC

Author: rolyon

articles/role-based-access-control/TOC.yml

@@ -3,7 +3,7 @@
   items:
 - name: Overview
   items:
-  - name: What is RBAC?
+  - name: What is Azure RBAC?
     href: overview.md
   - name: Understand the different roles
     href: rbac-and-directory-admin-roles.md
@@ -100,7 +100,7 @@
     href: built-in-roles.md
   - name: Resource provider operations
     href: resource-provider-operations.md
-  - name: RBAC limits
+  - name: Azure RBAC limits
     href: ../azure-resource-manager/management/azure-subscription-service-limits.md#role-based-access-control-limits
   - name: Azure PowerShell
     href: /powershell/module/az.resources

articles/role-based-access-control/index.yml

@@ -23,7 +23,7 @@ landingContent:
     linkLists: 
       - linkListType: overview
         links: 
-          - text: What is RBAC?
+          - text: What is Azure RBAC?
             url: overview.md
           - text: Understand the different roles
             url: rbac-and-directory-admin-roles.md
@@ -46,7 +46,7 @@ landingContent:
             url: tutorial-role-assignments-group-powershell.md
       - linkListType: learn
         links: 
-          - text: Secure your Azure resources with RBAC
+          - text: Secure your Azure resources with Azure RBAC
             url: https://docs.microsoft.com/learn/modules/secure-azure-resources-with-rbac/
   # Card
   - title: Manage access

articles/role-based-access-control/overview.md

@@ -23,18 +23,18 @@ ms.reviewer: bagovind
 
 Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
 
-RBAC is an authorization system built on [Azure Resource Manager](../azure-resource-manager/management/overview.md) that provides fine-grained access management of Azure resources.
+Azure RBAC is an authorization system built on [Azure Resource Manager](../azure-resource-manager/management/overview.md) that provides fine-grained access management of Azure resources.
 
-## What can I do with RBAC?
+## What can I do with Azure RBAC?
 
-Here are some examples of what you can do with RBAC:
+Here are some examples of what you can do with Azure RBAC:
 
 - Allow one user to manage virtual machines in a subscription and another user to manage virtual networks
 - Allow a DBA group to manage SQL databases in a subscription
 - Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
 - Allow an application to access all resources in a resource group
 
-## How RBAC works
+## How Azure RBAC works
 
 The way you control access to resources using Azure RBAC is to create role assignments. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
 
@@ -92,17 +92,17 @@ You can create role assignments using the Azure portal, Azure CLI, Azure PowerSh
 
 ## Multiple role assignments
 
-So what happens if you have multiple overlapping role assignments? RBAC is an additive model, so your effective permissions are the sum of your role assignments. Consider the following example where a user is granted the Contributor role at the subscription scope and the Reader role on a resource group. The sum of the Contributor permissions and the Reader permissions is effectively the Contributor role for the resource group. Therefore, in this case, the Reader role assignment has no impact.
+So what happens if you have multiple overlapping role assignments? Azure RBAC is an additive model, so your effective permissions are the sum of your role assignments. Consider the following example where a user is granted the Contributor role at the subscription scope and the Reader role on a resource group. The sum of the Contributor permissions and the Reader permissions is effectively the Contributor role for the resource group. Therefore, in this case, the Reader role assignment has no impact.
 
 ![Multiple role assignments](./media/overview/rbac-multiple-roles.png)
 
 ## Deny assignments
 
-Previously, RBAC was an allow-only model with no deny, but now RBAC supports deny assignments in a limited way. Similar to a role assignment, a *deny assignment* attaches a set of deny actions to a user, group, service principal, or managed identity at a particular scope for the purpose of denying access. A role assignment defines a set of actions that are *allowed*, while a deny assignment defines a set of actions that are *not allowed*. In other words, deny assignments block users from performing specified actions even if a role assignment grants them access. Deny assignments take precedence over role assignments. For more information, see [Understand deny assignments for Azure resources](deny-assignments.md).
+Previously, Azure RBAC was an allow-only model with no deny, but now Azure RBAC supports deny assignments in a limited way. Similar to a role assignment, a *deny assignment* attaches a set of deny actions to a user, group, service principal, or managed identity at a particular scope for the purpose of denying access. A role assignment defines a set of actions that are *allowed*, while a deny assignment defines a set of actions that are *not allowed*. In other words, deny assignments block users from performing specified actions even if a role assignment grants them access. Deny assignments take precedence over role assignments. For more information, see [Understand deny assignments for Azure resources](deny-assignments.md).
 
-## How RBAC determines if a user has access to a resource
+## How Azure RBAC determines if a user has access to a resource
 
-The following are the high-level steps that RBAC uses to determine if you have access to a resource on the management plane. This is helpful to understand if you are trying to troubleshoot an access issue.
+The following are the high-level steps that Azure RBAC uses to determine if you have access to a resource on the management plane. This is helpful to understand if you are trying to troubleshoot an access issue.
 
 1. A user (or service principal) acquires a token for Azure Resource Manager.
 

articles/role-based-access-control/quickstart-assign-role-user-portal.md

@@ -1,5 +1,5 @@
 ---
-title: "Tutorial: Grant user access to Azure resources with RBAC and the Azure portal "
+title: "Tutorial: Grant user access to Azure resources with Azure RBAC and the Azure portal "
 description: In this tutorial, learn how to grant a user access to Azure resources using Azure role-based access control (Azure RBAC) in the Azure portal.
 services: role-based-access-control
 documentationCenter: ''
@@ -57,7 +57,7 @@ Sign in to the Azure portal at https://portal.azure.com.
 
 ## Grant access
 
-In RBAC, to grant access, you create a role assignment.
+In Azure RBAC, to grant access, you create a role assignment.
 
 1. In the list of **Resource groups**, click the new **rbac-resource-group** resource group.
 
@@ -87,7 +87,7 @@ In RBAC, to grant access, you create a role assignment.
 
 ## Remove access
 
-In RBAC, to remove access, you remove a role assignment.
+In Azure RBAC, to remove access, you remove a role assignment.
 
 1. In the list of role assignments, add a checkmark next to the user with the Virtual Machine Contributor role.
 

articles/role-based-access-control/rbac-and-directory-admin-roles.md

@@ -27,7 +27,7 @@ If you are new to Azure, you may find it a little challenging to understand all
 
 ## How the roles are related
 
-To better understand roles in Azure, it helps to know some of the history. When Azure was initially released, access to resources was managed with just three administrator roles: Account Administrator, Service Administrator, and Co-Administrator. Later, Azure role-based access control (Azure RBAC) was added. Azure RBAC is a newer authorization system that provides fine-grained access management to Azure resources. RBAC includes many built-in roles, can be assigned at different scopes, and allows you to create your own custom roles. To manage resources in Azure AD, such as users, groups, and domains, there are several Azure AD administrator roles.
+To better understand roles in Azure, it helps to know some of the history. When Azure was initially released, access to resources was managed with just three administrator roles: Account Administrator, Service Administrator, and Co-Administrator. Later, Azure role-based access control (Azure RBAC) was added. Azure RBAC is a newer authorization system that provides fine-grained access management to Azure resources. Azure RBAC includes many built-in roles, can be assigned at different scopes, and allows you to create your own custom roles. To manage resources in Azure AD, such as users, groups, and domains, there are several Azure AD administrator roles.
 
 The following diagram is a high-level view of how the classic subscription administrator roles, Azure roles, and Azure AD administrator roles are related.
 
@@ -77,7 +77,7 @@ Azure RBAC is an authorization system built on [Azure Resource Manager](../azure
 
 The rest of the built-in roles allow management of specific Azure resources. For example, the [Virtual Machine Contributor](built-in-roles.md#virtual-machine-contributor) role allows the user to create and manage virtual machines. For a list of all the built-in roles, see [Azure built-in roles](built-in-roles.md).
 
-Only the Azure portal and the Azure Resource Manager APIs support RBAC. Users, groups, and applications that are assigned Azure roles cannot use the [Azure classic deployment model APIs](../azure-resource-manager/management/deployment-models.md).
+Only the Azure portal and the Azure Resource Manager APIs support Azure RBAC. Users, groups, and applications that are assigned Azure roles cannot use the [Azure classic deployment model APIs](../azure-resource-manager/management/deployment-models.md).
 
 In the Azure portal, role assignments using Azure RBAC appear on the **Access control (IAM)** blade. This blade can be found throughout the portal, such as management groups, subscriptions, resource groups, and various resources.
 

articles/role-based-access-control/role-assignments-cli.md

@@ -57,7 +57,7 @@ az ad sp list --display-name "{name}" --query [].objectId --output tsv
 
 ## Add a role assignment
 
-In RBAC, to grant access, you add a role assignment.
+In Azure RBAC, to grant access, you add a role assignment.
 
 ### User at a resource group scope
 
@@ -182,7 +182,7 @@ az role assignment create --role "Virtual Machine Contributor" --assignee-object
 
 ## Remove a role assignment
 
-In RBAC, to remove access, you remove a role assignment by using [az role assignment delete](/cli/azure/role/assignment#az-role-assignment-delete):
+In Azure RBAC, to remove access, you remove a role assignment by using [az role assignment delete](/cli/azure/role/assignment#az-role-assignment-delete):
 
 ```azurecli
 az role assignment delete --assignee <assignee> --role <role_name_or_id> --resource-group <resource_group>

articles/role-based-access-control/role-assignments-external-users.md

@@ -1,5 +1,5 @@
 ---
-title: Add or remove role assignments for external users with RBAC and the Azure portal
+title: Add or remove role assignments for external users with Azure RBAC and the Azure portal
 description: Learn how to grant access to Azure resources for users external to an organization using Azure role-based access control (Azure RBAC).
 services: active-directory
 documentationcenter: ''
@@ -21,7 +21,7 @@ ms.custom: it-pro
 ---
 # Add or remove role assignments for external guest users using Azure RBAC and the Azure portal
 
-[Azure role-based access control (Azure RBAC)](overview.md) allows better security management for large organizations and for small and medium-sized businesses working with external collaborators, vendors, or freelancers that need access to specific resources in your environment, but not necessarily to the entire infrastructure or any billing-related scopes. You can use the capabilities in [Azure Active Directory B2B](../active-directory/b2b/what-is-b2b.md) to collaborate with external guest users and you can use RBAC to grant just the permissions that guest users need in your environment.
+[Azure role-based access control (Azure RBAC)](overview.md) allows better security management for large organizations and for small and medium-sized businesses working with external collaborators, vendors, or freelancers that need access to specific resources in your environment, but not necessarily to the entire infrastructure or any billing-related scopes. You can use the capabilities in [Azure Active Directory B2B](../active-directory/b2b/what-is-b2b.md) to collaborate with external guest users and you can use Azure RBAC to grant just the permissions that guest users need in your environment.
 
 ## Prerequisites
 
@@ -65,7 +65,7 @@ For more information about the invitation process, see [Azure Active Directory B
 
 ## Add a role assignment for a guest user
 
-In RBAC, to grant access, you assign a role. To add a role assignment for a guest user, you follow [same steps](role-assignments-portal.md#add-a-role-assignment) as you would for a member user, group, service principal, or managed identity. Follow these steps add a role assignment for a guest user at different scopes.
+In Azure RBAC, to grant access, you assign a role. To add a role assignment for a guest user, you follow [same steps](role-assignments-portal.md#add-a-role-assignment) as you would for a member user, group, service principal, or managed identity. Follow these steps add a role assignment for a guest user at different scopes.
 
 1. In the Azure portal, click **All services**.
 

articles/role-based-access-control/role-assignments-list-rest.md

@@ -27,7 +27,7 @@ ms.reviewer: bagovind
 
 ## List role assignments
 
-In RBAC, to list access, you list the role assignments. To list role assignments, use one of the [Role Assignments - List](/rest/api/authorization/roleassignments/list) REST APIs. To refine your results, you specify a scope and an optional filter.
+In Azure RBAC, to list access, you list the role assignments. To list role assignments, use one of the [Role Assignments - List](/rest/api/authorization/roleassignments/list) REST APIs. To refine your results, you specify a scope and an optional filter.
 
 1. Start with the following request:
 

articles/role-based-access-control/role-assignments-portal.md

@@ -1,5 +1,5 @@
 ---
-title: Add or remove role assignments with RBAC and the Azure portal
+title: Add or remove role assignments with Azure RBAC and the Azure portal
 description: Learn how to grant access to Azure resources for users, groups, service principals, or managed identities using Azure role-based access control (Azure RBAC) and the Azure portal.
 services: active-directory
 documentationcenter: ''

articles/role-based-access-control/role-assignments-powershell.md

@@ -1,5 +1,5 @@
 ---
-title: Add or remove role assignments with RBAC and Azure PowerShell
+title: Add or remove role assignments with Azure RBAC and Azure PowerShell
 description: Learn how to grant access to Azure resources for users, groups, service principals, or managed identities using Azure role-based access control (Azure RBAC) and Azure PowerShell.
 services: active-directory
 documentationcenter: ''
@@ -62,7 +62,7 @@ Get-AzADServicePrincipal -SearchString <service_name_in_quotes>
 
 ## Add a role assignment
 
-In RBAC, to grant access, you add a role assignment.
+In Azure RBAC, to grant access, you add a role assignment.
 
 ### User at a resource group scope
 
@@ -200,7 +200,7 @@ CanDelegate        : False
 
 ## Remove a role assignment
 
-In RBAC, to remove access, you remove a role assignment by using [Remove-AzRoleAssignment](/powershell/module/az.resources/remove-azroleassignment).
+In Azure RBAC, to remove access, you remove a role assignment by using [Remove-AzRoleAssignment](/powershell/module/az.resources/remove-azroleassignment).
 
 The following example removes the *Virtual Machine Contributor* role assignment from the *alain\@example.com* user on the *pharma-sales* resource group: