Added link to key vault role docs

schaffererin · schaffererin · commit 6bbaeea47a18 · 2024-05-02T11:04:00.000-07:00
diff --git a/articles/aks/csi-secrets-store-identity-access.md b/articles/aks/csi-secrets-store-identity-access.md
@@ -62,8 +62,8 @@ In this security model, the AKS cluster acts as token issuer. Microsoft Entra ID
 
     > [!IMPORTANT]
     >
-    > * If your key vault is set with `--enable-rbac-authorization` and you're using `key` or `certificate` type, assign the `Key Vault Certificate User` role to give permissions.
-    > * If your key vault is set with `--enable-rbac-authorization` and you're using `secret` type, assign the `Key Vault Secrets User` role.
+    > * If your key vault is set with `--enable-rbac-authorization` and you're using `key` or `certificate` type, assign the [`Key Vault Certificate User`](../key-vault/general/rbac-guide.md#azure-built-in-roles-for-key-vault-data-plane-operations) role to give permissions.
+    > * If your key vault is set with `--enable-rbac-authorization` and you're using `secret` type, assign the [`Key Vault Secrets User`](../key-vault/general/rbac-guide.md#azure-built-in-roles-for-key-vault-data-plane-operations) role.
     > * If your key vault isn't set with `--enable-rbac-authorization`, you can use the [`az keyvault set-policy`][az-keyvault-set-policy] command with the `--key-permissions get`, `--certificate-permissions get`, or `--secret-permissions get` parameter to create a key vault policy to grant access for keys, certificates, or secrets. For example:
     >
     > ```azurecli-interactive

Original file line number	Diff line number	Diff line change
`@@ -62,8 +62,8 @@ In this security model, the AKS cluster acts as token issuer. Microsoft Entra ID`
`62`	`62`
`63`	`63`	`> [!IMPORTANT]`
`64`	`64`	`>`
`65`		- > * If your key vault is set with `--enable-rbac-authorization` and you're using `key` or `certificate` type, assign the `Key Vault Certificate User` role to give permissions.
`66`		- > * If your key vault is set with `--enable-rbac-authorization` and you're using `secret` type, assign the `Key Vault Secrets User` role.
	`65`	+ > * If your key vault is set with `--enable-rbac-authorization` and you're using `key` or `certificate` type, assign the [`Key Vault Certificate User`](../key-vault/general/rbac-guide.md#azure-built-in-roles-for-key-vault-data-plane-operations) role to give permissions.
	`66`	+ > * If your key vault is set with `--enable-rbac-authorization` and you're using `secret` type, assign the [`Key Vault Secrets User`](../key-vault/general/rbac-guide.md#azure-built-in-roles-for-key-vault-data-plane-operations) role.
`67`	`67`	> * If your key vault isn't set with `--enable-rbac-authorization`, you can use the [`az keyvault set-policy`][az-keyvault-set-policy] command with the `--key-permissions get`, `--certificate-permissions get`, or `--secret-permissions get` parameter to create a key vault policy to grant access for keys, certificates, or secrets. For example:
`68`	`68`	`>`
`69`	`69`	> ```azurecli-interactive