Update storage.md

Update Azure File Sync Administrator and Azure File Sync Reader roles.

Author: codefinite-vri

articles/role-based-access-control/built-in-roles/storage.md

@@ -167,7 +167,112 @@ Used by the Avere vFXT cluster to manage the cluster
   "type": "Microsoft.Authorization/roleDefinitions"
 }
 ```
+## Azure File Sync Administrator
 
+This role provides full access to manage all Azure File Sync (Storage Sync Service) resources, including the ability to assign roles in Azure RBAC.
+
+[Learn more](/azure/storage/file-sync/file-sync-deployment-guide)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync)/register/action | Registers the server to Storage Sync Service |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync)/unregister/action | Unregisters the server to Storage Sync Service  |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync)/locations/* |  |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync)/deployments/preflight/action |  |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync)/storageSyncServices/* |  |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync)/operations/read | Returns the status of Storage Sync operations |
+> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/AlertRules/* | Create and manage a classic metric alert |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups |
+> | [Microsoft.Support](../permissions/general#microsoftsupport)/* | Create and update a support ticket |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/write | Create and update role assignments |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/roleAssignments/read | Read role assignments |
+> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/read | Returns the list of storage accounts or gets the properties for the specified storage account |
+> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/read | List file services |
+> | [Microsoft.Storage](../permissions/storage.md#microsoftstorage)/storageAccounts/fileServices/shares/read | Get file share |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "This role provides full access to manage all Azure File Sync (Storage Sync Service) resources, including the ability to assign roles in Azure RBAC.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/92b92042-07d9-4307-87f7-36a593fc5850",
+  "name": "92b92042-07d9-4307-87f7-36a593fc5850",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.StorageSync/register/action",
+        "Microsoft.StorageSync/unregister/action",
+        "Microsoft.StorageSync/locations/*",
+        "Microsoft.StorageSync/deployments/preflight/action",
+        "Microsoft.StorageSync/storageSyncServices/*",
+        "Microsoft.StorageSync/operations/read",
+        "Microsoft.Insights/AlertRules/*",
+        "Microsoft.Resources/deployments/*",
+        "Microsoft.Resources/subscriptions/resourceGroups/read",
+        "Microsoft.Support/*",
+        "Microsoft.Authorization/roleAssignments/write",
+        "Microsoft.Authorization/roleAssignments/read",
+        "Microsoft.Storage/storageAccounts/read",
+        "Microsoft.Storage/storageAccounts/fileServices/read",
+        "Microsoft.Storage/storageAccounts/fileServices/shares/read"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Azure File Sync Administrator",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+## Azure File Sync Reader
+
+This role provides read access to Azure File Sync service (Storage Sync Service).
+
+[Learn more](/azure/storage/file-sync/file-sync-deployment-guide)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.StorageSync](../permissions/storage.md#microsoftstoragesync.md)/*/read |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "This role provides full access to manage all Azure File Sync (Storage Sync Service) resources, including the ability to assign roles in Azure RBAC.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/754c1a27-40dc-4708-8ad4-2bffdeee09e8",
+  "name": "754c1a27-40dc-4708-8ad4-2bffdeee09e8",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.StorageSync/*/read"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Azure File Sync Reader",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
 ## Backup Contributor
 
 Lets you manage backup service, but can't create vaults and give access to others
@@ -2366,4 +2471,4 @@ Allows for read access to Azure Storage tables and entities
 
 ## Next steps
 
-- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)
+- [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)