Merge pull request #90994 from SeanGreenbaum/patch-1

American-Dipper · web-flow · commit 7c888bb1eea7 · 2023-02-07T14:58:56.000-08:00
Add missing custom role
diff --git a/articles/aks/configure-azure-cni.md b/articles/aks/configure-azure-cni.md
@@ -26,6 +26,7 @@ This article shows you how to use Azure CNI networking to create and use a virtu
 * The cluster identity used by the AKS cluster must have at least [Network Contributor](../role-based-access-control/built-in-roles.md#network-contributor) permissions on the subnet within your virtual network. If you wish to define a [custom role](../role-based-access-control/custom-roles.md) instead of using the built-in Network Contributor role, the following permissions are required:
   * `Microsoft.Network/virtualNetworks/subnets/join/action`
   * `Microsoft.Network/virtualNetworks/subnets/read`
+  * `Microsoft.Authorization/roleAssignments/write`
 * The subnet assigned to the AKS node pool cannot be a [delegated subnet](../virtual-network/subnet-delegation-overview.md).
 * AKS doesn't apply Network Security Groups (NSGs) to its subnet and will not modify any of the NSGs associated with that subnet. If you provide your own subnet and add NSGs associated with that subnet, you must ensure the security rules in the NSGs allow traffic within the node CIDR range. For more details, see [Network security groups][aks-network-nsg].
 
