Skip to content

Commit 862e92a

Browse files
authored
Update how-to-deploy-in-azure-virtual-network.md
1 parent c3b245e commit 862e92a

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

articles/spring-apps/how-to-deploy-in-azure-virtual-network.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,10 @@ If you already have a virtual network to host an Azure Spring Apps instance, ski
139139

140140
## Grant service permission to the virtual network
141141

142-
Azure Spring Apps requires **Owner** permission to your virtual network, in order to grant a dedicated and dynamic service principal on the virtual network for further deployment and maintenance.
142+
The following procedures describe granting Azure Spring Apps **[Owner](../role-based-access-control/built-in-roles.md#owner)** permission on your virtual network, in order to grant a dedicated and dynamic service principal on the virtual network for further deployment and maintenance.
143+
144+
> [!NOTE]
145+
> The minimal required permissons are **[User Access Administrator](../role-based-access-control/built-in-roles.md#user-access-administrator)** **and** **[Network Contributor](../role-based-access-control/built-in-roles.md#network-contributor)**. You can grant role assignments to both of them if not able to grant **Owner** permission.
143146
144147
#### [Portal](#tab/azure-portal)
145148

@@ -292,7 +295,7 @@ The route tables to which your custom vnet is associated must meet the following
292295

293296
* You can associate your Azure route tables with your vnet only when you create a new Azure Spring Apps service instance. You cannot change to use another route table after Azure Spring Apps has been created.
294297
* Both the Spring application subnet and the service runtime subnet must associate with different route tables or neither of them.
295-
* Permissions must be assigned before instance creation. Be sure to grant **Azure Spring Apps Resource Provider** the *Owner* permission to your route tables.
298+
* Permissions must be assigned before instance creation. Be sure to grant **Azure Spring Apps Resource Provider** the *Owner* permission (or *User Access Administrator* and *Network Contributor* permissions) on your route tables.
296299
* The associated route table resource cannot be updated after cluster creation. While the route table resource cannot be updated, custom rules can be modified on the route table.
297300
* You cannot reuse a route table with multiple instances due to potential conflicting routing rules.
298301

0 commit comments

Comments
 (0)