Added intro sentences

rolyon · rolyon · commit 990b8df9dc04 · 2020-05-08T11:15:51.000-07:00
diff --git a/articles/role-based-access-control/role-definitions.md b/articles/role-based-access-control/role-definitions.md
@@ -53,6 +53,8 @@ notDataActions []
 assignableScopes []
 ```
 
+The following table describes what the role properties mean.
+
 | Property | Description |
 | --- | --- |
 | `Name`</br>`roleName` | The display name of the role. |
@@ -85,6 +87,8 @@ The `{action}` portion of an operation string specifies the type of operations y
 
 Here's the [Contributor](built-in-roles.md#contributor) role definition as displayed in Azure PowerShell and Azure CLI. The wildcard (`*`) operation under `Actions` indicates that the principal assigned to this role can perform all actions, or in other words, it can manage everything. This includes actions defined in the future, as Azure adds new resource types. The operations under `NotActions` are subtracted from `Actions`. In the case of the [Contributor](built-in-roles.md#contributor) role, `NotActions` removes this role's ability to manage access to resources and also assign access to resources.
 
+Contributor role as displayed in Azure PowerShell:
+
 ```json
 {
   "Name": "Contributor",
@@ -109,6 +113,8 @@ Here's the [Contributor](built-in-roles.md#contributor) role definition as displ
 }
 ```
 
+Contributor role as displayed in Azure CLI:
+
 ```json
 {
   "assignableScopes": [
@@ -159,6 +165,8 @@ To support data operations, new data properties have been added to the role defi
 
 Here's the [Storage Blob Data Reader](built-in-roles.md#storage-blob-data-reader) role definition, which includes operations in both the `Actions` and `DataActions` properties. This role allows you to read the blob container and also the underlying blob data.
 
+Storage Blob Data Reader role as displayed in Azure PowerShell:
+
 ```json
 {
   "Name": "Storage Blob Data Reader",
@@ -180,6 +188,8 @@ Here's the [Storage Blob Data Reader](built-in-roles.md#storage-blob-data-reader
 }
 ```
 
+Storage Blob Data Reader role as displayed in Azure CLI:
+
 ```json
 {
   "assignableScopes": [
@@ -230,9 +240,11 @@ Storage Blob Data Contributor
 &nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/delete`<br>
 &nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/read`<br>
 &nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/write`<br>
+&nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action`<br>
 &nbsp;&nbsp;&nbsp;&nbsp;DataActions<br>
 &nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete`<br>
 &nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read`<br>
+&nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action`<br>
 &nbsp;&nbsp;&nbsp;&nbsp;`Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write`
 
 Since Alice has a wildcard (`*`) action at a subscription scope, their permissions inherit down to enable them to perform all management actions. Alice can read, write, and delete containers. However, Alice cannot perform data operations without taking additional steps. For example, by default, Alice cannot read the blobs inside a container. To read the blobs, Alice would have to retrieve the storage access keys and use them to access the blobs.
