Skip to content

Commit 9de7465

Browse files
PRMerger19PRMerger19
authored
Merge pull request #203792 from timwarner-msft/timwarner-rbac2
Resolve reviewer comments
2 parents fc55431 + 2e2f857 commit 9de7465

File tree

1 file changed

+4
-8
lines changed

1 file changed

+4
-8
lines changed

articles/governance/policy/overview.md

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
22
title: Overview of Azure Policy
33
description: Azure Policy is a service in Azure, that you use to create, assign and, manage policy definitions in your Azure environment.
4-
ms.date: 06/22/2022
4+
ms.date: 07/05/2022
55
ms.topic: overview
66
ms.author: timwarner
77
author: timwarner-msft
@@ -147,15 +147,11 @@ to users who do not need them.
147147
148148
### Special permissions requirement for Azure Policy with Azure Virtual Network Manager (preview)
149149

150-
[Azure Virtual Network Manager (preview)](../../virtual-network-manager/overview.md) enables you to apply consistent management and security policies to multiple Azure virtual networks (VNets) throughout your cloud infrastructure. Azure Virtual Network Manager dynamic groups use read-only Azure Policy definitions to evaluate VNet membership in those groups.
150+
[Azure Virtual Network Manager (preview)](../../virtual-network-manager/overview.md) enables you to apply consistent management and security policies to multiple Azure virtual networks (VNets) throughout your cloud infrastructure. Azure Virtual Network Manager dynamic groups use Azure Policy definitions to evaluate VNet membership in those groups.
151151

152-
To create, edit, or delete Azure Virtual Network Manager dynamic group policies, you need not only appropriate read and write Azure Policy RBAC permissions as described previously, but also permissions to write on the network group.
152+
To create, edit, or delete Azure Virtual Network Manager dynamic group policies, you need not only appropriate read and write Azure Policy RBAC permissions as described previously, but also permissions to join the network group.
153153

154-
Specifically, the required resource provider permissions are:
155-
156-
- Microsoft.Network/networkManagerConnections/write
157-
- Microsoft.Network/networkManagers/networkGroups/write
158-
- Microsoft.Authorization/policyAssignments/write
154+
Specifically, the required resource provider permission is `Microsoft.Network/networkManagers/networkGroups/join/action`.
159155

160156
### Resources covered by Azure Policy
161157

0 commit comments

Comments
 (0)