Changes to Bicep quickstart

schaffererin · schaffererin · commit 9fa9f07928f4 · 2022-05-28T11:28:59.000-07:00
diff --git a/articles/role-based-access-control/custom-roles-bicep.md b/articles/role-based-access-control/custom-roles-bicep.md
@@ -88,7 +88,7 @@ Get-AzRoleDefinition "Custom Role - RG Reader"
 
 Similar to creating a custom role, you can update an existing custom role using Bicep. To update a custom role, you need to specify the role you want to update.
 
-Here are the changes you would need to make to the previous Bicep file to update the custom role:
+Here are the changes you would need to make to the previous Bicep file to update the name of the custom role:
 
 - Include the role ID as a parameter.
 
@@ -100,32 +100,43 @@ Here are the changes you would need to make to the previous Bicep file to update
 
     ```
 
-- Add the role ID as a parameter. Remove the variable named roleDefName.
+- Remove the roleDefName variable. You'll get a warning if you have a parameter and variable with the same name.
 
-    ```bicep
-    ...
-    resource roleDef 'Microsoft.Authorization/roleDefinitions@2018-07-01' = {
-        name: roleDefName
-        properties : {
-        ...
-    ```
+To deploy the updated Bicep file, you need to specify the roleDefName. Use Azure CLI or Azure PowerShell to get the name.
+
+# [CLI](#tab/CLI)
+
+```azurecli-interactive
+az role definition list --name "Custom Role - RG Reader"
+```
+
+# [PowerShell](#tab/PowerShell)
+
+```azurepowershell-interactive
+Get-AzRoleDefinition -Name "Custom Role - RG Reader"
+```
+
+---
 
-Then, use Azure CLI or Azure PowerShell to deploy the updated Bicep file.
+Then, use Azure CLI or Azure PowerShell to deploy the updated Bicep file, replacing **<\name-id\>** with the roleDefName.
 
 # [CLI](#tab/CLI)
 
 ```azurecli-interactive
-az deployment sub create --location eastus --name customrole --template-file main.bicep --parameters actions='("Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Resources/subscriptions/read")' roleDefName="name-id" roleName="Custom Role - RG Reader updated"
+az deployment sub create --location eastus --name customrole --template-file main.bicep --parameters actions='("Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Resources/subscriptions/read")' roleDefName="name-id" roleName="Custom Role - RG Reader"
 ```
 
 # [PowerShell](#tab/PowerShell)
 
 ```azurepowershell-interactive
-New-AzSubscriptionDeployment -Location eastus -Name customrole -TemplateFile ./main.bicep -actions $actions -roleDefName "name-id" -roleName "Custom Role - RG Reader updated"
+New-AzSubscriptionDeployment -Location eastus -Name customrole -TemplateFile ./main.bicep -actions $actions -roleDefName "name-id" -roleName "Custom Role - RG Reader"
 ```
 
 ---
 
+> [!NOTE]
+> It may take several minutes for the updated role definition to be propagated.
+
 ## Clean up resources
 
 When no longer needed, use the Azure portal, Azure CLI, or Azure PowerShell to remove the custom role.
@@ -142,9 +153,6 @@ az role definition delete --name "Custom Role - RG Reader"
 Remove-AzRoleDefinition -Name "Custom Role - RG Reader"
 ```
 
-> [!NOTE]
-> If you ran the update command, you need to instead pass "Custom Role - RG Reader updated".
-
 ---
 
 ## Next steps
