Merge pull request #300344 from AbhishekMallick01/May-26-2025-EEE

prmerger-automator[bot] · web-flow · commit ac25b52af999 · 2025-05-26T08:28:13.000Z
Addressed EEE doc ask #26116824
diff --git a/articles/backup/backup-rbac-rs-vault.md b/articles/backup/backup-rbac-rs-vault.md
@@ -1,9 +1,9 @@
 ---
 title: Manage Backups with Azure role-based access control
 description: Use Azure role-based access control to manage access to backup management operations in Recovery Services vault.
-ms.reviewer: utraghuv
+ms.reviewer: dapatil
 ms.topic: how-to
-ms.date: 05/08/2025
+ms.date: 05/26/2025
 ms.service: azure-backup
 author: jyothisuri
 ms.author: jsuri
@@ -124,16 +124,19 @@ The following table captures the Backup management actions and corresponding Azu
 
 | Management Operation | Minimum Azure role required | Scope Required | Alternative |
 | --- | --- | --- | --- |
-| Validate before configuring backup | Backup Operator | Backup vault |   |
+| Validate before configuring backup | Backup Operator | Backup vault  <br><br> - Resources/deployments/validate/action <br> - Resources/deployments/write <br> - Resources/subscriptions/resourceGroups/read |   |
 |  | Storage account backup contributor | Storage account containing the blob |   |
-| Enable backup from backup vault | Backup Operator | Backup vault |   |
+| Enable backup from backup vault | Backup Operator | Backup vault  <br><br> - Resources/deployments/validate/action <br> - Resources/deployments/write <br> - Resources/subscriptions/resourceGroups/read |   |
 |  | Storage account backup contributor | Storage account containing the blob | In addition, the backup vault MSI should be given [these permissions](./blob-backup-configure-manage.md#grant-permissions-to-the-backup-vault-on-storage-accounts) |
-| On demand backup of blob | Backup Operator | Backup vault | |
-| Validate before restoring a blob | Backup Operator | Backup vault | |
+| On demand backup of blob | Backup Operator | Backup vault <br><br> - Resources/deployments/validate/action <br> - Resources/deployments/write <br> - Resources/subscriptions/resourceGroups/read | |
+| Validate before restoring a blob | Backup Operator | Backup vault  <br><br> - Resources/deployments/validate/action <br> - Resources/deployments/write <br> - Resources/subscriptions/resourceGroups/read | |
 |  | Storage account backup contributor | Storage account containing the blob |  |
 | Restoring a blob | Backup Operator | Backup vault | |
 |  | Storage account backup contributor | Storage account containing the blob | In addition, the backup vault MSI should be given [these permissions](./blob-backup-configure-manage.md#grant-permissions-to-the-backup-vault-on-storage-accounts) |
 
+>[!Note]
+>For Storage account validation operation, the Backup vault Managed ID must have the **Owner** privileges.
+
 ### Minimum role requirements for Azure database for PostgreSQL server backup
 
 | Management Operation | Minimum Azure role required | Scope Required | Alternative |
