Update

Author: hahahahahaiyiwen

articles/azure-app-configuration/concept-enable-rbac.md

@@ -30,7 +30,7 @@ Requests for [data plane](../azure-resource-manager/management/control-plane-and
 ### Control plane access
 All requests for [control plane](../azure-resource-manager/management/control-plane-and-data-plane.md#control-plane) operations are sent to the Azure Resource Manager URL. These requests pertain to the App Configuration resource.
 
-- **App Configuration Contributor**: Use this role to manage only App Configuration resource. This role does not grant access to manage other Azure resources, nor to purge deleted App Configuration resource. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role doesn't grant direct access to the data using Microsoft Entra ID. To purge deleted App Configuration resource, please use **Contributor** role. 
+- **App Configuration Contributor**: Use this role to manage only App Configuration resource. This role does not grant access to manage other Azure resources. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role doesn't grant direct access to the data using Microsoft Entra ID. It grants access to recover deleted App Configuration resource but not access to purge deleted App Configuration resource. To purge deleted App Configuration resource, use **Contributor** role. 
 - **App Configuration Reader**: Use this role to read only App Configuration resource. This role does not grant access to read other Azure resources. It doesn't grant access to the resource's access keys, nor to the data stored in App Configuration.
 - **Contributor** or **Owner**: Use this role to manage the App Configuration resource while also be able to manage other Azure resources. This role is a privileged adminstrator role. It grants access to the resource's access keys. While the App Configuration data can be accessed using access keys, this role doesn't grant direct access to the data using Microsoft Entra ID.
 - **Reader**: Use this role to read App Configuration resource while also be able to read other Azure resources. This role doesn't grant access to the resource's access keys, nor to the data stored in App Configuration.

articles/azure-app-configuration/concept-soft-delete.md

@@ -42,14 +42,14 @@ With Purge protection enabled, soft deleted stores can't be purged in the retent
 
 - `Microsoft.AppConfiguration/configurationStores/write`
 
-To recover a deleted App Configuration store the `Microsoft.AppConfiguration/configurationStores/write` permission is needed. The built-in "Owner" and "Contributor" roles contain this permission by default. The permission can be assigned at the subscription or resource group scope.
+To recover a deleted App Configuration store the `Microsoft.AppConfiguration/configurationStores/write` permission is needed. The built-in "App Configuration Contributor", "Owner", and "Contributor" roles contain this permission by default. The permission can be assigned at the subscription or resource group scope.
 
 ## Permissions to read and purge deleted stores
 
 * Read: `Microsoft.AppConfiguration/locations/deletedConfigurationStores/read`
 * Purge: `Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action`
 
-To list deleted App Configuration stores, or get an individual store by name the `Microsoft.AppConfiguration/locations/deletedConfigurationStores/read` permission is needed. To purge a deleted App Configuration store the `Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action` permission is needed. The built-in "Owner" and "Contributor" roles contain these permissions by default. Permissions for reading and purging deleted App Configuration stores must be assigned at the subscription level. This is because deleted configuration stores exist outside of individual resource groups. 
+To list deleted App Configuration stores, or get an individual store by name the `Microsoft.AppConfiguration/locations/deletedConfigurationStores/read` permission is needed. To purge a deleted App Configuration store the `Microsoft.AppConfiguration/locations/deletedConfigurationStores/purge/action` permission is needed. The built-in "App Configuration Contributor" and "App Configuration Reader" roles contain the permission for reading deleted App Configuration stores but not the permission for purging deleted App Configuration stores. The built-in "Owner" and "Contributor" roles contain these permissions by default. Permissions for reading and purging deleted App Configuration stores must be assigned at the subscription level. This is because deleted configuration stores exist outside of individual resource groups. 
 
 ## Billing implications