Merge pull request #239109 from ntrogh/als-permissions

[Azure Lab Services] Align permissions with RBAC conceptual information

Author: Court72

articles/lab-services/add-lab-creator.md

@@ -12,30 +12,17 @@ ms.custom: subject-rbac-steps
 
 This article shows you how to add users as lab creators to a lab account or lab plan in Azure Lab Services. These users then can create labs and manage those labs.
 
-## Add Azure AD user account to Lab Creator role
-
-The user account you used to create the lab account or lab plan is automatically able to create labs.  Otherwise, the user must be a member of the **Lab Creator** role.  If using a lab plan, user must be a **Lab Creator** on the lab plan or the resource group that contains the lab plan.  If using a lab account, the user must be a **Lab Creator** on the lab account.  If you are planning to use the same user account to create a lab as you did creating the lab plan or lab account, you can skip this step. To use another user account to create a lab, do the following steps:
-
-To provide educators the permission to create labs for their classes, add them to the **Lab Creator** role: For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
-
-1. On the **Lab Plan** resource, select **Access control (IAM)**
+## Prerequisites
 
-1. Select **Add** > **Add role assignment**.
+- To add lab creators to a lab plan, your Azure account needs to have the [Owner](./concept-lab-services-role-based-access-control.md#owner-role) Azure RBAC role assigned on the resource group. Learn more about the [Azure Lab Services built-in roles](./reliability-in-azure-lab-services.md).
 
-    ![Access control (IAM) page with Add role assignment menu open.](../../includes/role-based-access-control/media/add-role-assignment-menu-generic.png)
-
-1. On the **Role** tab, select the **Lab Creator** role.
-
-    ![Add role assignment page with Role tab selected.](../../includes/role-based-access-control/media/add-role-assignment-role-generic.png)
-
-1. On the **Members** tab, select the user you want to add to the Lab Creators role
+## Add Azure AD user account to Lab Creator role
 
-1. On the **Review + assign** tab, select **Review + assign** to assign the role.
+[!INCLUDE [Add Lab Creator role](./includes/lab-services-add-lab-creator.md)]
 
-    > [!NOTE]
-    > If you are adding a non-Microsoft account user as a lab creator, see [Adding a guest user as a lab creator](#adding-a-guest-user-as-a-lab-creator).
+If you're using a lab account, assign the Lab Creator role on the lab account. 
 
-## Adding a guest user as a lab creator
+## Add a guest user as a lab creator
 
 You might need to add an external user as a lab creator. If that is the case, you'll need to add them as a guest account on the Azure AD attached to the subscription. The following types of email accounts might be used:
 

articles/lab-services/capacity-limits.md

@@ -25,7 +25,7 @@ These actions may be disabled if there no more cores that can be enabled for you
 
 ### Prerequisites
 
-- To create a support request, your Azure account needs the [Owner](/azure/role-based-access-control/built-in-roles#owner), [Contributor](/azure/role-based-access-control/built-in-roles#contributor), or [Support Request Contributor](/azure/role-based-access-control/built-in-roles#support-request-contributor) Azure Active Directory role at the subscription level.
+[!INCLUDE [Create support request](./includes/lab-services-prerequisite-create-support-request.md)]
 
 ## Request a limit increase
 

articles/lab-services/classroom-labs-concepts.md

@@ -21,7 +21,7 @@ The following conceptual diagram shows how the different Azure Lab Services comp
 
 In Azure Lab Services, a lab plan is an Azure resource and serves as a collection of configurations and settings that apply to all the labs created from it. For example, lab plans specify the networking setup, the list of available VM images and VM sizes, and if [Canvas integration](lab-services-within-canvas-overview.md) can be used for a lab. Learn more about [planning your lab plan settings](./lab-plan-setup-guide.md#plan-your-lab-plan-settings).
 
-You can associate a lab plan with zero or more [labs](#lab). Each lab uses the configuration settings from the lab plan. Azure Lab Services uses Azure RBAC roles to grant permissions for creating labs. Learn more about [Azure Lab Services built-in roles](./administrator-guide.md#rbac-roles). 
+You can associate a lab plan with zero or more [labs](#lab). Each lab uses the configuration settings from the lab plan. Azure Lab Services uses Azure RBAC roles to grant permissions for creating labs. Learn more about [Azure Lab Services built-in roles](./concept-lab-services-role-based-access-control.md). 
 
 ## Lab
 
@@ -31,7 +31,7 @@ You can further configure the lab behavior by creating [lab schedules](#schedule
 
 When you publish a lab, Azure Lab Services provisions the lab VMs. All lab VMs for a lab share the same configuration and are identical.
 
-To create labs in Azure Lab Services, your Azure account needs to have the Lab Creator Azure RBAC role, or you need to be the owner of the corresponding lab plan. Learn more about [Azure Lab Services built-in roles](./administrator-guide.md#rbac-roles).
+To create labs in Azure Lab Services, your Azure account needs to have the Lab Creator Azure RBAC role, or you need to be the owner of the corresponding lab plan. Learn more about [Azure Lab Services built-in roles](./concept-lab-services-role-based-access-control.md).
 
 You use the Azure Lab Services website (https://labs.azure.com) to create labs for a lab plan. Alternately, you can also [configure Microsoft Teams integration](./how-to-configure-teams-for-lab-plans.md) or [Canvas integration](./how-to-configure-canvas-for-lab-plans.md) with Azure Lab Services to create labs directly in Microsoft Teams or Canvas.
 

articles/lab-services/how-to-attach-detach-shared-image-gallery.md

@@ -23,7 +23,7 @@ Saving images to a compute gallery and replicating those images incurs extra cos
 
 ## Prerequisites
 
-- To change settings for the lab plan, your Azure account needs the [Owner](/azure/role-based-access-control/built-in-roles#owner), [Contributor](/azure/role-based-access-control/built-in-roles#contributor), or [Lab Services Contributor](/azure/role-based-access-control/built-in-roles#lab-services-contributor) role on the lab plan. Learn more about the [Azure Lab Services built-in roles](./administrator-guide.md#rbac-roles).
+- To change settings for the lab plan, your Azure account needs the [Owner](/azure/role-based-access-control/built-in-roles#owner), [Contributor](/azure/role-based-access-control/built-in-roles#contributor), or [Lab Services Contributor](/azure/role-based-access-control/built-in-roles#lab-services-contributor) role on the lab plan. Learn more about the [Azure Lab Services built-in roles](./concept-lab-services-role-based-access-control.md).
 
 - To attach an Azure compute gallery to a lab plan, your Azure account needs to have the following permissions:
 

articles/lab-services/how-to-configure-canvas-for-lab-plans.md

@@ -22,7 +22,7 @@ If you've already configured your course to use Azure Lab Services, learn how yo
 
 ## Prerequisites
 
-- An Azure Lab Services lab plan. Follow these steps to [Create a lab plan in the Azure portal](./quick-create-resources.md), if you don't have one yet.
+[!INCLUDE [Existing lab plan](./includes/lab-services-prerequisite-lab-plan.md)]
 
 - Your Canvas account needs [Admin permissions](https://community.canvaslms.com/t5/Canvas-Basics-Guide/What-is-the-Admin-role/ta-p/78) to add the Azure Lab Services app to Canvas.
 

articles/lab-services/how-to-configure-student-usage.md

@@ -29,10 +29,9 @@ Azure Lab Services supports up to 400 users per lab.
 
 ## Prerequisites
 
-- To manage users for the lab, your Azure account needs one of the following permissions:
-
-    - [Lab Creator](/azure/role-based-access-control/built-in-roles#lab-creator), [Lab Contributor](/azure/role-based-access-control/built-in-roles#lab-contributor), or [Lab Operator](/azure/role-based-access-control/built-in-roles#lab-operator) role at the lab plan or resource group level. Learn more about the [Azure Lab Services built-in roles](./administrator-guide.md#rbac-roles).
-    - [Owner](/azure/role-based-access-control/built-in-roles#owner) or [Contributor](/azure/role-based-access-control/built-in-roles#contributor) at the lab plan or resource group level.
+[!INCLUDE [Azure subscription](./includes/lab-services-prerequisite-subscription.md)]
+[!INCLUDE [Create and manage labs](./includes/lab-services-prerequisite-create-lab.md)]
+[!INCLUDE [Existing lab plan](./includes/lab-services-prerequisite-lab-plan.md)]
 
 ## Add users to a lab from an Azure AD group
 

articles/lab-services/how-to-configure-teams-for-lab-plans.md

@@ -18,10 +18,11 @@ For information about creating and managing labs in Microsoft Teams, see [Create
 
 ## Prerequisites
 
-- An existing Azure Lab Services lab plan. If you don't have a lab plan yet, see [Set up a lab plan with Azure Lab Services](quick-create-resources.md).
+[!INCLUDE [Existing lab plan](./includes/lab-services-prerequisite-lab-plan.md)]
+
 - The lab plan is created in the same tenant as Microsoft Teams.
 - To add the Azure Lab Services Teams app to a channel, your account needs to be an owner of the team in Microsoft Teams.
-- To add a lab plan to Teams, your account should have the Owner, Lab Creator, or Contributor role on the lab plan.
+- To add a lab plan to Teams, your account should have the [Owner](./concept-lab-services-role-based-access-control.md#owner-role), [Lab Creator](./concept-lab-services-role-based-access-control.md#lab-creator-role), or [Contributor](./concept-lab-services-role-based-access-control.md#contributor-role) role on the lab plan. Learn more about [Azure Lab Services built-in roles](./concept-lab-services-role-based-access-control.md).
 
 ## User workflow 
 

articles/lab-services/how-to-create-lab-bicep.md

@@ -15,7 +15,9 @@ In this article, you learn how to create a lab using a Bicep file.  For a detail
 
 ## Prerequisites
 
-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+[!INCLUDE [Azure subscription](./includes/lab-services-prerequisite-subscription.md)]
+[!INCLUDE [Create and manage labs](./includes/lab-services-prerequisite-create-lab.md)]
+[!INCLUDE [Existing lab plan](./includes/lab-services-prerequisite-lab-plan.md)]
 
 ## Review the Bicep file
 

articles/lab-services/how-to-create-lab-plan-bicep.md

@@ -15,7 +15,8 @@ In this article, you learn how to create a lab plan using a Bicep file.  For a d
 
 ## Prerequisites
 
-If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
+[!INCLUDE [Azure subscription](./includes/lab-services-prerequisite-subscription.md)]
+[!INCLUDE [Create and manage labs](./includes/lab-services-prerequisite-create-lab.md)]
 
 ## Review the Bicep file
 

articles/lab-services/how-to-create-lab-plan-powershell.md

@@ -14,7 +14,9 @@ In this article, you learn how to use PowerShell and the Azure module to create
 
 ## Prerequisites
 
-- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free).
+[!INCLUDE [Azure subscription](./includes/lab-services-prerequisite-subscription.md)]
+[!INCLUDE [Create and manage labs](./includes/lab-services-prerequisite-create-lab.md)]
+
 - [Windows PowerShell](/powershell/scripting/windows-powershell/starting-windows-powershell).
 - [Azure Az PowerShell module](/powershell/azure/new-azureps-module-az). Must be version 7.2 or higher.