add changes to rbac

TacoTechSharma · TacoTechSharma · commit cc8c79c4b3b2 · 2024-07-02T17:08:27.000-07:00
diff --git a/articles/trusted-signing/tutorial-assign-roles.md b/articles/trusted-signing/tutorial-assign-roles.md
@@ -32,19 +32,19 @@ The Trusted Signing Identity Verifier role is *required* to manage identity vali
 ## Assign roles
 
 1. In the Azure portal, go to your Trusted Signing account. On the resource menu, select **Access Control (IAM)**.
-1. Select the **Roles** tab and search for **Trusted Signing**. The following figure shows the two custom roles.
+2. Select the **Roles** tab and search for **Trusted Signing**. The following figure shows the two custom roles.
 
    :::image type="content" source="media/trusted-signing-rbac-roles.png" alt-text="Screenshot that shows the Azure portal UI and the Trusted Signing custom RBAC roles.":::
 
-1. To assign these roles, select **Add**, and then select **Add role assignment**. Follow the guidance in [Assign roles in Azure](../role-based-access-control/role-assignments-portal.yml) to assign the relevant roles to your identities.
+3. To assign these roles, select **Add**, and then select **Add role assignment**. Follow the guidance in [Assign roles in Azure](../role-based-access-control/role-assignments-portal.yml) to assign the relevant roles to your identities.
 
    To create a Trusted Signing account and certificate profile, you must be assigned at least the *Contributor* role.
-1. For more granular access control on the certificate profile level, you can use the Azure CLI to assign roles. You can use the following commands to assign the Trusted Signing Certificate Profile Signer role to users and service principals to sign files:
+4. For more granular access control on the certificate profile level, you can use the Azure CLI to assign roles. You can use the following commands to assign the Trusted Signing Certificate Profile Signer role to users and service principals to sign files:
 
    ```azurecli
-   az role assignment create --assignee <objectId of user/service principle> 
-   --role "Trusted Signing Certificate Profile Signer" 
-   --scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/trustedSigningAccounts/<trustedsigning-account-name>/certificateProfiles/<profileName>" 
+  az role assignment create --assignee <objectId of user/service principle>
+--role "Trusted Signing Certificate Profile Signer"
+--scope "/subscriptions/<subscriptionId>/resourceGroups/<resource-group-name>/providers/Microsoft.CodeSigning/codeSigningAccounts/<trustedsigning-account-name>/certificateProfiles/<profileName>"
    ```
 
 ## Related content
