Update automation-role-based-access-control.md

v-regandowner · web-flow · commit d75e475e4b49 · 2025-06-12T12:09:07.000-04:00
diff --git a/articles/automation/automation-role-based-access-control.md b/articles/automation/automation-role-based-access-control.md
@@ -88,7 +88,7 @@ An Automation Contributor can manage all resources in the Automation account exc
 |Microsoft.OperationalInsights/workspaces/sharedKeys/action|List keys for a Log Analytics workspace|
 
 > [!NOTE]
-> The Automation Contributor role can be used to access any resource using the managed identity, if appropriate permissions are set on the target resource, or using a Run As account. An Automation Run As account are by default, configured with Contributor rights on the subscription. Follow the principal of least privilege and carefully assign permissions only required to execute your runbook. For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account or managed identity needs to be only for starting or stopping the VM. Similarly, if a runbook is reading from blob storage, then assign read only permissions.
+> The Automation Contributor role can be used to access any resource using the managed identity, if appropriate permissions are set on the target resource, or using a Run As account. Automation Run As accounts are by default, configured with Contributor rights on the subscription. Follow the principal of least privilege and carefully assign permissions only required to execute your runbook. For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account or managed identity needs to be only for starting or stopping the VM. Similarly, if a runbook is reading from blob storage, then assign read only permissions.
 > 
 > When assigning permissions, it is recommended to use Azure role based access control (RBAC) assigned to a managed identity. Review our [best approach](../active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations.md) recommendations for using a system or user-assigned managed identity, including management and governance during its lifetime.
 

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ An Automation Contributor can manage all resources in the Automation account exc`
`88`	`88`	`\|Microsoft.OperationalInsights/workspaces/sharedKeys/action\|List keys for a Log Analytics workspace\|`
`89`	`89`
`90`	`90`	`> [!NOTE]`
`91`		-> The Automation Contributor role can be used to access any resource using the managed identity, if appropriate permissions are set on the target resource, or using a Run As account. An Automation Run As account are by default, configured with Contributor rights on the subscription. Follow the principal of least privilege and carefully assign permissions only required to execute your runbook. For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account or managed identity needs to be only for starting or stopping the VM. Similarly, if a runbook is reading from blob storage, then assign read only permissions.
	`91`	+> The Automation Contributor role can be used to access any resource using the managed identity, if appropriate permissions are set on the target resource, or using a Run As account. Automation Run As accounts are by default, configured with Contributor rights on the subscription. Follow the principal of least privilege and carefully assign permissions only required to execute your runbook. For example, if the Automation account is only required to start or stop an Azure VM, then the permissions assigned to the Run As account or managed identity needs to be only for starting or stopping the VM. Similarly, if a runbook is reading from blob storage, then assign read only permissions.
`92`	`92`	`>`
`93`	`93`	`> When assigning permissions, it is recommended to use Azure role based access control (RBAC) assigned to a managed identity. Review our [best approach](../active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations.md) recommendations for using a system or user-assigned managed identity, including management and governance during its lifetime.`
`94`	`94`