Merge pull request #248116 from guywi-ms/table-level-rbac-updates

prmerger-automator[bot] · web-flow · commit ecf9725df86c · 2023-08-13T13:52:17.000Z
Update manage-access.md
diff --git a/articles/azure-monitor/logs/manage-access.md b/articles/azure-monitor/logs/manage-access.md
@@ -308,7 +308,7 @@ Granting table-level read access involves assigning a user two roles:
 - At the workspace level - a custom role that provides limited permissions to read workspace details and run a query in the workspace, but not to read data from any tables.        
 - At the table level - a **Reader** role, scoped to the specific table. 
 
-To grant a user or group table-level read access to a specific table:
+**To grant a user or group limited permissions to the Log Analytics workspace:**
 
 1. Create a [custom role](../../role-based-access-control/custom-roles.md) at the workspace level to let users read workspace details and run a query in the workspace, without providing read access to data in any tables:
 
@@ -365,21 +365,24 @@ To grant a user or group table-level read access to a specific table:
 
     1. Search for and select a user and click **Select**.
     1. Select **Review and assign**.
-    
-1. Grant the user read access to a specific table:
+ 
+The user can now read workspace details and run a query, but can't read data from any tables. 
 
-    1. From the **Log Analytics workspaces** menu, select **Tables**.  
-    1. Select the ellipsis ( **...** ) to the right of your table and select **Access control (IAM)**.
-        
-       :::image type="content" source="media/manage-access/table-level-access-control.png" alt-text="Screenshot that shows the Log Analytics workspace table management screen with the table-level access control button highlighted." lightbox="media/manage-access/manage-access-create-custom-role-json.png":::      
+**To grant the user read access to a specific table:**
+
+1. From the **Log Analytics workspaces** menu, select **Tables**.  
+1. Select the ellipsis ( **...** ) to the right of your table and select **Access control (IAM)**.
     
-    1. On the **Access control (IAM)** screen, select **Add** > **Add role assignment**. 
-    1. Select the **Reader** role and select **Next**.    
-    1. Click **+ Select members** to open the **Select members** screen.
-    1. Search for and select the user and click **Select**.
-    1. Select **Review and assign**.
+   :::image type="content" source="media/manage-access/table-level-access-control.png" alt-text="Screenshot that shows the Log Analytics workspace table management screen with the table-level access control button highlighted." lightbox="media/manage-access/manage-access-create-custom-role-json.png":::      
+
+1. On the **Access control (IAM)** screen, select **Add** > **Add role assignment**. 
+1. Select the **Reader** role and select **Next**.    
+1. Click **+ Select members** to open the **Select members** screen.
+1. Search for and select the user and click **Select**.
+1. Select **Review and assign**.
 
-    The user can now read data from this specific table.
+The user can now read data from this specific table. Grant the user read access to other tables in the workspace, as needed. 
+    
 ### Legacy method of setting table-level read access
 
 The legacy method of table-level also uses [Azure custom roles](../../role-based-access-control/custom-roles.md) to let you grant specific users or groups access to specific tables in the workspace. Azure custom roles apply to workspaces with either workspace-context or resource-context [access control modes](#access-control-mode) regardless of the user's [access mode](#access-mode).
