Update role-based-access-control.md

markjbrown · web-flow · commit f08368a16c39 · 2023-03-13T10:07:39.000-07:00
Fixing the section title in this article.
diff --git a/articles/cosmos-db/role-based-access-control.md b/articles/cosmos-db/role-based-access-control.md
@@ -48,6 +48,8 @@ In addition to the built-in roles, users may also create [custom roles](../role-
 > [!NOTE]
 > Custom role assignments may not always be visible in the Azure portal.
 
+## <a id="prevent-sdk-changes"></a>Preventing changes from the Azure Cosmos DB SDKs
+
 The Azure Cosmos DB resource provider can be locked down to prevent any changes to resources from a client connecting using the account keys (that is applications connecting via the Azure Cosmos DB SDK). This feature may be desirable for users who want higher degrees of control and governance for production environments. Preventing changes from the SDK also enables features such as resource locks and diagnostic logs for control plane operations. The clients connecting from Azure Cosmos DB SDK will be prevented from changing any property for the Azure Cosmos DB accounts, databases, containers, and throughput. The operations involving reading and writing data to Azure Cosmos DB containers themselves are not impacted.
 
 When this feature is enabled, changes to any resource can only be made from a user with the right Azure role and Azure Active Directory credentials including Managed Service Identities.
