Merge pull request #108355 from rolyon/rolyon-rbac-description-fix

PRMerger18 · web-flow · commit f319d95c405e · 2020-03-19T11:48:05.000-07:00
[Azure RBAC] Description update
diff --git a/articles/role-based-access-control/overview.md b/articles/role-based-access-control/overview.md
@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: overview
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 09/11/2019
+ms.date: 03/19/2020
 ms.author: rolyon
 ms.reviewer: bagovind
 
@@ -44,7 +44,7 @@ When planning your access control strategy, it's a best practice to grant users
 
 ## How RBAC works
 
-The way you control access to resources using RBAC is to create role assignments. This is a key concept to understand – it’s how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
+The way you control access to resources using RBAC is to create role assignments. This is a key concept to understand – it's how permissions are enforced. A role assignment consists of three elements: security principal, role definition, and scope.
 
 ### Security principal
 
@@ -66,7 +66,7 @@ A *role definition* is a collection of permissions. It's typically just called a
 Azure includes several [built-in roles](built-in-roles.md) that you can use. The following lists four fundamental built-in roles. The first three apply to all resource types.
 
 - [Owner](built-in-roles.md#owner) - Has full access to all resources including the right to delegate access to others.
-- [Contributor](built-in-roles.md#contributor) - Can create and manage all types of Azure resources but can’t grant access to others.
+- [Contributor](built-in-roles.md#contributor) - Can create and manage all types of Azure resources but can't grant access to others.
 - [Reader](built-in-roles.md#reader) - Can view existing Azure resources.
 - [User Access Administrator](built-in-roles.md#user-access-administrator) - Lets you manage user access to Azure resources.
 
@@ -100,7 +100,7 @@ You can create role assignments using the Azure portal, Azure CLI, Azure PowerSh
 
 ## Multiple role assignments
 
-So what happens if you have multiple overlapping role assignments? RBAC is an additive model, so your effective permissions are the addition of your role assignments. Consider the following example where a user is granted the Contributor role at the subscription scope and the Reader role on a resource group. The addition of the Contributor permissions and the Reader permissions is effectively the Contributor role for the resource group. Therefore, in this case, the Reader role assignment has no impact.
+So what happens if you have multiple overlapping role assignments? RBAC is an additive model, so your effective permissions are the sum of your role assignments. Consider the following example where a user is granted the Contributor role at the subscription scope and the Reader role on a resource group. The sum of the Contributor permissions and the Reader permissions is effectively the Contributor role for the resource group. Therefore, in this case, the Reader role assignment has no impact.
 
 ![Multiple role assignments](./media/overview/rbac-multiple-roles.png)
 
@@ -124,7 +124,7 @@ The following are the high-level steps that RBAC uses to determine if you have a
 
 1. Azure Resource Manager determines if the action in the API call is included in the roles the user has for this resource.
 
-1. If the user doesn’t have a role with the action at the requested scope, access is not granted. Otherwise, Azure Resource Manager checks if a deny assignment applies.
+1. If the user doesn't have a role with the action at the requested scope, access is not granted. Otherwise, Azure Resource Manager checks if a deny assignment applies.
 
 1. If a deny assignment applies, access is blocked. Otherwise access is granted.
 
