MicrosoftDocs
diff --git a/‎articles/role-based-access-control/built-in-roles.md
Lines changed: 3 additions & 3 deletions b/‎articles/role-based-access-control/built-in-roles.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/role-based-access-control/built-in-roles/ai-machine-learning.md
Lines changed: 133 additions & 2 deletions b/‎articles/role-based-access-control/built-in-roles/ai-machine-learning.md
Lines changed: 133 additions & 2 deletions
diff --git a/‎articles/role-based-access-control/built-in-roles/analytics.md
Lines changed: 17 additions & 17 deletions b/‎articles/role-based-access-control/built-in-roles/analytics.md
Lines changed: 17 additions & 17 deletions
@@ -136,9 +136,6 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='media-services-media-operator'></a>[Media Services Media Operator](./built-in-roles/web-and-mobile.md#media-services-media-operator) | Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources. | e4395492-1534-4db2-bedf-88c14621589c |
 > | <a name='media-services-policy-administrator'></a>[Media Services Policy Administrator](./built-in-roles/web-and-mobile.md#media-services-policy-administrator) | Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources. | c4bba371-dacd-4a26-b320-7250bca963ae |
 > | <a name='media-services-streaming-endpoints-administrator'></a>[Media Services Streaming Endpoints Administrator](./built-in-roles/web-and-mobile.md#media-services-streaming-endpoints-administrator) | Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources. | 99dba123-b5fe-44d5-874c-ced7199a5804 |
-> | <a name='search-index-data-contributor'></a>[Search Index Data Contributor](./built-in-roles/web-and-mobile.md#search-index-data-contributor) | Grants full access to Azure Cognitive Search index data. | 8ebe5a00-799e-43f5-93ac-243d3dce84a7 |
-> | <a name='search-index-data-reader'></a>[Search Index Data Reader](./built-in-roles/web-and-mobile.md#search-index-data-reader) | Grants read access to Azure Cognitive Search index data. | 1407120a-92aa-4202-b7e9-c0e197c71c8f |
-> | <a name='search-service-contributor'></a>[Search Service Contributor](./built-in-roles/web-and-mobile.md#search-service-contributor) | Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba0 |
 > | <a name='signalr-accesskey-reader'></a>[SignalR AccessKey Reader](./built-in-roles/web-and-mobile.md#signalr-accesskey-reader) | Read SignalR Service Access Keys | 04165923-9d83-45d5-8227-78b77b0a687e |
 > | <a name='signalr-app-server'></a>[SignalR App Server](./built-in-roles/web-and-mobile.md#signalr-app-server) | Lets your app server access SignalR Service with AAD auth options. | 420fcaa2-552c-430f-98ca-3264be4806c7 |
 > | <a name='signalr-rest-api-owner'></a>[SignalR REST API Owner](./built-in-roles/web-and-mobile.md#signalr-rest-api-owner) | Full access to Azure SignalR Service REST APIs | fd53cd77-2268-407a-8f46-7e7863d0f521 |
@@ -237,6 +234,9 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='cognitive-services-qna-maker-reader'></a>[Cognitive Services QnA Maker Reader](./built-in-roles/ai-machine-learning.md#cognitive-services-qna-maker-reader) | Let's you read and test a KB only. | 466ccd10-b268-4a11-b098-b4849f024126 |
 > | <a name='cognitive-services-usages-reader'></a>[Cognitive Services Usages Reader](./built-in-roles/ai-machine-learning.md#cognitive-services-usages-reader) | Minimal permission to view Cognitive Services usages. | bba48692-92b0-4667-a9ad-c31c7b334ac2 |
 > | <a name='cognitive-services-user'></a>[Cognitive Services User](./built-in-roles/ai-machine-learning.md#cognitive-services-user) | Lets you read and list keys of Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908 |
+> | <a name='search-index-data-contributor'></a>[Search Index Data Contributor](./built-in-roles/ai-machine-learning.md#search-index-data-contributor) | Grants full access to Azure Cognitive Search index data. | 8ebe5a00-799e-43f5-93ac-243d3dce84a7 |
+> | <a name='search-index-data-reader'></a>[Search Index Data Reader](./built-in-roles/ai-machine-learning.md#search-index-data-reader) | Grants read access to Azure Cognitive Search index data. | 1407120a-92aa-4202-b7e9-c0e197c71c8f |
+> | <a name='search-service-contributor'></a>[Search Service Contributor](./built-in-roles/ai-machine-learning.md#search-service-contributor) | Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba0 |
 
 ## Internet of Things
 
 
@@ -145,7 +145,7 @@ Lets you create, read, update, delete and manage keys of Cognitive Services.
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/logDefinitions/read | Read log definitions |
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricdefinitions/read | Read metric definitions |
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metrics/read | Read metrics |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/operations/read | Gets or lists deployment operations. |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. |
@@ -986,7 +986,7 @@ Lets you read and list keys of Cognitive Services.
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/logDefinitions/read | Read log definitions |
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metricdefinitions/read | Read metric definitions |
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/metrics/read | Read metrics |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/operations/read | Gets or lists deployment operations. |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/operationresults/read | Get the subscription operation results. |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/read | Gets the list of subscriptions. |
@@ -1037,6 +1037,137 @@ Lets you read and list keys of Cognitive Services.
 }
 ```
 
+## Search Index Data Contributor
+
+Grants full access to Azure Cognitive Search index data.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | *none* |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | [Microsoft.Search](../permissions/ai-machine-learning.md#microsoftsearch)/searchServices/indexes/documents/* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Grants full access to Azure Cognitive Search index data.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
+  "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
+  "permissions": [
+    {
+      "actions": [],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.Search/searchServices/indexes/documents/*"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Search Index Data Contributor",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Search Index Data Reader
+
+Grants read access to Azure Cognitive Search index data.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | *none* |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | [Microsoft.Search](../permissions/ai-machine-learning.md#microsoftsearch)/searchServices/indexes/documents/read | Read documents or suggested query terms from an index. |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Grants read access to Azure Cognitive Search index data.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
+  "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
+  "permissions": [
+    {
+      "actions": [],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.Search/searchServices/indexes/documents/read"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Search Index Data Reader",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
+## Search Service Contributor
+
+Lets you manage Search services, but not access to them.
+
+[Learn more](/azure/search/search-security-rbac)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
+> | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
+> | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
+> | [Microsoft.Search](../permissions/ai-machine-learning.md#microsoftsearch)/searchServices/* | Create and manage search services |
+> | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | *none* |  |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Lets you manage Search services, but not access to them.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
+  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.Authorization/*/read",
+        "Microsoft.Insights/alertRules/*",
+        "Microsoft.ResourceHealth/availabilityStatuses/read",
+        "Microsoft.Resources/deployments/*",
+        "Microsoft.Resources/subscriptions/resourceGroups/read",
+        "Microsoft.Search/searchServices/*",
+        "Microsoft.Support/*"
+      ],
+      "notActions": [],
+      "dataActions": [],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Search Service Contributor",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+```
+
 ## Next steps
 
 - [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal)
@@ -25,11 +25,11 @@ Allows for full access to Azure Event Hubs resources.
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/* |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/* |  |
 > | **NotActions** |  |
 > | *none* |  |
 > | **DataActions** |  |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/* |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/* |  |
 > | **NotDataActions** |  |
 > | *none* |  |
 
@@ -68,11 +68,11 @@ Allows receive access to Azure Event Hubs resources.
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/eventhubs/consumergroups/read |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/eventhubs/consumergroups/read |  |
 > | **NotActions** |  |
 > | *none* |  |
 > | **DataActions** |  |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/receive/action |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/receive/action |  |
 > | **NotDataActions** |  |
 > | *none* |  |
 
@@ -111,11 +111,11 @@ Allows send access to Azure Event Hubs resources.
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/eventhubs/read |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/eventhubs/read |  |
 > | **NotActions** |  |
 > | *none* |  |
 > | **DataActions** |  |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/*/send/action |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/*/send/action |  |
 > | **NotDataActions** |  |
 > | *none* |  |
 
@@ -155,10 +155,10 @@ Create and manage data factories, as well as child resources within them.
 > | Actions | Description |
 > | --- | --- |
 > | [Microsoft.Authorization](../permissions/management-and-governance.md#microsoftauthorization)/*/read | Read roles and role assignments |
-> | [Microsoft.DataFactory](../permissions/databases.md#microsoftdatafactory)/dataFactories/* | Create and manage data factories, and child resources within them. |
-> | [Microsoft.DataFactory](../permissions/databases.md#microsoftdatafactory)/factories/* | Create and manage data factories, and child resources within them. |
+> | [Microsoft.DataFactory](../permissions/analytics.md#microsoftdatafactory)/dataFactories/* | Create and manage data factories, and child resources within them. |
+> | [Microsoft.DataFactory](../permissions/analytics.md#microsoftdatafactory)/factories/* | Create and manage data factories, and child resources within them. |
 > | [Microsoft.Insights](../permissions/monitor.md#microsoftinsights)/alertRules/* | Create and manage a classic metric alert |
-> | [Microsoft.ResourceHealth](../permissions/general.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
+> | [Microsoft.ResourceHealth](../permissions/management-and-governance.md#microsoftresourcehealth)/availabilityStatuses/read | Gets the availability statuses for all resources in the specified scope |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/deployments/* | Create and manage a deployment |
 > | [Microsoft.Resources](../permissions/management-and-governance.md#microsoftresources)/subscriptions/resourceGroups/read | Gets or lists resource groups. |
 > | [Microsoft.Support](../permissions/general.md#microsoftsupport)/* | Create and update a support ticket |
@@ -472,11 +472,11 @@ Read, write, and delete Schema Registry groups and schemas.
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemagroups/* |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemagroups/* |  |
 > | **NotActions** |  |
 > | *none* |  |
 > | **DataActions** |  |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemas/* |  |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemas/* |  |
 > | **NotDataActions** |  |
 > | *none* |  |
 
@@ -513,11 +513,11 @@ Read and list Schema Registry groups and schemas.
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemagroups/read | Get list of SchemaGroup Resource Descriptions |
 > | **NotActions** |  |
 > | *none* |  |
 > | **DataActions** |  |
-> | [Microsoft.EventHub](../permissions/analytics.md#microsofteventhub)/namespaces/schemas/read | Retrieve schemas |
+> | [Microsoft.EventHub](../permissions/integration.md#microsofteventhub)/namespaces/schemas/read | Retrieve schemas |
 > | **NotDataActions** |  |
 > | *none* |  |
 
@@ -554,10 +554,10 @@ Lets you perform query testing without creating a stream analytics job first
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
 > | --- | --- |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/OperationResults/read | Read Stream Analytics Operation Result |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
-> | [Microsoft.StreamAnalytics](../permissions/analytics.md#microsoftstreamanalytics)/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/TestQuery/action | Test Query for Stream Analytics Resource Provider |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/OperationResults/read | Read Stream Analytics Operation Result |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/SampleInput/action | Sample Input for Stream Analytics Resource Provider |
+> | [Microsoft.StreamAnalytics](../permissions/internet-of-things.md#microsoftstreamanalytics)/locations/CompileQuery/action | Compile Query for Stream Analytics Resource Provider |
 > | **NotActions** |  |
 > | *none* |  |
 > | **DataActions** |  |