Update shared-image-galleries.md

sandeepraichura · web-flow · commit ff62da44692d · 2024-03-21T15:04:56.000-07:00
Added Required RBAC Permissions section.
diff --git a/articles/virtual-machines/shared-image-galleries.md b/articles/virtual-machines/shared-image-galleries.md
@@ -139,6 +139,31 @@ There are three main ways to share images an Azure Compute Gallery, depending on
 | RBAC + [Direct shared gallery](./share-gallery-direct.md)  | Yes | Yes | Yes | Yes | No |
 | RBAC + [Community gallery](./share-gallery-community.md) | Yes | Yes | Yes | No | Yes |
 
+## What RBAC Permissions are required to create an ACG Image:
+ACG images can be created by users from various sources, including virtual machines, disks/snapshots, and VHDs. The section outlines the various user permissions necessary for creating an Azure Compute Gallery image. Identifies without the necessary permissions will not be able to create ACG images.
+
+### [VM as source](#tab/vmsource)
+- Users will require write permission on the Virtual Machine to create an ACG Image version.
+- For Azure SDK, use the property “properties.storageProfile.source.virtualMachineId”, This property requires API version 2023-07-03 or Version 1.4.0 (or higher) of .NET SDK
+### [Disk/Snapshot as Source](#tab/disksnapsource)
+- Users will require write permission (contributor) on the source disk/snapshot to create an ACG Image version.
+### [VHD as Source](#tab/vhdsource)
+- Users will require Microsoft.Storage/storageAccounts/listKeys/action, Microsoft.Storage/storageAccounts/write permission (contributor role) on the storage account.
+- For SDK, use the property “properties.storageProfile.osDiskImage.source.storageAccountId”, This property requires minimum api-version 2022-03-03.
+### [Managed Image and Gallery Image Version as Source](#tab/managedgallerysource)
+- Users will require read permission on the Managed Image/Gallery Image.
+
+|Source type |Permissions Required | 
+|---|---|
+| Virtual machine | Write |
+| Disk/snapshot |	Write |
+| VHD	| Write (listKeys) |
+|Managed Image	|Read|
+|Gallery Image	|Read|
+
+Refer to our documentation for additional information regarding [Azure built-in roles](https://learn.microsoft.com/azure/role-based-access-control/built-in-roles), for [granting RBAC permissions](https://learn.microsoft.com/azure/role-based-access-control/quickstart-assign-role-user-portal)
+
+
 ## Shallow replication 
 
 When you create an image version, you can set the replication mode to shallow for development and test. Shallow replication skips copying the image, so the image version is ready faster. But, it also means you can't deploy a large number of VMs from that image version. This is similar to the way that the older managed images worked.
