From 15ca5811403b5273ad3a94e4bf844bf28a575d2b Mon Sep 17 00:00:00 2001
From: code-monkeh <137078065+code-monkeh@users.noreply.github.com>
Date: Fri, 27 Dec 2024 20:36:53 +0100
Subject: [PATCH] Update rbac-guide.md

fix Key Vault Certificates Officer description, new permissions
---
 articles/key-vault/general/rbac-guide.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/key-vault/general/rbac-guide.md b/articles/key-vault/general/rbac-guide.md
index 850e1dcd2..93340fe7c 100644
--- a/articles/key-vault/general/rbac-guide.md
+++ b/articles/key-vault/general/rbac-guide.md
@@ -48,7 +48,7 @@ More about Azure Key Vault management guidelines, see:
 | Key Vault Administrator| Perform all data plane operations on a key vault and  all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model. | 00482a5a-887f-4fb3-b363-3b7fe8e74483 |
 | Key Vault Reader | Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model. | 21090545-7ca7-4776-b22c-e363652d74d2 |
 | Key Vault Purge Operator | Allows permanent deletion of soft-deleted vaults. | a68e7c17-0ab2-4c09-9a58-125dae29748c |
-| Key Vault Certificates Officer | Perform any action on the certificates of a key vault, excluding reading the secret and key portions, and managing permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. | a4417e6f-fecd-4de8-b567-7b0420556985 |
+| Key Vault Certificates Officer | Perform any action on the certificates of a key vault, except managing permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. | a4417e6f-fecd-4de8-b567-7b0420556985 |
 | Key Vault Certificate User | Read entire certificate contents including secret and key portion. Only works for key vaults that use the 'Azure role-based access control' permission model. | db79e9a7-68ee-4b58-9aeb-b90e7c24fcba |
 | Key Vault Crypto Officer | Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. | 14b46e9e-c2b7-41b4-b07b-48a6ebf60603 |
 | Key Vault Crypto Service Encryption User | Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model. | e147488a-f6f5-4113-8e2d-b22465e65bf6 |