From 233e245b6c91a11b462cd6097ab2783cfb375fa0 Mon Sep 17 00:00:00 2001
From: xenolinux <sdudhgao@redhat.com>
Date: Wed, 11 Oct 2023 14:07:42 +0530
Subject: [PATCH] OCPBUGS#11410: Add required Azure AD permission

---
 modules/installation-azure-permissions.adoc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/installation-azure-permissions.adoc b/modules/installation-azure-permissions.adoc
index ebafb24e6a54..5973a9afd3df 100644
--- a/modules/installation-azure-permissions.adoc
+++ b/modules/installation-azure-permissions.adoc
@@ -7,9 +7,15 @@
 [id="installation-azure-permissions_{context}"]
 = Required Azure roles
 
-{product-title} needs a service principal so it can manage Microsoft Azure resources. Before you can create a service principal, your Azure account subscription must have the following roles:
+{product-title} needs a service principal so it can manage Microsoft Azure resources. Before you can create a service principal, review the following information:
+
+Your Azure account subscription must have the following roles:
 
 * `User Access Administrator`
 * `Contributor`
 
+Your Azure Active Directory (AD) must have the following permission:
+
+* `"microsoft.directory/servicePrincipals/createAsOwner"`
+
 To set roles on the Azure portal, see the link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[Manage access to Azure resources using RBAC and the Azure portal] in the Azure documentation.