From 5e65a6a76d7ffdfa60de9178bdebe6c7d51d6f4d Mon Sep 17 00:00:00 2001
From: Hodayah Zargari <v-hzargari@microsoft.com>
Date: Sun, 22 Feb 2026 14:58:14 +0200
Subject: [PATCH] DB Security Roles - UUF implemented

---
 .../kusto/management/manage-database-security-roles.md      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data-explorer/kusto/management/manage-database-security-roles.md b/data-explorer/kusto/management/manage-database-security-roles.md
index 35673cc53c..8a0b73431e 100644
--- a/data-explorer/kusto/management/manage-database-security-roles.md
+++ b/data-explorer/kusto/management/manage-database-security-roles.md
@@ -2,7 +2,7 @@
 title: Manage database security roles
 description: Learn how to use management commands to view, add, and remove security roles on a database level.
 ms.topic: reference
-ms.date: 07/07/2025
+ms.date: 02/22/2026
 ---
 
 # Manage database security roles
@@ -26,8 +26,8 @@ The following table shows the possible security roles on the database level and
 
 |Role|Permissions|
 |--|--|
-|`admins` | View and modify the database and database entities.|
-|`users` | View the database and create new database entities.|
+|`admins` | View and modify the database and all its entities. Admins can create, modify, and drop any database entity. They have full database permissions except for `unrestrictedviewers` access (which they can grant themselves). Admins are automatically admins on all database entities.|
+|`users` | View and create database entities. Users can query all data except tables with [RestrictedViewAccess](restricted-view-access-policy.md) enabled. Automatically become admins of entities they create, but cannot modify other entities.|
 |`viewers` | View tables in the database where [RestrictedViewAccess](restricted-view-access-policy.md) isn't turned on.|
 |`unrestrictedviewers`| View the tables in the database even where [RestrictedViewAccess](restricted-view-access-policy.md) is turned on. The principal must also have `admins`, `viewers`, or `users` permissions. |
 |`ingestors` | Ingest data to the database without access to query. |