Updated Note

Author: OWinfreyATL

api-reference/beta/api/entitlementmanagement-post-accesspackageresourcerequests.md

@@ -24,7 +24,26 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "entitlementmanagement_post_accesspackageresourcerequests" } -->
 [!INCLUDE [permissions-table](../includes/permissions/entitlementmanagement-post-accesspackageresourcerequests-permissions.md)]
 
-[!INCLUDE [rbac-entitlement-catalog-owner-write](../includes/rbac-for-apis/rbac-entitlement-management-catalog-owner-apis-write.md)]
+> [!TIP]
+> In delegated scenarios with work or school accounts, the signed-in user must also be assigned an administrator role with supported role permissions through one of the following options:
+> 
+> - A [role in the Entitlement Management system](/entra/id-governance/entitlement-management-delegate) where the least privileged role is *Catalog owner*. **This is the least privileged option**.
+> - More privileged [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) supported for this operation:
+>     - Identity Governance Administrator
+> 
+> In app-only scenarios, the calling app can be assigned one of the preceding supported roles instead of the `EntitlementManagement.ReadWrite.All` application permission. The *Catalog owner* role is less privileged than the `EntitlementManagement.ReadWrite.All` application permission.
+> 
+> Additionally you must also have the following permissions on the resource being added:
+>   - To add a Microsoft Entra group as a resource to a catalog:
+>   - If using delegated permissions, the user requesting to add a group should be an owner of the group or in a directory role that allows them to modify groups.
+>   - If using application permissions, the application requesting to add the group should also be assigned the `Group.ReadWrite.All` permission.
+> - To add a Microsoft Entra application as a resource to a catalog:
+>   - If using delegated permissions, the user requesting to add an application should be an owner of the application or in a directory role that allows them to modify application role assignments.
+>   - If using application permissions, the application requesting to add the [servicePrincipal](../resources/serviceprincipal.md) should also be assigned the *Application.ReadWrite.All* permission.
+> - To add a SharePoint Online site as a resource to a catalog:
+>   - If using delegated permissions, the user who wants to add the site should be in a role that allows them to modify the SharePoint site roles, such as the *SharePoint Administrator* role.
+>   - If using application permissions, the application should also be assigned the `Sites.FullControl.All` permission.
+> For more information, see [Delegation and roles in entitlement management](/entra/id-governance/entitlement-management-delegate) and [how to delegate access governance to access package managers in entitlement management](/entra/id-governance/entitlement-management-delegate-managers).
 
 ## HTTP request