diff --git a/Playbooks/Watchlist-CloseIncidentKnownIPs/readme.md b/Playbooks/Watchlist-CloseIncidentKnownIPs/readme.md
index 783c627f7f..e4de6427c4 100644
--- a/Playbooks/Watchlist-CloseIncidentKnownIPs/readme.md
+++ b/Playbooks/Watchlist-CloseIncidentKnownIPs/readme.md
@@ -13,6 +13,8 @@ For each Ip address included in the alert (entities of type IP):
 
 ## Configurations
 * Configure the step "Run query and list results" with the identifiers of the Sentinel workspace where the watchlist is stored.
+* Configure the identity used in the "Run query and list results" step with the Log Analytics Reader RBAC role on the Azure Sentinel resource group.
+* Configure the Managed Idenitty of the Logic App with the Azure Sentinel Responder RBAC role on the Azure Sentinel resource group.
 * The watchlist used in this example has at list one column named **ipaddress** which stores the safe address. See the csv file attached in this folder as an example.
 <br><br>
 
@@ -24,4 +26,4 @@ For each Ip address included in the alert (entities of type IP):
 
 
 [![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FWatchlist-CloseIncidentKnownIPs%2Fazuredeploy.json)
-[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FWatchlist-CloseIncidentKnownIPs%2Fazuredeploy.json)
\ No newline at end of file
+[![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Fmaster%2FPlaybooks%2FWatchlist-CloseIncidentKnownIPs%2Fazuredeploy.json)