Permissions for setting a baseline for SQL vulnerability assessment rule

I'm getting a SQL vulnerability error discovered by Microsoft Defender for Cloud. The error points to the following Vulnerability Assessment rule . But when I try to set a baseline (recommended by this rule), I get the following error: >The client 'tom.doe@mydomain.com' with object id 'eXXXXXX-...' does not have authorization to perform action 'Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/rules/baselines/write' over scope '/subscriptions/subscriptionid/resourceGroups/myResourceGroup/providers/Microsoft.Sql/managedInstances/mySQLManagedInstance **Question**: What permissions are required to set the baseline here? | Rule ID | Rule Title | Severity | Rule Description | |---------------------|------------------|------------|--------------------| | VA1281 | All memberships for user-defined roles should be intended| Medium | User-defined roles are security principals defined by the user to group principals to easily manage permissions. Monitoring these roles is important to avoid having excessive permissions. Create a baseline that defines expected membership for each user-defined role. This rule checks whether all memberships for user-defined roles are as defined in the baseline. |