diff --git a/deploy/example/cloning/README.md b/deploy/example/cloning/README.md
index 40b8fa1c9..8409a096f 100644
--- a/deploy/example/cloning/README.md
+++ b/deploy/example/cloning/README.md
@@ -7,6 +7,7 @@
 ## Prerequisites
 - Make sure that the virtual network, where the driver controller pod is deployed, is added to the allowed list of the storage account's VNet setting.
 - Before proceeding, ensure that the application is not writing data to the source volume.
+- In order to allow the use of a managed identity, the source storage account requires the `Storage Blob Data Reader` role, while the destination storage account requires the `Storage Blob Data Contributor` role. If the Storage Blob Data role is not granted, the CSI driver will use a SAS token as a fallback.
 
 ## Create a Source PVC