Update dynamic-data-masking.md

It said you could grant granular permissions to users, but it should be either "database principals" or "users or database roles" so that is clear. I wish the term principals had been pushed harder in 2005 and beyond, but users or roles is probably good enough of a clarification in my mind (even though you can also grant to certificates :))

Author: drsqlgithub

docs/relational-databases/security/dynamic-data-masking.md

@@ -118,7 +118,7 @@ It's important to properly manage the permissions on the database, and to always
 
 ## <a id="granular"></a> Granular permissions introduced in SQL Server 2022
 
-Starting with [!INCLUDE [sssql22-md](../../includes/sssql22-md.md)], you can prevent unauthorized access to sensitive data and gain control by masking it to an unauthorized user at different levels of the database. You can grant or revoke **UNMASK** permission at the database-level, schema-level, table-level or at the column-level to a user. This enhancement provides a more granular way to control and limit unauthorized access to data stored in the database and improve data security management.
+Starting with [!INCLUDE [sssql22-md](../../includes/sssql22-md.md)], you can prevent unauthorized access to sensitive data and gain control by masking it to an unauthorized user at different levels of the database. You can grant or revoke **UNMASK** permission at the database-level, schema-level, table-level or at the column-level to a user or database role. This enhancement provides a more granular way to control and limit unauthorized access to data stored in the database and improve data security management.
 
 ## Examples