You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-vmware/concepts-identity.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,7 +26,7 @@ You can view the privileges granted to the Azure VMware Solution CloudAdmin role
26
26
1. Under **Access Control**, select **Roles**.
27
27
1. From the list of roles, select **CloudAdmin** and then select **Privileges**.
28
28
29
-
:::image type="content" source="media/concepts/role-based-access-control-cloudadmin-privileges.png" alt-text="Image shows the roles and privileges for CloudAdmin in the vSphere Client.":::
29
+
:::image type="content" source="media/concepts/role-based-access-control-cloudadmin-privileges.png" alt-text="Screenshot shows the roles and privileges for CloudAdmin in the vSphere Client.":::
30
30
31
31
The CloudAdmin role in Azure VMware Solution has the following privileges on vCenter Server. For more information, see the [VMware product documentation](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html).
32
32
@@ -140,16 +140,16 @@ You can view the permissions granted to the Azure VMware Solution cloudadmin rol
140
140
> [!NOTE]
141
141
> **Private clouds created before June 2022** will switch from **admin** role to **cloudadmin** role. You'll receive a notification through Azure Service Health that includes the timeline of this change so you can change the NSX-T credentials you've used for other integration.
142
142
143
-
## NSX-T LDAP Integration for Role Based Access Control (RBAC)
143
+
## NSX-T LDAP integration for role based access control (RBAC)
144
144
145
-
In an Azure VMware Solution deployment, the NSX-T can be integrated with external LDAP directory service to add remote directory users or group, and assign them an NSX-T RBAC role, like on-prem deployment. For more information on how to enable NSX-T LDAP integration, see the [VMware product documentation](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-DB5A44F1-6E1D-4E5C-8B50-D6161FFA5BD2.html).
145
+
In an Azure VMware Solution deployment, the NSX-T can be integrated with external LDAP directory service to add remote directory users or group, and assign them an NSX-T RBAC role, like on-premises deployment. For more information on how to enable NSX-T LDAP integration, see the [VMware product documentation](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-DB5A44F1-6E1D-4E5C-8B50-D6161FFA5BD2.html).
146
146
147
-
Unlike on-prem deployment, not all pre-defined NSX-T RBAC roles are supported with Azure VMware solution to keep Azure VMware Solution IaaS control plane config management separate from tenant network and security configuration. Please see the next section, Supported NSX-T RBAC roles, for more details.
147
+
Unlike on-premises deployment, not all pre-defined NSX-T RBAC roles are supported with Azure VMware solution to keep Azure VMware Solution IaaS control plane config management separate from tenant network and security configuration. Please see the next section, Supported NSX-T RBAC roles, for more details.
148
148
149
149
> [!NOTE]
150
150
> NSX-T LDAP Integration supported only with SDDC’s with NSX-T “cloudadmin” user.
151
151
152
-
### Supported and Unsupported NSX-T RBAC roles
152
+
### Supported and unsupported NSX-T RBAC roles
153
153
154
154
In an Azure VMware Solution deployment, the following NSX-T predefined RBAC roles are supported with LDAP integration:
155
155
@@ -158,7 +158,7 @@ Unlike on-prem deployment, not all pre-defined NSX-T RBAC roles are supported wi
158
158
- LB Admin
159
159
- LB Operator
160
160
- VPN Admin
161
-
- Network Operator
161
+
- Network Operator
162
162
163
163
In an Azure VMware Solution deployment, the following NSX-T predefined RBAC roles are not supported with LDAP integration:
164
164
@@ -167,12 +167,12 @@ Unlike on-prem deployment, not all pre-defined NSX-T RBAC roles are supported wi
167
167
- Netx Partner Admin
168
168
- GI Partner Admin
169
169
170
-
You can create custom roles in NSX-T with permissions lesser than or equal to Cloudadmin role created by Microsoft. Following are examples on how to create a supported "Network Admin" and "Security Admin" role.
170
+
You can create custom roles in NSX-T with permissions lesser than or equal to Cloudadmin role created by Microsoft. Following are examples on how to create a supported "Network Admin" and "Security Admin" role.
171
171
172
172
> [!NOTE]
173
173
> Custom role creation will fail if you assign a permission not allowed by Cloudadmin role.
174
174
175
-
#### Create “AVS Network Admin” role
175
+
#### Create “AVS network admin” role
176
176
177
177
Use the following steps to create this custom role.
178
178
@@ -188,7 +188,7 @@ You can create custom roles in NSX-T with permissions lesser than or equal to Cl
188
188
189
189
1.**Apply** the changes and **Save** the Role.
190
190
191
-
#### Create “AVS Security Admin” role
191
+
#### Create “AVS security admin” role
192
192
193
193
Use the following steps to create this custom role.
0 commit comments