Skip to content

Commit 790a1e2

Browse files
JnHsJnHs
committed
wording
1 parent e1004c5 commit 790a1e2

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

articles/lighthouse/how-to/remove-delegation.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,21 @@
11
---
22
title: Remove access to a delegation
33
description: Learn how to remove access to resources that were delegated to a service provider for Azure Lighthouse.
4-
ms.date: 03/02/2023
4+
ms.date: 07/10/2024
55
ms.topic: how-to
66
---
77

88
# Remove access to a delegation
99

10-
After a customer's subscription or resource group has been delegated to a service provider for [Azure Lighthouse](../overview.md), the delegation can be removed if needed. Once a delegation is removed, the [Azure delegated resource management](../concepts/architecture.md) access that was previously granted to users in the service provider tenant will no longer apply.
10+
When a customer's subscription or resource group has been delegated to a service provider for [Azure Lighthouse](../overview.md), that delegation can be removed if needed. Once a delegation is removed, the [Azure delegated resource management](../concepts/architecture.md) access that was previously granted to users in the service provider tenant will no longer apply.
1111

1212
Removing a delegation can be done by a user in either the customer tenant or the service provider tenant, as long as the user has the appropriate permissions.
1313

1414
> [!TIP]
1515
> Though we refer to service providers and customers in this topic, [enterprises managing multiple tenants](../concepts/enterprise.md) can use the same processes.
1616
1717
> [!IMPORTANT]
18-
> When a customer subscription has multiple delegations from the same service provider, removing one delegation could cause users to lose access granted via the other delegations. This only occurs when the same `principalId` and `roleDefinitionId` combination is included in multiple delegations and then one of the delegations is removed. To fix this, repeat the [onboarding process](onboard-customer.md) for the delegations that you aren't removing.
18+
> When a customer subscription has multiple delegations from the same service provider, removing one delegation could cause users to lose access granted via the other delegations. This only occurs when the same `principalId` and `roleDefinitionId` combination is included in multiple delegations and then one of the delegations is removed. If this happens, you can fix the issue by repeating the [onboarding process](onboard-customer.md) for the delegations that you don't want to remove.
1919
2020
## Customers
2121

@@ -25,7 +25,7 @@ After confirming the deletion, no users in the service provider's tenant will be
2525

2626
## Service providers
2727

28-
Users in a managing tenant can remove access to delegated resources if they were granted the [Managed Services Registration Assignment Delete Role](../../role-based-access-control/built-in-roles.md#managed-services-registration-assignment-delete-role) for the customer's resources. If this role isn't assigned to any service provider users, the delegation can only be removed by a user in the customer's tenant.
28+
Users in a managing tenant can remove access to delegated resources if they were granted the [Managed Services Registration Assignment Delete Role](../../role-based-access-control/built-in-roles.md#managed-services-registration-assignment-delete-role) during the onboarding process. If this role isn't assigned to any service provider users, the delegation can only be removed by a user in the customer's tenant.
2929

3030
This example shows an assignment granting the **Managed Services Registration Assignment Delete Role** that can be included in a parameter file during the [onboarding process](onboard-customer.md):
3131

@@ -58,7 +58,7 @@ A user with this permission can remove a delegation in one of the following ways
5858
5959
Login-AzAccount
6060
61-
# Select the subscription that is delegated - or contains the delegated resource group(s)
61+
# Select the subscription that is delegated or that contains the delegated resource group(s)
6262
6363
Select-AzSubscription -SubscriptionName "<subscriptionName>"
6464
@@ -80,7 +80,7 @@ Remove-AzManagedServicesAssignment -Name "<Assignmentname>" -Scope "/subscriptio
8080
8181
az login
8282
83-
# Select the subscription that is delegated – or contains the delegated resource group(s)
83+
# Select the subscription that is delegated or that contains the delegated resource group(s)
8484
8585
az account set -s <subscriptionId/name>
8686

0 commit comments

Comments
 (0)