You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-vmware/concepts-identity.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,9 +53,10 @@ The CloudAdmin role in Azure VMware Solution has the following privileges on vCe
53
53
54
54
### Create custom roles on vCenter Server
55
55
56
-
Azure VMware Solution supports the use of custom roles with equal or lesser privileges than the CloudAdmin role.
56
+
Azure VMware Solution supports the use of custom roles with equal or lesser privileges than the CloudAdmin role. You'll use the CloudAdmin role to create, modify, or delete custom roles with privileges lesser than or equal to their current role.
57
57
58
-
You'll use the CloudAdmin role to create, modify, or delete custom roles with privileges lesser than or equal to their current role. You can create roles with privileges greater than CloudAdmin. You can't assign the role to any users or groups or delete the role.
58
+
>[!NOTE]
59
+
>You can create roles with privileges greater than CloudAdmin. However, you can't assign the role to any users or groups or delete the role. Roles that have privileges greater than that of CloudAdmin is unsupported.
59
60
60
61
To prevent creating roles that can't be assigned or deleted, clone the CloudAdmin role as the basis for creating new custom roles.
61
62
@@ -71,7 +72,7 @@ To prevent creating roles that can't be assigned or deleted, clone the CloudAdmi
71
72
72
73
1. Provide the name you want for the cloned role.
73
74
74
-
1.Add or remove privileges for the role and select **OK**. The cloned role is visible in the **Roles** list.
75
+
1.Remove privileges for the role and select **OK**. The cloned role is visible in the **Roles** list.
75
76
76
77
#### Apply a custom role
77
78
@@ -84,9 +85,12 @@ To prevent creating roles that can't be assigned or deleted, clone the CloudAdmi
84
85
1. Search for the user or group after selecting the Identity Source under the **User** section.
85
86
86
87
1. Select the role that you want to apply to the user or group.
88
+
>[!NOTE]
89
+
>Attempting to apply a user or group to a role that has privileges greater than that of CloudAdmin will result in errors.
87
90
88
91
1. Check the **Propagate to children** if needed, and select **OK**. The added permission displays in the **Permissions** section.
89
92
93
+
90
94
## NSX-T Manager access and identity
91
95
92
96
When a private cloud is provisioned using Azure portal, software-defined data center (SDDC) management components like vCenter Server and NSX-T Manager are provisioned for customers.
0 commit comments