You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firmware-analysis/firmware-analysis-rbac.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,15 +22,15 @@ In firmware analysis, the most common roles are Owner, Contributor, Security Adm
22
22
## Understanding the Representation of Firmware Images in the Azure Resource Hierarchy
23
23
Azure organizes resources into resource hierarchies, which are in a top-down structure, and you can assign roles at each level of the hierarchy. The level at which you assign a role is the "scope," and lower scopes may inherit roles assigned at higher scopes. Learn more about the [levels of hierarchy and how to organize your resources in the hierarchy](/azure/cloud-adoption-framework/ready/azure-setup-guide/organize-resources).
24
24
25
-
When you onboard your subscription to firmware analysis and select your resource group, the action automatically creates the **default** resource within your resource group.
25
+
When you onboard your subscription to firmware analysis, you'll be asked to create a **workspace**. A **workspace** is a resource specific to the firmware analysis service that directly houses your firmware images. You can create multiple **workspaces**in each resource group, which allows you to organize your firmware images into categories at the resource group level, and subcategories at the **workspace** level.
26
26
27
-
Navigate to your resource group and select **Show hidden types**to show the **default** resource. The **default** resource has the **Microsoft.IoTFirmwareDefense.workspaces** type.
27
+
Navigate to your resource group. Notice that all **workspace**resources have the **Firmware analysis workspace** type.
28
28
29
-
:::image type="content" source="media/firmware-analysis-rbac/default-workspace.png" alt-text="Screenshot of the toggle button 'Show hidden types' that reveals a resource named 'default'." lightbox="media/firmware-analysis-rbac/default-workspace.png":::
29
+
:::image type="content" source="media/firmware-analysis-rbac/workspaces-in-resource-group.png" alt-text="Screenshot of the workspaces inside a resource group." lightbox="media/firmware-analysis-rbac/workspaces-in-resource-group.png":::
30
30
31
-
Although the **default**workspace resource isn't something that you'll regularly interact with, each firmware image that you upload will be represented as a resource and stored here.
31
+
As mentioned earlier, the **workspace** resource directly holds your firmware images, so you may regularly interact with your **workspaces** depending on how you organize your images. Each firmware image that you upload will be represented as a resource and stored here.
32
32
33
-
You can use RBAC at each level of the hierarchy, including at the hidden **default firmware analysis workspace** resource level.
33
+
You can use RBAC at each level of the hierarchy, including at the **workspace** resource level.
34
34
35
35
Here's the resource hierarchy of firmware analysis:
36
36
@@ -59,7 +59,7 @@ This table categorizes each role and provides a brief description of their permi
59
59
60
60
## Firmware analysis roles, scopes, and capabilities
61
61
62
-
The following table summarizes what roles you need to perform certain actions. These roles and permissions apply at the Subscription and Resource Group levels, unless otherwise stated.
62
+
The following table summarizes what roles you need to perform certain actions. These roles and permissions apply at the Subscription, Resource Group, and Workspace levels, unless otherwise stated.
63
63
64
64
**Action** | **Role required**
65
65
:---|:---
@@ -74,9 +74,9 @@ To upload firmware images:
74
74
*[Upload a firmware image for analysis](./tutorial-analyze-firmware.md#upload-a-firmware-image-for-analysis).
75
75
76
76
## Invite third parties to interact with your firmware analysis results
77
-
You might want to invite someone to interact solely with your firmware analysis results, without allowing access to other parts of your organization (like other resource groups within your subscription). To allow this type of access, invite the user as a Firmware Analysis Admin at the Resource Group level.
77
+
You might want to invite someone to interact solely with your firmware analysis results, without allowing access to other parts of your organization (like other resource groups within your subscription). To allow this type of access, invite the user as a Firmware Analysis Admin at the Resource Group or Workspace level.
78
78
79
-
To invite a third party, follow the [Assign Azure roles to external guest users using the Azure portal](./../role-based-access-control/role-assignments-external-users.md#invite-an-external-user-to-your-directory) tutorial.
79
+
To invite a third party, you must first invite them to your directory. To do this, follow the [Assign Azure roles to external guest users using the Azure portal](./../role-based-access-control/role-assignments-external-users.md#invite-an-external-user-to-your-directory) tutorial.
80
80
81
81
* In step 3, navigate to your resource group.
82
82
* In step 7, select the **Firmware Analysis Admin** role.
0 commit comments