You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/role-based-access-control/delegate-role-assignments-portal.md
+9-19Lines changed: 9 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,16 +59,11 @@ There are two ways that you can add a condition. You can use a condition templat
59
59
60
60
# [Template](#tab/template)
61
61
62
-
1. On the **Conditions** tab under **Delegation type**, select the **Constrained (recommended)** option.
62
+
1. On the **Conditions** tab under **What user can do**, select the **Allow user to only assign selected roles to selected principals (fewer privileges)** option.
63
63
64
-
| Option | Select this option to |
65
-
| --- | --- |
66
-
|**Constrained (recommended)**| Pick the roles or principals the user can use in role assignments |
67
-
|**Not constrained**| Allow the user to assign any role to any principal |
68
-
69
-
:::image type="content" source="./media/shared/condition-constrained.png" alt-text="Screenshot of Add role assignment with the Constrained option selected." lightbox="./media/shared/condition-constrained.png":::
64
+
:::image type="content" source="./media/shared/condition-constrained.png" alt-text="Screenshot of Add role assignment with the constrained option selected." lightbox="./media/shared/condition-constrained.png":::
70
65
71
-
1. Select **Add condition**.
66
+
1. Select **Select roles and principals**.
72
67
73
68
The Add role assignment condition page appears with a list of condition templates.
74
69
@@ -78,13 +73,13 @@ There are two ways that you can add a condition. You can use a condition templat
78
73
79
74
| Condition template | Select this template to |
80
75
| --- | --- |
81
-
| Constrain roles |Constrain the roles a user can assign|
82
-
| Constrain roles and principal types |Constrain the roles a user can assign and the types of principals the user can assign roles to|
83
-
| Constrain roles and principals |Constrain the roles a user can assign and the principals the user can assign roles to |
76
+
| Constrain roles |Allow user to only assign roles you select|
77
+
| Constrain roles and principal types |Allow user to only assign roles you select<br/>Allow user to only assign these roles to principal types you select (users, groups, or service principals)|
78
+
| Constrain roles and principals |Allow user to only assign roles you select<br/>Allow user to only assign these roles to principals you select|
84
79
85
80
1. In the configure pane, add the required configurations.
86
81
87
-
:::image type="content" source="./media/delegate-role-assignments-portal/condition-template-configure-pane.png" alt-text="Screenshot of configure pane for a condition with selection added." lightbox="./media/delegate-role-assignments-portal/condition-template-configure-pane.png":::
82
+
:::image type="content" source="./media/shared/condition-template-configure-pane.png" alt-text="Screenshot of configure pane for a condition with selection added." lightbox="./media/shared/condition-template-configure-pane.png":::
88
83
89
84
1. Select **Save** to add the condition to the role assignment.
90
85
@@ -94,16 +89,11 @@ If the condition templates don't work for your scenario or if you want more cont
94
89
95
90
### Open condition editor
96
91
97
-
1. On the **Conditions** tab under **Delegation type**, select the **Constrained (recommended)** option.
98
-
99
-
| Option | Select this option to |
100
-
| --- | --- |
101
-
|**Constrained (recommended)**| Pick the roles or principals the user can use in role assignments |
102
-
|**Not constrained**| Allow the user to assign any role to any principal |
92
+
1. On the **Conditions** tab under **What user can do**, select the **Allow user to only assign selected roles to selected principals (fewer privileges)** option.
103
93
104
94
:::image type="content" source="./media/shared/condition-constrained.png" alt-text="Screenshot of Add role assignment with the Constrained option selected." lightbox="./media/shared/condition-constrained.png":::
105
95
106
-
1. Select **Add condition**.
96
+
1. Select **Select roles and principals**.
107
97
108
98
The Add role assignment condition page appears with a list of condition templates.
1. On the **Conditions** tab under **Delegation type**, select the **Constrained (recommended)** option.
135
+
1. On the **Conditions** tab under **What user can do**, select the **Allow user to only assign selected roles to selected principals (fewer privileges)** option.
136
136
137
137
:::image type="content" source="./media/shared/condition-constrained.png" alt-text="Screenshot of Add role assignment with the Constrained option selected." lightbox="./media/shared/condition-constrained.png":::
138
138
139
-
1. Click **Add condition** to add a condition that constrains the roles and principals this user can assign roles to.
139
+
1. Click **Select roles and principals** to add a condition that constrains the roles and principals this user can assign roles to.
140
140
141
141
1. Follow the steps in [Delegate Azure role assignment management to others with conditions](delegate-role-assignments-portal.md#step-3-add-a-condition).
0 commit comments