You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-desktop/rbac.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,15 +9,17 @@ ms.date: 09/23/2024
9
9
10
10
# Built-in Azure RBAC roles for Azure Virtual Desktop
11
11
12
-
Azure Virtual Desktop uses Azure role-based access control (RBAC) to control access to resources. There are many built-in roles for use with Azure Virtual Desktop that are a collection of permissions. You assign roles to users and admins and these roles give permission to carry out certain tasks. To learn more about Azure RBAC, see [What is Azure RBAC?](../role-based-access-control/overview.md).
12
+
Azure Virtual Desktop uses Azure role-based access control (RBAC) to control access to resources. There are many built-in roles for use with Azure Virtual Desktop that are a collection of permissions. You assign roles to users and admins and these roles give permission to carry out certain tasks. To learn more about Azure RBAC, see [What is Azure RBAC](../role-based-access-control/overview.md).
13
13
14
14
The standard built-in roles for Azure are *Owner*, *Contributor*, and *Reader*. However, Azure Virtual Desktop has more roles that let you separate management roles for host pools, application groups, and workspaces. This separation lets you have more granular control over administrative tasks. These roles are named in compliance with Azure's standard roles and least-privilege methodology. Azure Virtual Desktop doesn't have a specific Owner role, but you can use the general Owner role for the service objects.
15
15
16
16
The built-in roles for Azure Virtual Desktop and the permissions for each one are detailed in this article. You can assign each role to the scope you need. Some Azure Desktop features have specific requirements for the assigned scope, which you can find in the documentation for the relevant feature. For more information, see [Understand Azure role definitions](../role-based-access-control/role-definitions.md) and [Understand scope for Azure RBAC](../role-based-access-control/scope-overview.md).
17
17
18
+
For a full list of all the built-in roles available, see [Azure built-in roles](../role-based-access-control/built-in-roles.md).
19
+
18
20
## Desktop Virtualization Contributor
19
21
20
-
The Desktop Virtualization Contributor role allows managing all your Azure Virtual Desktop resources. You also need the *User Access Administrator* role to assign application groups to user accounts or user groups. This role doesn't grant users access to compute resources.
22
+
The Desktop Virtualization Contributor role allows managing all your Azure Virtual Desktop resources, apart from user or group assignment. If you want to assign user accounts or user groups to resources, you also need the *User Access Administrator* role. The Desktop Virtualization Contributor role doesn't grant users access to compute resources.
21
23
22
24
| Action type | Permissions |
23
25
|--|--|
@@ -80,7 +82,7 @@ The Desktop Virtualization Host Pool Reader role allows viewing all aspects of a
80
82
81
83
## Desktop Virtualization Application Group Contributor
82
84
83
-
The Desktop Virtualization Application Group Contributor role allows managing all aspects of an application group. If you want to assign user accounts or user groups to application groups too, you also need the *User Access Administrator* role.
85
+
The Desktop Virtualization Application Group Contributor role allows managing all aspects of an application group, apart from user or group assignment. If you want to assign user accounts or user groups to application groups too, you also need the *User Access Administrator* role.
0 commit comments