You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/about-nva-hub.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -87,21 +87,21 @@ NVA Partners may create different resources depending on their appliance deploym
87
87
88
88
### Managed resource group permissions
89
89
90
-
By default, all managed resource groups have an deny-all Azure Active Directory assignment. These deny-all assignments prevent customers from calling write operations on any resources in the managed resource group, including the Network Virtual Appliance resource.
90
+
By default, all managed resource groups have an deny-all Azure Active Directory assignment. Deny-all assignments prevent customers from calling write operations on any resources in the managed resource group, including Network Virtual Appliance resources.
91
91
92
-
However, partners may create exceptions and whitelist specific actions that customers are allowed to perform on resources deployed in managed resource groups.
92
+
However, partners may create exceptions for specific actions that customers are allowed to perform on resources deployed in managed resource groups.
93
93
94
-
Permissions on resources in managed resource groups are not dynamically updated as new permitted actions are added by partners and require manual intervention.
94
+
Permissions on resources in existing managed resource groups are not dynamically updated as new permitted actions are added by partners and require a manual refresh.
95
95
96
-
To refresh permissions on the managed resource groups, customers can leverage the [Refresh Permissions REST API ](/rest/api/managedapplications/applications/refresh-permissions).
96
+
To refresh permissions on the managed resource groups, customers can leverage the [Refresh Permissions REST API ](/rest/api/managedapplications/applications/refresh-permissions).
97
+
98
+
> [!NOTE]
99
+
> To properly apply new permissions, refresh permissions API must be called with an additional query parameter **targetVersion**. The value for targetVersion is provider-specific. Please reference your provider's documentation for the latest version number.
97
100
98
101
```http-interactive
99
-
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Solutions/applications/{applicationName}/refreshPermissions?api-version=2019-07-01
102
+
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Solutions/applications/{applicationName}/refreshPermissions?api-version=2019-07-01&targetVersion={targetVersion}
100
103
```
101
104
102
-
103
-
104
-
105
105
### <aname="units"></a>NVA Infrastructure Units
106
106
107
107
When you create an NVA in a Virtual WAN hub, you must choose the number of NVA Infrastructure Units you want to deploy it with. An **NVA Infrastructure Unit** is a unit of aggregate bandwidth capacity for an NVA in a Virtual WAN hub. An **NVA Infrastructure Unit** is similar to a VPN [Scale Unit](pricing-concepts.md#scale-unit) in terms of the way you think about capacity and sizing.
0 commit comments