Skip to content

Commit d7c30b8

Browse files
jkdouglascsmulligan
jkdouglas
and
csmulligan
authored
Apply suggestions from code review
Co-authored-by: Csilla Mulligan <[email protected]>
1 parent 6e18072 commit d7c30b8

File tree

1 file changed

+33
-3
lines changed

1 file changed

+33
-3
lines changed

articles/active-directory/external-identities/cross-tenant-access-overview.md

Lines changed: 33 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -131,19 +131,49 @@ To collaborate with a partner tenant in a different Microsoft Azure cloud, both
131131
## Custom roles for managing cross-tenant access settings
132132

133133
Cross-tenant access settings can be managed with custom roles defined by your organization. This enables you to [define your own finely-scoped roles](../roles/custom-create.md) to manage cross-tenant access settings instead of using one of the built-in roles for management.
134-
134+
Your organization can define custom roles to manage cross-tenant access settings. This allows you to create [your own finely-scoped roles](../roles/custom-create.md) to manage cross-tenant access settings instead of using built-in roles for management.
135135
### Recommended custom roles
136136

137137
#### Cross-tenant access administrator
138138

139139
This role can manage everything in cross-tenant access settings, including default and organizational based settings. This role should be assigned to users who need to manage all settings in cross-tenant access settings.
140140

141-
:::image type="content" source="media/cross-tenant-access-overview/cross-tenant-access-administrator-custom-role.png" alt-text="Screenshot of the administrator custom for cross-tenant access settings." lightbox="media/cross-tenant-access-overview/cross-tenant-access-administrator-custom-role.png":::
141+
Please find the list of recommended actions for this role below.
142+
143+
| Actions |
144+
| ------- |
145+
| microsoft.directory.tenantRelationships/standard/read |
146+
| microsoft.directory/crossTenantAccessPolicy/standard/read |
147+
| microsoft.directory/crossTenantAccessPolicy/allowedCloudEndpoints/update |
148+
| microsoft.directory/crossTenantAccessPolicy/basic/update |
149+
| microsoft.directory/crossTenantAccessPolicy/default/b2bCollaboration/update |
150+
| microsoft.directory/crossTenantAccessPolicy/default/b2bDirectConnect/update |
151+
| microsoft.directory/crossTenantAccessPolicy/default/crossCloudMeetings/update |
152+
| microsoft.directory/crossTenantAccessPolicy/default/standard/read |
153+
| microsoft.directory/crossTenantAccessPolicy/default/tenantRestrictions/update |
154+
| microsoft.directory/crossTenantAccessPolicy/partners/b2bCollaboration/update |
155+
| microsoft.directory/crossTenantAccessPolicy/partners/b2bDirectConnect/update |
156+
| microsoft.directory/crossTenantAccessPolicy/partners/create |
157+
| microsoft.directory/crossTenantAccessPolicy/partners/crossCloudMeetings/update |
158+
| microsoft.directory/crossTenantAccessPolicy/partners/delete |
159+
| microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/basic/update |
160+
| microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/create |
161+
| microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read |
162+
| microsoft.directory/crossTenantAccessPolicy/partners/standard/read |
163+
| microsoft.directory/crossTenantAccessPolicy/partners/tenantRestrictions/update |
142164

143165
#### Cross-tenant access reader
144166
This role can read everything in cross-tenant access settings, including default and organizational based settings. This role should be assigned to users who only need to review settings in cross-tenant access settings, but not manage them.
145167

146-
:::image type="content" source="media/cross-tenant-access-overview/cross-tenant-access-reader-custom-role.png" alt-text="Screenshot of the reader custom role for cross-tenant access settings." lightbox="media/cross-tenant-access-overview/cross-tenant-access-reader-custom-role.png":::
168+
Please find the list of recommended actions for this role below.
169+
170+
| Actions |
171+
| ------- |
172+
| microsoft.directory.tenantRelationships/standard/read |
173+
| microsoft.directory/crossTenantAccessPolicy/standard/read |
174+
| microsoft.directory/crossTenantAccessPolicy/default/standard/read |
175+
| microsoft.directory/crossTenantAccessPolicy/partners/identitySynchronization/standard/read |
176+
| microsoft.directory/crossTenantAccessPolicy/partners/standard/read |
147177

148178
#### Cross-tenant access partner administrator
149179
This role can manage everything relating to partners and read the default settings. This role should be assigned to users who need to manage organizational based settings but not be able to change default settings.

0 commit comments

Comments
 (0)