Merge pull request #221963 from Juliako/patch-42

Update toc.yml

Author: JamesJBarnett

articles/azure-video-indexer/.openpublishing.redirection.azure-video-indexer.json

@@ -122,7 +122,7 @@
         },
         {
             "source_path_from_root": "/articles/azure-video-analyzer/video-analyzer-for-media-docs/invite-users.md",
-            "redirect_url": "/azure/azure-video-indexer/invite-users",
+            "redirect_url": "/azure/azure-video-indexer/restricted-viewer-role",
             "redirect_document_id": false
         },
         {
@@ -249,6 +249,11 @@
             "source_path_from_root": "/articles/azure-video-indexer/compliance-privacy-security.md",
             "redirect_url": "/azure/azure-video-indexer/video-indexer-overview",
             "redirect_document_id": false
-        }
+        },
+        {
+            "source_path_from_root": "/articles/azure-video-indexer/invite-users.md",
+            "redirect_url": "/azure/azure-video-indexer/restricted-viewer-role",
+            "redirect_document_id": false
+        }        
     ]
 }

articles/azure-video-indexer/accounts-overview.md

@@ -53,7 +53,7 @@ When creating a new paid account, you need to connect the Azure Video Indexer ac
 |   | ARM-based |Classic| Trial|
 |---|---|---|---|
 |Get access token | [ARM REST API](https://aka.ms/avam-arm-api) |[Get access token](https://api-portal.videoindexer.ai/api-details#api=Operations&operation=Get-Account-Access-Token)|Same as classic|
-|Share account| [Azure RBAC(role based access control)](../role-based-access-control/overview.md)| [Invite users](invite-users.md) |Same as classic|
+|Share account| [Azure RBAC(role based access control)](../role-based-access-control/overview.md)| [Invite users](restricted-viewer-role.md#share-the-account) |Same as classic|
 
 ## Limited access features
 

articles/azure-video-indexer/connect-classic-account-to-arm.md

@@ -32,7 +32,7 @@ Connecting a classic account to be ARM-based triggers a 30 days of a transition
 
 The transition state moves all account management functionality to be managed by ARM and will be handled by [Azure RBAC][docs-rbac-overview]. 
 
-The [invite users](invite-users.md) feature in the [Azure Video Indexer website](https://www.videoindexer.ai/) gets disabled. The invited users on this account lose their access to the Azure Video Indexer account Media in the portal.  
+The [invite users](restricted-viewer-role.md#share-the-account) feature in the [Azure Video Indexer website](https://www.videoindexer.ai/) gets disabled. The invited users on this account lose their access to the Azure Video Indexer account Media in the portal.  
 However, this can be resolved by assigning the right role-assignment to these users through Azure RBAC, see [How to assign RBAC][docs-rbac-assignment]. 
 
 Only the account owner, who performed the connect action, is automatically assigned as the owner on the connected account. When [Azure policies][docs-governance-policy] are enforced, they override the settings on the account.

articles/azure-video-indexer/index.yml

@@ -42,8 +42,6 @@ landingContent:
         links: 
           - text: Sign up and upload a video
             url: video-indexer-get-started.md 
-          - text: Invite users
-            url: invite-users.md
       - linkListType: how-to-guide
         links:
           - text: Create an ARM-based account

articles/azure-video-indexer/invite-users.md

@@ -399,7 +399,7 @@ You can now use the search feature, at the top of  the [Azure Video Indexer webs
 
 ### Multiple account owners
 
-Account owner role was added to Azure Video Indexer. You can add, change, and remove users; change their role. For details on how to share an account, see [Invite users](invite-users.md).
+Account owner role was added to Azure Video Indexer. You can add, change, and remove users; change their role. For details on how to share an account, see [Invite users](restricted-viewer-role.md#share-the-account).
 
 ### Audio event detection (public preview)
 
@@ -461,7 +461,7 @@ You will be able to sign up and sign in using one of these providers: Azure AD,
 > [!NOTE]
 > The Azure Video Indexer accounts connected to LinkedIn and Facebook will not be accessible after March 1st 2021.
 >
-> You should [invite](invite-users.md) an Azure AD, Microsoft, or Google email you own to the Azure Video Indexer account so you will still have access. You can add an additional owner of supported providers, as described in [invite](invite-users.md). <br/>
+> You should [invite](restricted-viewer-role.md#share-the-account) an Azure AD, Microsoft, or Google email you own to the Azure Video Indexer account so you will still have access. You can add an additional owner of supported providers, as described in [invite](restricted-viewer-role.md#share-the-account). <br/>
 > Alternatively, you can create a paid account and migrate the data.
 
 ## August 2020

articles/azure-video-indexer/media/restricted-viewer-role/accounts.png

@@ -1,52 +1,80 @@
 ---
-title: Video Indexer restricted viewer built-in role
+title: Manage access to an Azure Video Indexer account
 description: This article talks about Video Indexer restricted viewer built-in role. This role is an account level permission, which allows users to grant restricted access to a specific user or security group. 
 ms.topic: how-to
-ms.date: 09/12/2022
+ms.date: 12/14/2022
 ---
 
-# Manage access with the Video Indexer Restricted Viewer role
+# Manage access to an Azure Video Indexer account  
 
-Azure Video Indexer enables managing user access to the Azure Video Indexer resource at the account level with the following built-in role: **Video Indexer Restricted Viewer**. 
+In this article, you'll learn how to manage access (authorization) to an Azure Video Indexer account. As Azure Video Indexer’s role management differs depending on the Video Indexer Account type, this document will first cover access management of regular accounts (ARM-based) and then of Classic and Trial accounts.   
 
-> [!NOTE]
-> The **Video Indexer Restricted Viewer** built-in role is only available for ARM-based (recommended) accounts, not classic accounts. If you have an existing classic account, see [Connect an existing classic paid account to an ARM-based account](connect-classic-account-to-arm.md).
+To see your accounts, select **User Accounts** at the top-right of the [Azure Video Indexer website](https://videoindexer.ai/). Classic and Trial accounts will have a label with the account type to the right of the account name.
 
-Users with the owner or administrator Azure Active Directory (Azure AD) permissions can assign the **Video Indexer Restricted Viewer** role to  Azure AD users or security groups for an account. For information on how to assign roles, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md). 
+> [!div class="mx-imgBorder"]
+> :::image type="content" source="./media/restricted-viewer-role/accounts.png" alt-text="Image of accounts.":::
+
+## User management of ARM accounts
+
+[Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md) is used to manage access to Azure resources, such as the ability to create new resources or use existing ones. Using Azure RBAC, you can segregate duties within your team and users by granting only the amount of access that is appropriate. Users in your Azure Active Directory (Azure AD) are assigned specific roles, which grant access to resources. 
+
+Users with owner or administrator Azure Active Directory (Azure AD) permissions can assign roles to Azure AD users or security groups for an account. For information on how to assign roles, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md). 
+
+Azure Video Indexer provides three built-in roles. You can learn more about [Azure built-in roles](../role-based-access-control/built-in-roles.md). Azure Video Indexer doesn't support the creation of custom roles. 
+
+**Owner** - This role grants full access to manage all resources, including the ability to assign roles to determine who has access to resources.  
+**Contributor** - This role has permissions to everything an owner does except it can't control who has access to resources.  
+**Video Indexer Restricted Viewer** - This role is unique to Azure Video Indexer and has permissions to view videos and their insights but can't perform edits or changes or user management operations. This role enables collaboration and user access to insights through the Video Indexer website while limiting their ability to make changes to the environment.  
+
+Users with this role can perform the following tasks: 
 
-The limited access Video Indexer Restricted Viewer role is intended for the [Azure Video Indexer website](https://www.videoindexer.ai/) users as its permitted actions relate to the [Azure Video Indexer website](https://www.videoindexer.ai/) experience.
+- View and play videos.  
+- View and search insights and translate a videos insights and transcript.
 
-## Azure Video Indexer Restricted Viewer permissions
+Users with this role are unable to perform the following tasks: 
 
-Users with this role are **able** to perform the following tasks:
+- Upload/index/re-index a video. 
+- Download/embed video/insights.
+- Change account settings.
+- Edit insights.
+- Create/update customized models.
+- Assign roles.
+- Generate an access token.
 
-- View and play videos in the account
-- Search through insights in the account
-- Translate the transcription of a specific video
+Disabled features will appear to users with the **Restricted Viewer** access as greyed out. When a user navigates to an unauthorized page, they receive a pop-up message that they don't have access. 
 
-Users with this role are **unable** to perform the following tasks:
+> [!Important]
+> The Restricted Viewer role is only available in Azure Video Indexer ARM accounts. 
+>
 
-- Upload/Index/Re-index a video
-- Download/Embed video/insights 
-- Change account settings 
-- Edit insights 
-- Create/update customized models 
-  - Language  
-  - People  
-  - Brands 
-- Assign roles
-- Generate an access token 
+### Manage account access (for account owners)
+
+If you're an account owner, you can add and remove roles for the account. You can also assign roles to users. Use the following links to discover how to manage access: 
+
+- [Azure portal UI](../role-based-access-control/role-assignments-portal.md)
+- [PowerShell](../role-based-access-control/role-assignments-powershell.md) 
+- [Azure CLI](../role-based-access-control/role-assignments-cli.md) 
+- [REST API](../role-based-access-control/role-assignments-rest.md) 
+- [Azure Resource Manager templates](../role-based-access-control/role-assignments-template.md) 
+
+## User management of classic and trial accounts  
+
+User management of classic accounts, including the creation of new users, is performed in the Account settings section of the Video Indexer website. This can be accessed by either: 
+
+- Selecting the **User accounts** icon at the top-right of the website and then settings. 
+- Selecting the **Account settings** icon on the left of the website. 
+
+> [!div class="mx-imgBorder"]
+> :::image type="content" source="./media/restricted-viewer-role/settings.png" alt-text="Image of account settings.":::
 
-## Using an ARM API
+### Share the account
 
-To generate a Video Indexer restricted viewer access token via API, see [documentation](/rest/api/videoindexer/preview/generate/access-token). 
+In the **Account setting** section, select **Manage Roles** to view all the account users and people with pending invites. 
 
-## Restricted Viewer Video Indexer website experience
- 
-When using the [Azure Video Indexer](https://www.videoindexer.ai/) website with a Video Indexer Restricted Viewer access, disabled features are greyed out. If a user with the restricted viewer role attempts to access an unauthorized page, they'll encounter the pop-up message below: 
+To add users, click **Invite more people to this account**. They'll receive an invitation but you also have the option to copy the invite link to share it directly. Once they've accepted the invitation, you can define their role as either **Owner** or **Contributor**. See above in the [ARM Account user management](#user-management-of-arm-accounts) section for a description of the **Owner** and **Contributor** roles.  
 
 > [!div class="mx-imgBorder"]
-> :::image type="content" source="./media/restricted-viewer-role/no-access.png" alt-text="No access to the gallery page.":::
+> :::image type="content" source="./media/restricted-viewer-role/share-account.png" alt-text="Image of invited users.":::
 
 ## Next steps