You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[Classic Storage Account Key Operator Service Role](../role-based-access-control/built-in-roles.md#classic-storage-account-key-operator-service-role)
222
222
223
-
The following steps describe how to add a role-assignment to your storage accounts, one at a time:
223
+
The following steps describe how to add a roleassignment to your storage accounts, one at a time. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
224
224
225
-
1.Go to the storage account and navigate to **Access control (IAM)** on the left side of the page.
225
+
1.In the Azure portal, navigate to your Azure SQL Server page.
226
226
227
-
1.Once on **Access control (IAM)**, in the "Add a role assignment" box select **Add**.
227
+
1.Select **Access control (IAM)**.
228
228
229
-
:::image type="content" source="./media/azure-to-azure-how-to-enable-replication-private-endpoints/storage-role-assignment.png" alt-text="Shows the Access control (IAM) page on a storage account and the 'Add a role assignment' button in the Azure portal.":::
229
+
1. Select **Add > Add role assignment**.
230
230
231
-
1. In the "Add a role assignment" side page, choose the role from the list above in the **Role**
232
-
drop-down. Enter the **name** of the vault and select **Save**.
231
+
:::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-menu-generic.png" alt-text="Screenshot that shows Access control (IAM) page with Add role assignment menu open.":::
233
232
234
-
:::image type="content" source="./media/azure-to-azure-how-to-enable-replication-private-endpoints/storage-role-assignment-select-role.png" alt-text="Shows the Access control (IAM) page on a storage account and the options to select a Role and which principal to grant that role to in the Azure portal.":::
233
+
1. On the **Roles** tab, select one of the roles listed in the beginning of this section.
235
234
236
-
In addition to these permissions, MS trusted services need to be allowed access as well. Go to
237
-
"Firewalls and virtual networks" and select "Allow trusted Microsoft services to access this storage
238
-
account" checkbox in **Exceptions**.
235
+
1. On the **Members** tab, select **Managed identity**, and then select **Select members**.
236
+
237
+
1. Select **System-assigned managed identity**, search for a vault, and then select it.
238
+
239
+
1. On the **Review + assign** tab, select **Review + assign** to assign the role.
240
+
241
+
In addition to these permissions, you need to allow access to Microsoft trusted services. To do so, follow these steps:
242
+
243
+
1. Go to **Firewalls and virtual networks**.
244
+
245
+
1. In **Exceptions**, select **Allow trusted Microsoft services to access this storage account**.
-[Classic Storage Account Key Operator Service Role](../role-based-access-control/built-in-roles.md#classic-storage-account-key-operator-service-role)
210
211
211
-
These steps describe how to add a role assignment to your storage account:
212
+
The following steps describe how to add a role assignment to your storage account. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
212
213
213
-
1. Go to the storage account. Select **Access control (IAM)** in the left pane.
214
+
1. Go to the storage account.
214
215
215
-
1.In the **Add a role assignment** section, select **Add**:
216
+
1.Select **Access control (IAM)**.
216
217
217
-
:::image type="content" source="./media/hybrid-how-to-enable-replication-private-endpoints/storage-role-assignment.png" alt-text="Screenshot that shows the Access control (IAM) page for a storage account.":::
218
+
1. Select **Add > Add roleassignment**.
218
219
219
-
1. On the **Add a role assignment** page, in the **Role**
220
-
list, select the role from the list at the start of this section. Enter the name of the vault and then select **Save**.
220
+
:::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-menu-generic.png" alt-text="Screenshot that shows Access control (IAM) page with Add role assignment menu open.":::
221
221
222
-
:::image type="content" source="./media/hybrid-how-to-enable-replication-private-endpoints/storage-role-assignment-select-role.png" alt-text="Screenshot that shows the Add role assignment page.":::
222
+
1. On the **Roles** tab, select one of the roles listed in the beginning of this section.
223
223
224
-
After you add these permissions, you need to allow access to Microsoft trusted services. Go to
225
-
**Firewalls and virtual networks** and select **Allow trusted Microsoft services to access this storage
226
-
account** in **Exceptions**.
224
+
1. On the **Members** tab, select **Managed identity**, and then select **Select members**.
225
+
226
+
1. Select **System-assigned managed identity**, search for a vault, and then select it.
227
+
228
+
1. On the **Review + assign** tab, select **Review + assign** to assign the role.
229
+
230
+
In addition to these permissions, you need to allow access to Microsoft trusted services. To do so, follow these steps:
231
+
232
+
1. Go to **Firewalls and virtual networks**.
233
+
234
+
1. In **Exceptions**, select **Allow trusted Microsoft services to access this storage account**.
Copy file name to clipboardExpand all lines: articles/site-recovery/vmware-azure-multi-tenant-csp-disaster-recovery.md
+25-10Lines changed: 25 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,7 @@ ms.service: site-recovery
7
7
ms.topic: conceptual
8
8
ms.date: 11/27/2018
9
9
ms.author: mayg
10
+
ms.custom: subject-rbac-steps
10
11
---
11
12
12
13
# Set up VMware disaster recovery in a multi-tenancy environment with the Cloud Solution Provider (CSP) program
@@ -61,24 +62,38 @@ You can now perform and manage all Site Recovery operations for the tenant in th
61
62
62
63
1. Ensure that the disaster recovery infrastructure is set up. Partners access tenant subscriptions through the CSP portal, regardless of whether disaster recovery is managed or self-service. Set up the vault and register infrastructure to the tenant subscriptions.
63
64
1. Provide the tenant with the [account you created](#create-a-tenant-account).
64
-
1. You can add a new user to the tenant subscription through the CSP portal as follows:
65
65
66
-
1. Go to the tenant’s CSP subscription page, and then select the **Users and licenses** option.
66
+
You can add a new user to the tenantsubscription through the CSP portal as follows:
1. After you've created a new user, go back to the Azure portal. In the **Subscription** page, select the relevant subscription.
72
+
1.Create a new user by entering the relevant details and selecting permissions, or by uploading the list of users in a CSV file.
73
73
74
-
1. Select **Access control (IAM)**, and then click **Role assignments**.
74
+
1.After you've created a new user, go back to the Azure portal.
75
75
76
-
1. Click **Add role assignment** to add a user with the relevant access level. The users that were created through the CSP portal are displayed on the Role assignments tab.
76
+
The following steps describe how to assign a role to a user. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
77
77
78
-
78
+
1. In the **Subscription** page, select the relevant subscription.
79
79
80
-
- For most management operations, the *Contributor* role is sufficient. Users with this access level can do everything on a subscription except change access levels (for which *Owner*-level access is required).
81
-
- Site Recovery also has three [predefined user roles](site-recovery-role-based-linked-access-control.md), that can be used to further restrict access levels as required.
80
+
1. In the navigation menu, select **Access control (IAM)**.
81
+
82
+
1. Select **Add** > **Add role assignment**.
83
+
84
+
:::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-menu-generic.png" alt-text="Screenshot that shows Access control (IAM) page with Add role assignment menu open.":::
85
+
86
+
1. On the **Role** tab, select a role.
87
+
88
+
For most management operations, the *Contributor* role is sufficient. Users with this access level can do everything on a subscription except change access levels (for which *Owner*-level access is required).
89
+
90
+
Site Recovery also has three [predefined user roles](site-recovery-role-based-linked-access-control.md), that can be used to further restrict access levels as required.
91
+
92
+
:::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-role-generic.png" alt-text="Screenshot that shows Add role assignment page with the Role tab selected.":::
93
+
94
+
1. On the **Members** tab, select **User, group, or service principal**, and then select a user with the relevant access level. The users that were created through the CSP portal are displayed here.
95
+
96
+
1. On the **Review + assign** tab, select **Review + assign** to assign the role.
0 commit comments