GDAP RoleTypes
This article is designed to provide an overview of the GDAP roles and role types available within PRISM, using the GDAP tooling.
For more information on how to create and manage GDAP, please use this guide.
Roles & Role Types
Please be informed that for Crayon to raise a "Premier Support Case" to Microsoft on your behalf, we require you to provide Crayon with at least Minimum permission via GDAP. This is indicated in our support agreement with Partners. The reason for this is that premier support cases are raised within the affected customer admin portal.
As shown below, there are three (3) Roles available under GDAP in PRISM:
Below each role will then be broken down to show the role types included plus their intended use:
Minimum
- Global Reader - Can read everything that a Global administrator can but can't update anything.
- Service Support Admin - Can read service health information and manage support requests.
Standard
- Global Reader - Can read everything that a Global administrator can but can't update anything.
- Service Support Admin - Can read service health information and manage support requests.
- Directory Reader - Can read basic directory information. Commonly used to grant directory read access to applications and guests.
- Helpdesk Admin - Can reset passwords for non-administrators and Help Desk administrators.
- License Admin - Can manage product licenses on users and groups.
- User Admin - Can manage all aspects of users and groups, including resetting passwords for limited admins.
Azure
- Cloud Application Admin: This role grants the ability to create and manage all aspects of enterprise applications and application registrations.
- Directory Writers - Can read and write basic directory information (For granting access to applications not intended for users).
Link to Microsoft's Documentation: GDAP role guidance - Partner Center | Microsoft Learn
Comments
0 comments
Please sign in to leave a comment.