Forum Discussion
Deploy a sample management UI to manage your Windows Virtual Desktop resources!
Hello, if I want another user to publish application through this portal. What should be his access?
I tried to give him "Tenant creator" on the "Windows Virtual Desktop" application but it does not seem to work as my user can not see the WVD tenant.
I already tried in Powershell with his user account but it does not seems to be enough access.
PS C:\windows\system32> New-RdsAppGroup ***** **** **** -ResourceType "RemoteApp"
New-RdsAppGroup : User is not authorized to query the management service. ActivityId: ***** Powershell commands to diagnose the failure: Get-RdsDiagnosticActivities -ActivityId ***** At line:1 char:1 + New-RdsAppGroup ******* ***** ***** -ResourceType "Rem ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : FromStdErr: (Microsoft.RDInf....NewRdsAppGroup:NewRdsAppGroup) [New-RdsAppGroup], RdsPow erShellException + FullyQualifiedErrorId : UnauthorizedAccess,Microsoft.RDInfra.RDPowershell.AppGroup.NewRdsAppGroup
Hi ghonyme ,
The Tenant Creator permission is only to give a user/SPN permissions to create a WVD Tenant for that specific Azure AD Tenant. It does not provide access to the WVD Tenant itself.
To manage resources in the WVD Tenant, you will have to delegate permissions using these cmdlets:
- Get-RdsRoleAssignment displays a list of role assignments.
- New-RdsRoleAssignment creates a new role assignment.
- Set-RdsRoleAssignment edits role assignments.
More information can be found here:
https://docs.microsoft.com/en-us/azure/virtual-desktop/delegated-access-virtual-desktop
Here is an example of delegation which I use in my slides:
