# Granular Delegated Admin Privileges

In the past, under DAP, partners were granted all permissions when requesting access from the end customer. However, with the introduction of GDAP, partners can now choose specific roles for which they require access and send a request to the end customer accordingly. The end customer can then review the request and either accept or decline it based on the designated roles.

## Creating a Relationship Request

In the service provider portal, navigate to Customers -> Companies -> Switch to the company in which you want to create the relationship request.

**The below steps can be performed only by the Service provider.**

In the end customer portal navigate to Cloud Services -> Accounts -> Admin Relationships 

You can see the list of roles and their status according to the relationship request

<figure><img src="/files/evWS1cy9XcPWD9hidtQZ" alt=""><figcaption></figcaption></figure>

Select the roles in which you want the permission and click 'Create Admin Relationship'

<figure><img src="/files/6ybOnn1FpwFt4HD2d9Lr" alt=""><figcaption></figcaption></figure>

You will be navigated to the page where you should enter the relationship name and duration in days. Duration in days is days in which the request will be active upon approval. After the duration the request will be expired. Click 'Create'. A new request will be created.&#x20;

<figure><img src="/files/cYriqrcEhYXZhVJjx4jL" alt=""><figcaption></figcaption></figure>

In the next page you can send an email regarding the relationship request. You can enter the To and CC Email IDs

<figure><img src="/files/PmwXcv1w4WiatHHRZ5xO" alt=""><figcaption></figcaption></figure>

\
Assigning roles to the Security Groups
--------------------------------------

In the service provider portal, navigate to Customers -> Companies -> Switch to the company in which you want to assign the roles to the security group.

**The below steps can be performed only by the Service provider.**

Navigate to Cloud Services -> Accounts -> Admin Relationship and click 'Relationship Request'

<figure><img src="/files/uesTlB3FSAVXNPrwQd2p" alt=""><figcaption></figcaption></figure>

You will be navigated to the list of relationship requests and their status.&#x20;

<figure><img src="/files/nImxWEtKbrFqda7KAkFw" alt=""><figcaption></figcaption></figure>

Drill down into the relationship request with 'Active' request status. Navigate to 'Security Groups' subtab. In this page you can view the status of the security groups and by clicking the information icon you canview the roles assigned to the security group.&#x20;

<figure><img src="/files/753NXeWH9DqKuTllyagT" alt=""><figcaption></figcaption></figure>

Click 'Assign Roles to Security Group', you will be navigating to the page where the list of accepted roles will be displayed. Select the appropriate roles and select the security group. Click 'Add Security Group'. The selected roles will be added to the security groups.

<figure><img src="/files/GK1qMlRjrV08vHmoyUUx" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudassert.com/hybr/features/admin/microsoft-csp/granular-delegated-admin-privileges.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.