Right now, thanks to GDAP, partner could ask customer to have Dynamics 365 Admin role in the tenant, to be able to access the BC and support customers.
But for many customers (mostly corporate customers having centralized tenant administration) this brings a problem. In these environments, the administration is done in-house. In this case there is not possibility to assign permissions to partner to be able to connect BC environment as delegated user to support end-users, but disallow him to manage the environments. Another problem is, that in these cases there are multiple BC partners doing support for different environments (e.g. UK, US, CZ environments in one tenant, each "supported" by local partner in the country) and in this case, there is no standard way how to limit each partner to connect only to selected Environment (could be workadounded by removing default permissions for Delegated admin license and let someone assign the permissions when some Partner's user need access). But still, Partner from CZ could easilly delete environemnt of partner from UK (for example).
- Split Delegated Admin rights (to access admin portal as delegated admin) from Delegated User rights (access BC environment as delegated user) - it means partner could ask to be admin (D365 Admin role) or user (some new role?)
- Add possibility for customer to assign environments to GDAP Partner relation - it means if environment is created by partner A, it will be maintained by partner A, not B,C etc. and other partners will not have access into it. Customer must be able to assign the Partner relation to the environment (in case of change of the partner etc.)
Possibility 2 is better because the Partner will have access to admin tools like Active Session list, App list etc. and can work with these for environments, which are under his relation.