Azure role-based access control within Azure Managed Grafana
Azure Managed Grafana supports Azure role-based access control (RBAC), an authorization system that lets you manage individual access to your Azure resources.
Azure RBAC enables you to allocate varying permission levels to users, groups, service principals, or managed identities, for managing your Azure Managed Grafana resources.
Azure Managed Grafana roles
The following built-in roles are available in Azure Managed Grafana, each providing different levels of access:
Built-in role | Description | ID |
---|---|---|
Grafana Admin | Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 |
Grafana Editor | View and edit a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f |
Grafana Limited Viewer | View a Grafana home page. This role contains no permissions assigned by default and it is not available for Grafana v9 workspaces. | 41e04612-9dac-4699-a02b-c82ff2cc3fb5 |
Grafana Viewer | View a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
To access the Grafana user interface, users must possess one of these roles.
These permissions are included within the broader roles of resource group Contributor and resource group Owner roles. If you're not a resource group Contributor or a resource group Owner, you will need to ask a subscription Owner or resource group Owner to grant you one of the Grafana roles on the resource you want to access.
You can find more information about the Grafana roles from the Grafana documentation. The Grafana Limited Viewer role in Azure maps to the "No Basic Role" in the Grafana docs.
Adding a role assignment to an Azure Managed Grafana resource
To add a role assignment to an Azure Managed Grafana instance, in your Azure Managed Grafana workspace, open the Access control (IAM) menu and select Add > Add role assignment.
Assign a role, such as Grafana viewer, to a user, group, service principal or managed identity. For more information about assigning a role, go to Grant access.