You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/managed-grafana/how-to-manage-access-permissions-users-identities.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.author: malev
8
8
ms.service: azure-managed-grafana
9
9
ms.custom: engagement-fy23
10
10
ms.topic: how-to
11
-
ms.date: 01/15/2025
11
+
ms.date: 04/01/2026
12
12
---
13
13
14
14
# Manage access and permissions for users and identities
@@ -21,8 +21,8 @@ This guide walks you through the supported Grafana roles and shows you how to us
21
21
## Prerequisites
22
22
23
23
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
24
-
- An Azure Managed Grafana workspace. If you don't have one yet, [create an Azure Managed Grafana workspace](./how-to-permissions.md).
25
-
- You must have Grafana Admin permissions on the workspace.
24
+
- An Azure Managed Grafana workspace. If you don't have one yet, you can [create one in the Azure portal](./quickstart-managed-grafana-portal.md) or [create one using the Azure CLI](./quickstart-managed-grafana-cli.md).
25
+
- You must have Grafana Admin permissions on the workspace. See [how to modify access permissions to Azure Monitor](./how-to-permissions.md).
26
26
27
27
## Learn about Grafana roles
28
28
@@ -40,33 +40,33 @@ The following built-in roles are available in Azure Managed Grafana, each provid
40
40
> | <aname='grafana-limited-viewer'></a>[Grafana Limited Viewer](../role-based-access-control/built-in-roles/monitor.md#grafana-limited-viewer)| View a Grafana home page. This role contains no permissions assigned by default and it is not available for Grafana v9 workspaces. | 41e04612-9dac-4699-a02b-c82ff2cc3fb5 |
41
41
> | <aname='grafana-viewer'></a>[Grafana Viewer](../role-based-access-control/built-in-roles/monitor.md#grafana-viewer)| View a Grafana workspace, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
42
42
43
-
To access the Grafana user interface, users must possess one of the roles above. You can find more information about the Grafana roles from the [Grafana documentation](https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/#organization-roles). The Grafana Limited Viewer role in Azure maps to the "No Basic Role" in the Grafana docs.
43
+
To access the Grafana user interface, users must possess one of the roles listed in the previous table. You can find more information about the Grafana roles from the [Grafana documentation](https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/#organization-roles). The Grafana Limited Viewer role in Azure maps to the "No Basic Role" in the Grafana docs.
44
44
45
45
## Assign a Grafana role
46
46
47
-
Grafana user roles and assignments are fully [integrated within Microsoft Entra ID](../role-based-access-control/built-in-roles.md#grafana-admin). You can assign a Grafana role to any Microsoft Entra user, group, service principal, or managed identity, and grant them access permissions associated with that role. You can manage these permissions from the Azure portal or the command line. This section explains how to assign Grafana roles to users in the Azure portal.
47
+
Grafana [user roles](../role-based-access-control/built-in-roles.md#grafana-admin) and assignments are fully integrated within Microsoft Entra ID. You can assign a Grafana role to any Microsoft Entra user, group, service principal, or managed identity, and grant them access permissions associated with that role. You can manage these permissions from the Azure portal or the command line. This section explains how to assign Grafana roles to users in the Azure portal.
48
48
49
49
### [Portal](#tab/azure-portal)
50
50
51
51
1. Open your Azure Managed Grafana workspace.
52
52
1. Select **Access control (IAM)** in the left menu.
53
53
1. Select **Add role assignment**.
54
54
55
-
:::image type="content" source="media/share/iam-page.png" alt-text="Screenshot of Add role assignment in the Azure platform.":::
55
+
:::image type="content" source="media/share/iam-page.png" alt-text="Screenshot of Add role assignment in the Azure platform.":::
56
56
57
57
1. Select a Grafana role to assign among **Grafana Admin**, **Grafana Editor**, **Grafana Limited Viewer**, or **Grafana Viewer**, then select **Next**.
58
58
59
-
:::image type="content" source="media/share/role-assignment.png" alt-text="Screenshot of the Grafana roles in the Azure platform.":::
59
+
:::image type="content" source="media/share/role-assignment.png" alt-text="Screenshot of the Grafana roles in the Azure platform.":::
60
60
61
61
1. Choose if you want to assign access to a **User, group, or service principal**, or to a **Managed identity**.
62
-
1.Click on **Select members**, pick the members you want to assign to the Grafana role and then confirm with **Select**.
62
+
1.Choose **Select members** and pick the members you want to assign to the Grafana role. Confirm your choices with **Select**.
63
63
1. Select **Next**, then **Review + assign** to complete the role assignment.
64
64
65
65
### [Azure CLI](#tab/azure-cli)
66
66
67
67
Assign a role using the [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command.
68
68
69
-
In the code below, replace the following placeholders:
69
+
In the following code, replace these placeholders:
70
70
71
71
-`<assignee>`:
72
72
- For a Microsoft Entra user, enter their email address or the user object ID.
@@ -93,12 +93,12 @@ az role assignment create --assignee "[email protected]" \
For more information about assigning Azure roles using the Azure CLI, refer to the[Role based access control documentation](../role-based-access-control/role-assignments-cli.md).
96
+
For more information about assigning Azure roles using the Azure CLI, see[Role based access control documentation](../role-based-access-control/role-assignments-cli.md).
97
97
98
98
---
99
99
100
100
> [!TIP]
101
-
> When onboarding a new user to your Azure Managed Grafana workspace, granting them the Grafana Limited Viewer role allows them limited access to the Grafana workspace.
101
+
> When you onboard a new user to your Azure Managed Grafana workspace, granting them the Grafana Limited Viewer role allows them limited access to the Grafana workspace.
102
102
>
103
103
> You can then grant the user access to each relevant dashboard and data source using their management settings. This method ensures that users with the Grafana Limited Viewer role only access the specific components they need, enhancing security and data privacy.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments