Azure role-based access control within Azure Managed Grafana

Azure Managed Grafana supports Azure role-based access control (RBAC), an authorization system that lets you manage individual access to your Azure resources.

Azure RBAC enables you to allocate varying permission levels to users, groups, service principals, or managed identities, for managing your Azure Managed Grafana resources.

Azure Managed Grafana roles

The following built-in roles are available in Azure Managed Grafana, each providing different levels of access:

Built-in role Description ID
Grafana Admin Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. 22926164-76b3-42b3-bc55-97df8dab3e41
Grafana Editor View and edit a Grafana instance, including its dashboards and alerts. a79a5197-3a5c-4973-a920-486035ffd60f
Grafana Viewer View a Grafana instance, including its dashboards and alerts. 60921a7e-fef1-4a43-9b16-a26c52ad4769

To access the Grafana user interface, users must possess one of these roles.

These permissions are included within the broader roles of resource group Contributor and resource group Owner roles. If you're not a resource group Contributor or resource group Owner, a User Access Administrator, you will need to ask a subscription Owner or resource group Owner to grant you one of the Grafana roles on the resource you want to access.

Adding a role assignment to an Azure Managed Grafana resource

To add a role assignment to an Azure Managed Grafana instance, in your Azure Managed Grafana workspace, open the Access control (IAM) menu and select Add > Add role assignment.

Screenshot of the Azure portal. Adding a new role assignment.

Assign a role, such as Grafana viewer, to a user, group, service principal or managed identity. For more information about assigning a role, go to Grant access.