Azure role-based access control within Azure Managed Grafana
Azure Managed Grafana supports Azure role-based access control (RBAC), an authorization system that lets you manage individual access to your Azure resources.
Azure RBAC enables you to allocate varying permission levels to users, groups, service principals, or managed identities, for managing your Azure Managed Grafana resources.
Azure Managed Grafana roles
The following built-in roles are available in Azure Managed Grafana, each providing different levels of access:
| Built-in role | Description | ID |
|---|---|---|
| Grafana Admin | Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 |
| Grafana Editor | View and edit a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f |
| Grafana Viewer | View a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
To access the Grafana user interface, users must possess one of these roles.
These permissions are included within the broader roles of resource group Contributor and resource group Owner roles. If you're not a resource group Contributor or resource group Owner, a User Access Administrator, you will need to ask a subscription Owner or resource group Owner to grant you one of the Grafana roles on the resource you want to access.
Adding a role assignment to an Azure Managed Grafana resource
To add a role assignment to an Azure Managed Grafana instance, in your Azure Managed Grafana workspace, open the Access control (IAM) menu and select Add > Add role assignment.
Assign a role, such as Grafana viewer, to a user, group, service principal or managed identity. For more information about assigning a role, go to Grant access.