Add Grafana roles.

Author: maud-lv

articles/role-based-access-control/built-in-roles.md

@@ -264,7 +264,10 @@ The following table provides a brief description of each built-in role. Click th
 > | [Blueprint Contributor](#blueprint-contributor) | Can manage blueprint definitions, but not assign them. | 41077137-e803-4205-871c-5a86e6a753b4 |
 > | [Blueprint Operator](#blueprint-operator) | Can assign existing published blueprints, but cannot create new blueprints. Note that this only works if the assignment is done with a user-assigned managed identity. | 437d2ced-4a38-4302-8479-ed2bcb43d090 |
 > | [Cost Management Contributor](#cost-management-contributor) | Can view costs and manage cost configuration (e.g. budgets, exports) | 434105ed-43f6-45c7-a02f-909b2ba83430 |
-> | [Cost Management Reader](#cost-management-reader) | Can view cost data and configuration (e.g. budgets, exports) | 72fafb9e-0641-4937-9268-a91bfd8191a3 |
+> | [Cost Management Reader](#cost-management-reader) | Can view cost data and configuration (e.g. budgets, exports) | 72fafb9e-0641-4937-9268-a91bfd819a3 |
+> | [Grafana Admin](#grafana-admin) | Can perform all Grafana operations, including managing data sources, creating dashboards and managing role assignments. | 22926164-76b3-42b3-bc55-97df8dab3e41 |
+> | [Grafana Editor](#grafana-editor) | Can view and edit  a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f |
+> | [Grafana Viewer](#grafana-viewer) | Can view a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
 > | [Hierarchy Settings Administrator](#hierarchy-settings-administrator) | Allows users to edit and delete Hierarchy Settings | 350f8d15-c687-4448-8ae1-157740a3936d |
 > | [Kubernetes Cluster - Azure Arc Onboarding](#kubernetes-cluster---azure-arc-onboarding) | Role definition to authorize any user/service to create connectedClusters resource | 34e09817-6cbe-4d01-b1a2-e0eac5743d41 |
 > | [Kubernetes Extension Contributor](#kubernetes-extension-contributor) | Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations | 85cb6faf-e071-4c9b-8136-154b5a04f717 |
@@ -13399,6 +13402,102 @@ Can view cost data and configuration (e.g. budgets, exports) [Learn more](../cos
 }
 ```
 
+### Grafana Admin
+
+Can perform all Grafana operations, including managing data sources, creating dashboards and managing role assignments.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Dashboard](resource-provider-operations.md#microsoftdashboard)/grafana/ActAsGrafanaAdmin/action | Built-in Grafana admin role. |
+
+```json
+{
+    "id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41",
+    "properties": {
+        "roleName": "Grafana Admin",
+        "description": "Built-in Grafana Admin role",
+        "assignableScopes": [
+            "/"
+        ],
+        "permissions": [
+            {
+                "actions": [],
+                "notActions": [],
+                "dataActions": [
+                    "Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action"
+                ],
+                "notDataActions": []
+            }
+        ]
+    }
+}
+```
+
+### Grafana Editor
+
+Can view and edit a Grafana instance, including its dashboards and alerts.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Dashboard](resource-provider-operations.md#microsoftdashboard)/grafana/ActAsGrafanaEditor/action | Built-in Grafana Editor role. |
+
+```json
+{
+    "id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f",
+    "properties": {
+        "roleName": "Grafana Editor",
+        "description": "Built-in Grafana Editor role",
+        "assignableScopes": [
+            "/"
+        ],
+        "permissions": [
+            {
+                "actions": [],
+                "notActions": [],
+                "dataActions": [
+                    "Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action"
+                ],
+                "notDataActions": []
+            }
+        ]
+    }
+}
+```
+
+### Grafana Viewer
+
+Can view a Grafana instance, including its dashboards and alerts.
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | [Microsoft.Dashboard](resource-provider-operations.md#microsoftdashboard)/grafana/ActAsGrafanaViewer/action | Built-in Grafana Viewer role. |
+
+```json
+{
+    "id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769",
+    "properties": {
+        "roleName": "Grafana Viewer",
+        "description": "Built-in Grafana Viewer role",
+        "assignableScopes": [
+            "/"
+        ],
+        "permissions": [
+            {
+                "actions": [],
+                "notActions": [],
+                "dataActions": [
+                    "Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action"
+                ],
+                "notDataActions": []
+            }
+        ]
+    }
+}
+```
+
 ### Hierarchy Settings Administrator
 
 Allows users to edit and delete Hierarchy Settings

articles/role-based-access-control/resource-provider-operations.md

@@ -142,6 +142,7 @@ Click the resource provider name in the following table to see the list of opera
 | [Microsoft.Commerce](#microsoftcommerce) |
 | [Microsoft.Consumption](#microsoftconsumption) |
 | [Microsoft.CostManagement](#microsoftcostmanagement) |
+| [Microsoft.Dashboard](#microsoftdashboard) |
 | [Microsoft.DataProtection](#microsoftdataprotection) |
 | [Microsoft.Features](#microsoftfeatures) |
 | [Microsoft.GuestConfiguration](#microsoftguestconfiguration) |
@@ -12639,6 +12640,17 @@ Azure service: [Cost Management](../cost-management-billing/index.yml)
 > | Microsoft.CostManagement/views/delete | Delete saved views. |
 > | Microsoft.CostManagement/views/write | Update view. |
 
+### Microsoft.Dashboard
+
+Azure service: [Azure Managed Grafana](../managed-grafana/index.yml)
+
+> [!div class="mx-tableFixed"]
+> | Action | Description |
+> | --- | --- |
+> | Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action | Built-in Grafana Admin role. |
+> | Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | Built-in Grafana Editor role. |
+> | Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | Built-in Grafana Viewer role. |
+
 ### Microsoft.DataProtection
 
 Azure service: Microsoft.DataProtection
@@ -13810,4 +13822,4 @@ Azure service: [Services Hub](/services-hub/)
 
 - [Match resource provider to service](../azure-resource-manager/management/azure-services-resource-providers.md)
 - [Azure built-in roles](built-in-roles.md)
-- [Cloud Adoption Framework: Resource access management in Azure](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management)
+- [Cloud Adoption Framework: Resource access management in Azure](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management)