You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/managed-grafana/how-to-permissions.md
+13-5Lines changed: 13 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,22 +64,30 @@ Assign a role assignment using the [az role assignment create](/cli/azure/role/a
64
64
65
65
In the code below, replace the following placeholders:
66
66
67
-
-`<assignee>`: enter the assignee's object ID. For a managed identity, enter the managed identity's ID.
68
-
-`<roleNameOrId>`: enter the role's name or ID. For Monitoring Reader, enter `Monitoring Reader` or `43d0d8ad-25c7-4714-9337-8ba259a9fe05`.
69
-
-`<scope>`: enter the full ID of the resource Azure Managed Grafana needs access to.
67
+
-`<assignee>`: If its --assignee parameter then enter the assignee's object ID or user sign-in name or service principal name. If its --assignee-object-id parameter then enter object IDs for users or groups or service principals or managed identities. For managed identities use the principal ID. For service principals, use the object ID and not the app ID. For more information, refer [az role assignment create](/cli/azure/role/assignment#az-role-assignment-create) command.
68
+
-`<roleNameOrId>`: Enter the role's name or ID. For Monitoring Reader, enter `Monitoring Reader` or `43d0d8ad-25c7-4714-9337-8ba259a9fe05`.
69
+
-`<scope>`: Enter the full ID of the resource Azure Managed Grafana needs access to.
70
70
71
71
```azurecli
72
72
az role assignment create --assignee "<assignee>" \
73
73
--role "<roleNameOrId>" \
74
74
--scope "<scope>"
75
75
```
76
76
77
+
or
78
+
79
+
```azurecli
80
+
az role assignment create --assignee-object-id "<assignee>" --assignee-principal-type "<ForeignGroup / Group / ServicePrincipal / User>" \
81
+
--role "<roleNameOrId>" \
82
+
--scope "<scope>"
83
+
```
84
+
77
85
Example: assigning permission for an Azure Managed Grafana instance to access an Application Insights resource using a managed identity.
78
86
79
87
```azurecli
80
-
az role assignment create --assignee "/subscriptions/abcdef01-2345-6789-0abc-def012345678/resourcegroups/my-rg/providers/Microsoft.Dashboard/grafana/mygrafanaworkspace" \
88
+
az role assignment create --assignee-object-id "abcdef01-2345-6789-0abc-def012345678" --assignee-principal-type "ServicePrincipal" \
For more information about assigning Azure roles using the Azure CLI, refer to the [Role based access control documentation](../role-based-access-control/role-assignments-cli.md).
0 commit comments