You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/managed-grafana/how-to-sync-teams-with-azure-ad-groups.md
+8-11Lines changed: 8 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,7 +11,7 @@ ms.date: 06/7/2024
11
11
12
12
# Configure Grafana teams with Microsoft Entra groups and Grafana team sync
13
13
14
-
In this guide, you learn how to use This guide will help you use Microsoft Entra groups with [Grafana Team Sync](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-team-sync/) to manage dashboard permissions in Azure Managed Grafana.
14
+
In this guide, you learn how to useMicrosoft Entra groups with [Grafana Team Sync](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-team-sync/) to manage dashboard permissions in Azure Managed Grafana.
15
15
16
16
In Azure Managed Grafana, you can use Azure's role-based access control (RBAC) roles for Grafana to define access rights. These permissions apply to all resources in your Grafana workspace by default, not per folder or dashboard. If you assign a user to the Grafana Editor role, that user can edit any dashboard in your Grafana workspace. However, with Grafana's [granular permission model](https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-team-sync/), you can adjust a user's default permission level for specific dashboards or dashboard folders.
17
17
@@ -28,17 +28,15 @@ Before you start, make sure you have:
28
28
- An Azure Managed Grafana instance. If needed, [create a new instance](quickstart-managed-grafana-portal.md).
29
29
- A Microsoft Entra group. If needed, [create a basic group and add members](/entra/fundamentals/how-to-manage-groups#create-a-basic-group-and-add-members).
30
30
31
-
## Assign a permission to the Microsoft Entra group
31
+
## Assign a permission to a Microsoft Entra group
32
32
33
33
The Microsoft Entra group must have a Grafana role to access the Grafana instance.
34
34
35
35
1. In your Grafana workspace, open the **Access control (IAM)** menu select **Add** > **Add new role assignment**.
36
36
37
37
:::image type="content" source="media/azure-ad-group-sync/add-role-assignment.png" alt-text="Screenshot of the Azure portal. Adding a new role assignment.":::
38
38
39
-
1. Assign a role, such as **Grafana viewer**, to the Microsoft Entra group.
40
-
41
-
For more information about assigning a role, go to [Grant access](../role-based-access-control/quickstart-assign-role-user-portal.md#grant-access).
39
+
1. Assign a role, such as **Grafana viewer**, to the Microsoft Entra group. For more information about assigning a role, go to [Grant access](../role-based-access-control/quickstart-assign-role-user-portal.md#grant-access).
42
40
43
41
### Create a Grafana team
44
42
@@ -76,16 +74,15 @@ Set up a Microsoft Entra ID-backed Grafana team.
76
74
77
75
:::image type="content" source="media/azure-ad-group-sync/add-permission-for-team.png" alt-text="Screenshot of the Grafana UI, adding a permission for a team in a Grafana folder.":::
78
76
79
-
> [!TIP]
80
-
> To check existing access permissions for a dashboard, open a dashboard and go to the **Permissions** tab. This page shows all permissions assigned for this dashboard and all inherited permissions.
81
-
82
-
:::image type="content" source="media/azure-ad-group-sync/view-permissions.png" alt-text="Screenshot of the Grafana UI, showing permission for a Grafana dashboard.":::
77
+
> [!TIP]
78
+
> To check existing access permissions for a dashboard, open a dashboard and go to the **Permissions** tab. This page shows all permissions assigned for this dashboard and all inherited permissions.
79
+
> :::image type="content" source="media/azure-ad-group-sync/view-permissions.png" alt-text="Screenshot of the Grafana UI, showing permission for a Grafana dashboard.":::
83
80
84
81
### Scope down access
85
82
86
-
You can scale down access by removing permissions to access one or more folders.
83
+
You can limit access by removing permissions to access one or more folders.
87
84
88
-
For example, if a user, group of users has the Grafana Viewer role on a Grafana instance, disable their access to a folder by following these steps:
85
+
For example, to disable access to a user who has the Grafana Viewer role on a Grafana instance, remove their access to a Grafana folder by following these steps:
89
86
90
87
1. In the Grafana UI, go to a folder you want to hide from the user.
91
88
1. In the **Permissions** tab, select the **X** button to the right of the **Viewer** permission to remove this permission from this folder.
0 commit comments