Add Grafana Limited Viewer role

Author: maud-lv

articles/managed-grafana/concept-role-based-access-control.md

@@ -25,11 +25,12 @@ The following built-in roles are available in Azure Managed Grafana, each provid
 > | --- | --- | --- |
 > | <a name='grafana-admin'></a>[Grafana Admin](../role-based-access-control/built-in-roles/monitor.md#grafana-admin) | Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 |
 > | <a name='grafana-editor'></a>[Grafana Editor](../role-based-access-control/built-in-roles/monitor.md#grafana-editor) | View and edit a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f |
+> | <a name='grafana-limited-viewer'></a>[Grafana Limited Viewer](../role-based-access-control/built-in-roles/monitor.md#grafana-limited-viwer) | View a Grafana home page. | 41e04612-9dac-4699-a02b-c82ff2cc3fb5 |
 > | <a name='grafana-viewer'></a>[Grafana Viewer](../role-based-access-control/built-in-roles/monitor.md#grafana-viewer) | View a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
 
 To access the Grafana user interface, users must possess one of these roles. 
 
-These permissions are included within the broader roles of resource group Contributor and resource group Owner roles. If you're not a resource group Contributor or resource group Owner, a User Access Administrator, you will need to ask a subscription Owner or resource group Owner to grant you one of the Grafana roles on the resource you want to access.
+These permissions are included within the broader roles of resource group Contributor and resource group Owner roles. If you're not a resource group Contributor or a resource group Owner, you will need to ask a subscription Owner or resource group Owner to grant you one of the Grafana roles on the resource you want to access.
 
 ## Adding a role assignment to an Azure Managed Grafana resource
 

articles/role-based-access-control/built-in-roles.md

@@ -391,6 +391,7 @@ The following table provides a brief description of each built-in role. Click th
 > | <a name='application-insights-snapshot-debugger'></a>[Application Insights Snapshot Debugger](./built-in-roles/monitor.md#application-insights-snapshot-debugger) | Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Note that these permissions are not included in the [Owner](/azure/role-based-access-control/built-in-roles#owner) or [Contributor](/azure/role-based-access-control/built-in-roles#contributor) roles. When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. The role is not recognized when it is added to a custom role. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b |
 > | <a name='grafana-admin'></a>[Grafana Admin](./built-in-roles/monitor.md#grafana-admin) | Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 |
 > | <a name='grafana-editor'></a>[Grafana Editor](./built-in-roles/monitor.md#grafana-editor) | View and edit a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f |
+> | <a name='grafana-editor'></a>[Grafana Editor](./built-in-roles/monitor.md#grafana-limited-viewer) | View home page. | 41e04612-9dac-4699-a02b-c82ff2cc3fb5 |
 > | <a name='grafana-viewer'></a>[Grafana Viewer](./built-in-roles/monitor.md#grafana-viewer) | View a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 |
 > | <a name='monitoring-contributor'></a>[Monitoring Contributor](./built-in-roles/monitor.md#monitoring-contributor) | Can read all monitoring data and edit monitoring settings. See also [Get started with roles, permissions, and security with Azure Monitor](/azure/azure-monitor/roles-permissions-security#built-in-monitoring-roles). | 749f88d5-cbae-40b8-bcfc-e573ddc772fa |
 > | <a name='monitoring-metrics-publisher'></a>[Monitoring Metrics Publisher](./built-in-roles/monitor.md#monitoring-metrics-publisher) | Enables publishing metrics against Azure resources | 3913510d-42f4-4e42-8a64-420c390055eb |

articles/role-based-access-control/built-in-roles/monitor.md

@@ -136,7 +136,7 @@ Gives user permission to view and download debug snapshots collected with the Ap
 
 Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana.
 
-[Learn more](/azure/managed-grafana/how-to-share-grafana-workspace)
+[Learn more](/azure/managed-grafana/concept-role-based-access-control)
 
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
@@ -177,7 +177,7 @@ Perform all Grafana operations, including the ability to manage data sources, cr
 
 View and edit a Grafana instance, including its dashboards and alerts.
 
-[Learn more](/azure/managed-grafana/how-to-share-grafana-workspace)
+[Learn more](/azure/managed-grafana/concept-role-based-access-control)
 
 > [!div class="mx-tableFixed"]
 > | Actions | Description |
@@ -214,11 +214,51 @@ View and edit a Grafana instance, including its dashboards and alerts.
 }
 ```
 
+## Grafana Limited Viewer
+
+View a Grafana home page.
+
+[Learn more](/azure/managed-grafana/concept-role-based-access-control)
+
+> [!div class="mx-tableFixed"]
+> | Actions | Description |
+> | --- | --- |
+> | *none* |  |
+> | **NotActions** |  |
+> | *none* |  |
+> | **DataActions** |  |
+> | [Microsoft.Dashboard](../permissions/monitor.md#microsoftdashboard)/grafana/ActAsGrafanaLimitedViewer/action | Act as Grafana Limited Viewer role |
+> | **NotDataActions** |  |
+> | *none* |  |
+
+```json
+{
+    "id": "/providers/Microsoft.Authorization/roleDefinitions/41e04612-9dac-4699-a02b-c82ff2cc3fb5",
+    "properties": {
+        "roleName": "Grafana Limited Viewer",
+        "description": "View home page.",
+        "assignableScopes": [
+            "/"
+        ],
+        "permissions": [
+            {
+                "actions": [],
+                "notActions": [],
+                "dataActions": [
+                    "Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action"
+                ],
+                "notDataActions": []
+            }
+        ]
+    }
+}
+```
+
 ## Grafana Viewer
 
 View a Grafana instance, including its dashboards and alerts.
 
-[Learn more](/azure/managed-grafana/how-to-share-grafana-workspace)
+[Learn more](/azure/managed-grafana/concept-role-based-access-control)
 
 > [!div class="mx-tableFixed"]
 > | Actions | Description |

articles/role-based-access-control/permissions/monitor.md

@@ -89,6 +89,7 @@ Azure service: [Azure Managed Grafana](/azure/managed-grafana/)
 > | **DataAction** | **Description** |
 > | Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action | Act as Grafana Admin role |
 > | Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | Act as Grafana Editor role |
+> | Microsoft.Dashboard/grafana/ActAsGrafanaLimitedViewer/action | Act as Grafana Viewer role |
 > | Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | Act as Grafana Viewer role |
 
 ## Microsoft.Insights