Merge pull request #294914 from maud-lv/ml-amgcreatoradmin

PMEds28 · web-flow · commit dcbe33a89a6c · 2025-05-07T10:40:37.000+01:00
Add information about Creator can admin option
diff --git a/articles/managed-grafana/quickstart-managed-grafana-cli.md b/articles/managed-grafana/quickstart-managed-grafana-cli.md
@@ -5,7 +5,7 @@ ms.service: azure-managed-grafana
 ms.topic: quickstart
 author: maud-lv
 ms.author: malev
-ms.date: 12/17/2024
+ms.date: 03/14/2025
 ms.devlang: azurecli
 ms.custom: engagement-fy23, devx-track-azurecli
 # customer intent: As a developer or a data analyst, I want to create a new Azure Managed Grafana workspace using the Azure CLI.
@@ -16,17 +16,20 @@ ms.custom: engagement-fy23, devx-track-azurecli
 Get started using Azure Managed Grafana by creating an Azure Managed Grafana workspace using the Azure CLI.
 
 >[!NOTE]
-> Azure Managed Grafana has [two pricing plans](overview.md#service-tiers). This guides takes you through creating a new workspace in the Standard plan. To generate a workspace in the Essential (preview) plan, [use the Azure portal](quickstart-managed-grafana-portal.md).
+> Azure Managed Grafana has [two pricing plans](overview.md#service-tiers). This guide takes you through creating a new workspace in the Standard plan. To create a workspace in the Essential (preview) plan, [use the Azure portal](quickstart-managed-grafana-portal.md).
 
 ## Prerequisites
 
 - An Azure account for work or school with an active subscription. [Create an account for free](https://azure.microsoft.com/free).
 - Minimum required role to create a workspace: resource group Contributor.
 - Minimum required role to access the Grafana UI: resource group Owner.
-    >[!NOTE]
-    > If you don't meet this requirement, once you've created a new Azure Managed Grafana workspace, ask a User Access Administrator, subscription Owner or resource group Owner to grant you a Grafana Admin, Grafana Editor or Grafana Viewer role on the workspace.
 
-[!INCLUDE [azure-cli-prepare-your-environment-no-header.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
+    > [!NOTE]
+    > If you're not a resource group Owner:
+    >  - once you've created the Azure Managed Grafana workspace, ask a User Access Administrator, subscription Owner or resource group Owner to grant you a Grafana Admin, Grafana Editor or Grafana Viewer role
+    >  - or consider creating the workspace using the **Creator can admin (Preview)** feature available from the Azure portal. Refer to the [Azure portal quickstart](quickstart-managed-grafana-portal.md) for more information.
+
+ [!INCLUDE [azure-cli-prepare-your-environment-no-header.md](~/reusable-content/azure-cli/azure-cli-prepare-your-environment-no-header.md)]
 
 ## Sign in to Azure
 
diff --git a/articles/managed-grafana/quickstart-managed-grafana-portal.md b/articles/managed-grafana/quickstart-managed-grafana-portal.md
@@ -18,9 +18,6 @@ In this quickstart, you get started with Azure Managed Grafana by creating an Az
 
 - An Azure account for work or school and an active subscription. [Create an account for free](https://azure.microsoft.com/free).
 - Minimum required role to create a workspace: resource group Contributor.
-- Minimum required role to access the Grafana UI: resource group Owner.
-    >[!NOTE]
-    > If you don't meet this requirement, once you've created a new Azure Managed Grafana workspace, ask a User Access Administrator, subscription Owner or resource group Owner to grant you a Grafana Admin, Grafana Editor or Grafana Viewer role on the workspace.
 
 ## Create an Azure Managed Grafana workspace
 
@@ -48,17 +45,26 @@ In this quickstart, you get started with Azure Managed Grafana by creating an Az
     - **Enable API key creation** is set to **Disable** by default.
     - If you've opted for the Standard plan, optionally enable the **Deterministic outbound IP** feature, which is set to **Disable** by default.
 
-1. Select **Next : Permission >** to control access rights for your Grafana workspace and data sources:
-   1. **System assigned managed identity** is set to **On**.
+1. Select **Next : Permission >** to control access rights for your Grafana instance and data sources:
+    - **System assigned managed identity** is set to **On**.
 
-      >[!NOTE]
-      >You can use a user-assigned managed identity instead of the default system-assigned managed identity once the Azure Managed Grafana resource is deployed. To learn more, go to [Set up Azure Managed Grafana authentication and permissions (preview)](how-to-authentication-permissions.md).
+      > [!NOTE]
+      > You can use a user-assigned managed identity instead of the default system-assigned managed identity once the Azure Managed Grafana resource is deployed. For more information, go to [Set up Azure Managed Grafana authentication and permissions (preview)](how-to-authentication-permissions.md).
 
-   1. The box **Add role assignment to this identity with 'Monitoring Reader' role on target subscription** is checked by default.
+    - If you're a subscription Owner or a User Access Administrator:
+        - the box **Add role assignment to this identity with 'Monitoring Reader' role on target subscription** is checked by default. This role assignment allows Azure Managed Grafana to access and display monitoring data from various Azure services.
+        - the box **Include myself** under **Grafana administrator role** is checked. This option grants you the Grafana administrator role, and lets you manage access rights. Optionally select **Add** to share this right with team members.
+    - If you're not a subscription Owner or a User Access Administrator, you can either:
+        - ask a subscription Owner or a User Access Administrator to assign you the Grafana Admin role
+        - or enable **Creator can admin (Preview)**. This option available in preview grants you the required permissions to access and manage the Grafana resource.
 
-   1. The box **Include myself** under **Grafana administrator role** is checked. This option grants you the Grafana administrator role, and lets you manage access rights. You can give this right to more members by selecting **Add**. If this option grays out for you, ask someone with the Owner role on the subscription to assign you the Grafana Admin role.
-   
-   1. If you've opted for the Standard plan, optionally disable public access and create a private endpoint that can access your resource.
+        > [!NOTE]
+        > The **Creator can admin (Preview)** option can only be enabled when creating the workspace. Later on, it can be disabled from the **Configuration** menu if the workspace creator doesn't need this level of access anymore. Once disabled, it cannot be enabled again. If this option is disabled and the user needs to access this Grafana instance again, they will need [a Grafana role](how-to-manage-access-permissions-users-identities.md).
+
+        > [!NOTE]
+        > The **Creator can admin (Preview)** option may not be available in some specific scenarios. For example, it doesn't support workspaces managed by Cloud Solution Providers (CSPs). In CSP scenarios, the necessary information about the individual creator of the resource is not accessible. As a result, the feature cannot grant administrative privileges to the creator.
+
+1. If you've opted for the Standard plan, in the **Networking** tab, optionally disable public access and create a private endpoint that can access your resource.
  
 1. Optionally select **Next : Tags** and add tags to categorize resources.
 
@@ -68,13 +74,16 @@ In this quickstart, you get started with Azure Managed Grafana by creating an Az
 
 1. Once the deployment is complete, select **Go to resource** to open your resource.
 
-1. In the **Overview** tab's Essentials section, select the **Endpoint** URL. Single sign-on via Microsoft Entra ID has been configured for you automatically. If prompted, enter your Azure account.
+1. In the **Overview** tab, select the **Endpoint** URL. Single sign-on via Microsoft Entra ID has been configured for you automatically. If prompted, enter your Azure account. 
 
     :::image type="content" source="media/quickstart-portal/grafana-overview.png" alt-text="Screenshot of the Azure portal. Endpoint URL display.":::
 
+    You can now start interacting with the Grafana application to configure data sources, create dashboards, reports and alerts. Suggested read: [Monitor Azure services and applications using Grafana](/azure/azure-monitor/visualize/grafana-plugin).
+
     :::image type="content" source="media/quickstart-portal/grafana-ui.png" alt-text="Screenshot of an Azure Managed Grafana workspace.":::
 
-You can now start interacting with the Grafana application to configure data sources, create dashboards, reports and alerts. Suggested read: [Monitor Azure services and applications using Grafana](/azure/azure-monitor/visualize/grafana-plugin).
+> [!IMPORTANT]
+> The **Creator can admin (Preview)** option is designed to be used for testing purposes. Whenever possible, we recommend assigning a [Grafana role](how-to-manage-access-permissions-users-identities.md) to all team members who need to access the Grafana portal and disabling the **Creator can edit** option.
 
 ## Clean up resources
 
@@ -84,7 +93,7 @@ In the preceding steps, you created an Azure Managed Grafana workspace in a new
 1. In the **Overview** page, make sure that the listed resources are the ones you want to delete.
 1. Select **Delete**, type the name of your resource group in the text box, and then select **Delete**.
 
-## Next steps
+## Next step
 
 > [!div class="nextstepaction"]
 > [How to configure data sources for Azure Managed Grafana](./how-to-data-source-plugins-managed-identity.md)
