|
| 1 | +--- |
| 2 | +title: "Azure role-based access control - Azure Managed Grafana" |
| 3 | +titleSuffix: Azure Managed Grafana |
| 4 | +description: This conceptual article introduces Azure role-based access control for Azure Managed Grafana resources. |
| 5 | +#customer intent: As a Grafana user, I want to understand how Azure role-based access control (RBAC) works with Azure Managed Grafana so that I can manage access to Azure Managed Grafana workspaces. |
| 6 | +author: maud-lv |
| 7 | +ms.service: managed-grafana |
| 8 | +ms.topic: concept-article |
| 9 | +ms.date: 06/28/2024 |
| 10 | +ms.author: malev |
| 11 | +--- |
| 12 | + |
| 13 | +# Azure Managed Grafana access control |
| 14 | + |
| 15 | +# Azure role-based access control |
| 16 | + |
| 17 | +Azure Managed Grafana supports [Azure role-based access control (RBAC)](../../role-based-access-control/index.yml), an authorization system that lets you manage individual access to your Azure resources. |
| 18 | + |
| 19 | +Azure RBAC enables you to allocate varying permission levels to users, groups, service principals, or managed identities, for managing your Azure Managed Grafana resources. |
| 20 | + |
| 21 | +# Azure Managed Grafana roles |
| 22 | + |
| 23 | +The following built-in roles are available in Azure Managed Grafana, each providing different levels of access: |
| 24 | + |
| 25 | +> [!div class="mx-tableFixed"] |
| 26 | +> | Built-in role | Description | ID | |
| 27 | +> | --- | --- | --- | |
| 28 | +> | <a name='grafana-admin'></a>[Grafana Admin](./built-in-roles/monitor.md#grafana-admin) | Perform all Grafana operations, including the ability to manage data sources, create dashboards, and manage role assignments within Grafana. | 22926164-76b3-42b3-bc55-97df8dab3e41 | |
| 29 | +> | <a name='grafana-editor'></a>[Grafana Editor](./built-in-roles/monitor.md#grafana-editor) | View and edit a Grafana instance, including its dashboards and alerts. | a79a5197-3a5c-4973-a920-486035ffd60f | |
| 30 | +> | <a name='grafana-viewer'></a>[Grafana Viewer](./built-in-roles/monitor.md#grafana-viewer) | View a Grafana instance, including its dashboards and alerts. | 60921a7e-fef1-4a43-9b16-a26c52ad4769 | |
| 31 | +
|
| 32 | +To access the Grafana user interface, users must possess one of these roles. |
| 33 | + |
| 34 | +These permissions are included within the broader roles of resource group Contributor and resource group Owner roles. If you're not a resource group Contributor or resource group Owner, a User Access Administrator, you will need to ask a subscription Owner or resource group Owner to grant you one of the Grafana roles on the resource you want to access. |
| 35 | + |
| 36 | +## Adding a role assignment to an Azure Managed Grafana resource |
| 37 | + |
| 38 | +To add a role assignment to an Azure Managed Grafana instance, in your Azure Managed Grafana workspace, open the **Access control (IAM)** menu and select **Add** > **Add new role assignment**. |
| 39 | + |
| 40 | + :::image type="content" source="media/azure-ad-group-sync/add-role-assignment.png" alt-text="Screenshot of the Azure portal. Adding a new role assignment."::: |
| 41 | + |
| 42 | +Assign a role, such as **Grafana viewer**, to a user, group, service principal or managed identity. For more information about assigning a role, go to [Grant access](../role-based-access-control/quickstart-assign-role-user-portal.md#grant-access). |
| 43 | + |
| 44 | +## Related content |
| 45 | + |
| 46 | +* [Configure Grafana teams](how-to-sync-teams-with-azure-ad-groups.md) |
| 47 | +* [Set up authentication and permissions](how-to-authentication-permissions.md) |
0 commit comments