Access control

Access control in workbooks refers to two things:

  • Access required to read data in a workbook. This access is controlled by standard Azure roles on the resources used in the workbook. Workbooks do not specify or configure access to those resources. Users would usually get this access to those resources using the Monitoring Reader role on those resources.

  • Access required to save workbooks

    • Saving private ("My") workbooks requires no additional privileges. All users can save private workbooks, and only they can see those workbooks.
    • Saving shared workbooks requires write privileges in a resource group to save the workbook. These privileges are usually specified by the Monitoring Contributor role, but can also be set via the Workbooks Contributor role.

Monitoring Reader includes standard /read privileges that would be used by monitoring tools (including workbooks) to read data from resources.

Monitoring Contributor includes general /write privileges used by various monitoring tools for saving items (including workbooks/write privilege to save shared workbooks). “Workbooks Contributor” adds “workbooks/write” privileges to an object to save shared workbooks. No special privileges are required for users to save private workbooks that only they can see.

For custom Role-based access control:

Add microsoft.insights/workbooks/write to save shared workbooks. For more details, see the Workbook Contributor role.

Next steps

  • Get started learning more about workbooks many rich visualizations options.