Grant data access to an environment

This article discusses the two types of Azure Time Series Insights Preview access policies.

Tip

Read Authentication and Authorization for Azure Active Directory app registration steps.

Sign in to Time Series Insights

  1. Sign in to the Azure portal.
  2. Locate your Time Series Insights environment. Enter Time Series in the Search box. Select Time Series Environment in the search results.
  3. Select your Time Series Insights environment from the list.

Grant data access

Follow these steps to grant data access for a user principal.

  1. Select Data Access Policies, and then select + Add.

    Select and add a Data Access Policy

  2. Choose Select user. Search for the user name or email address to locate the user you want to add. Select Select to confirm the selection.

    Select a user to add

  3. Choose Select role. Choose the appropriate access role for the user:

    • Select Contributor if you want to allow the user to change reference data and share saved queries and perspectives with other users of the environment.

    • Otherwise, select Reader to allow the user to query data in the environment and save personal, not shared, queries in the environment.

    Select OK to confirm the role choice.

    Confirm the selected role

  4. Select OK on the Select User Role page.

    Select OK on the Select User Role page

  5. Confirm that the Data Access Policies page lists the users and the roles for each user.

    Verify the correct users and roles

Provide guest access from another Azure AD tenant

The Guest role isn’t a management role. It’s a term used for an account that’s invited from one tenant to another. After the guest account is invited into the tenant’s directory, it can have the same access control applied to it like any other account. You can grant management access to a Time Series Insights Environment by using the Access Control (IAM) blade. Or you can grant access to the data in the environment through the Data Access Policies blade. For more information on Azure Active Directory (Azure AD) tenant guest access, read Add Azure Active Directory B2B collaboration users in the Azure portal.

Follow these steps to grant guest access to a Time Series Insights environment to an Azure AD user from another tenant.

  1. Select Data Access Policies, and then select + Invite.

    Select Data Access Polices, then + Invite

  2. Enter the email address for the user you want to invite. This email address must be associated with Azure AD. You can optionally include a personal message with the invitation.

    Enter the email address to find the selected user

  3. Look for the confirmation bubble that appears on the screen.

    Look for the confirmation bubble to appear

  4. Choose Select user. Search for the email address of the guest user you invited to locate the user you want to add. Then, Select to confirm the selection.

    Select the user and confirm the selection

  5. Choose Select role. Choose the appropriate access role for the guest user:

    • Select Contributor if you want to allow the user to change reference data and share saved queries and perspectives with other users of the environment.

    • Otherwise, select Reader to allow the user to query data in the environment and save personal, not shared, queries in the environment.

    Select OK to confirm the role choice.

    Confirm the role choice

  6. Select OK on the Select User Role page.

  7. Confirm that the Data Access Policies page lists the guest user and the roles for each guest user.

    Verify that users and roles are correctly assigned

  8. Now, the guest user will receive an invitation email at the email address specified above. The guest user will select Get Started to confirm their acceptance and connect to Azure Cloud.

    Guest selects Get Started to accept

  9. After selecting Get Started the guest user will be presented with a permissions box associated with the administrator's organization. Upon granting permission by selecting Accept, they will be signed in.

    Guest reviews permissions and accepts

  10. The administrator shares the environment URL with their guest.

  11. After the guest user is signed in to the email address you used to invite them, and they accept the invitation, they will be directed to Azure portal.

  12. The guest can now access the shared environment using the environment URL provided by the administrator. They can enter that URL into their web browser for immediate access.

  13. The guest user will see the administrator's tenant by selecting their profile icon in the upper-right corner of the Time Series explorer.

    Avatar selection on insights.azure.com

    After the guest user selects the administrator's tenant, they will have the ability to select the shared Time Series Insights environment.

    They now have all the capabilities associated with the role that you provided them with in step 5.

    Guest user selects your Azure tenant from drop-down

Next steps