User Role in Grafana is reverting to Viewer

Question

Description

Having Grafana v7.3.6 deployed in Kubernetes, and integrated with Azure AD for logging in.

There is a user that initially had the Viewer role assigned and it's been a while since we decided to assign him the Editor or Admin Role instead of Viewer.

Changing the permission from Grafana Web-UI works fine as expected, but after like 7 or 10 days, it reverts back to Viewer.

PS. Our AzureAD specialist stated that he has updated the Azure configs/roles relevant to that user.

What I have tried

• I have tried both Editor and Admin roles but no matter what it is being reverted.
• I have tried to restart the Grafana POD (After updating the Role) and see if it can cause the permissions to be reverted but it didn't.

Answer 1

That's correct:

On every login the user organization role will be reset to match AzureAD’s application role and their organization membership will be reset to the default organization.

Doc: https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/azuread/#map-roles

Configure proper role mapping, so user will have desired role in the AD.

Or skip that org role sync and manage roles via UI.

You have quite old Grafana, so you may need to upgrade it to use all mentioned Grafana Azure AD config options.