I’m trying to make it so that all new users to my site are Editors, and no one is assigned the viewer role. I’m using Azure AD authentication. The problem is that many new users are being assigned the viewer role, despite my attempts to remove it.
I followed the regular steps to set up AAD OAuth2 here: https://grafana.com/docs/grafana/latest/auth/azuread/. In my grafana.ini, I have auto_assign_org_role = Editor, and have not created any additional orgs or changed the settings for the default org. Still, users are assigned Viewer instead of Editor.
I removed the Viewer role from the manifest (described in the steps in the link above), which I thought would prevent that from being accessible at all. Still, they are assigned Viewer. When I check the user assignments in Azure, they are assigned “Default Access”, but that seems to resolve to Viewer role on the Grafana site.
Has anyone had this issue? Am I missing a config setting somewhere?