diff --git a/pkg/infra/appcontext/user.go b/pkg/infra/appcontext/user.go
index d2bd57aa000..33345753a3f 100644
--- a/pkg/infra/appcontext/user.go
+++ b/pkg/infra/appcontext/user.go
@@ -4,6 +4,10 @@ import (
 	"context"
 	"fmt"
 
+	k8suser "k8s.io/apiserver/pkg/authentication/user"
+	"k8s.io/apiserver/pkg/endpoints/request"
+
+	"github.com/grafana/grafana/pkg/models/roletype"
 	"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
 	contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
 	grpccontext "github.com/grafana/grafana/pkg/services/grpcserver/context"
@@ -38,6 +42,26 @@ func User(ctx context.Context) (*user.SignedInUser, error) {
 		return c.SignedInUser, nil
 	}
 
+	// Find the kubernetes user info
+	k8sUserInfo, ok := request.UserFrom(ctx)
+	if ok {
+		for _, group := range k8sUserInfo.GetGroups() {
+			switch group {
+			case k8suser.APIServerUser:
+				fallthrough
+			case k8suser.SystemPrivilegedGroup:
+				return &user.SignedInUser{
+					UserID:         1,
+					OrgID:          1,
+					Name:           k8sUserInfo.GetName(),
+					Login:          k8sUserInfo.GetName(),
+					OrgRole:        roletype.RoleAdmin,
+					IsGrafanaAdmin: true,
+				}, nil
+			}
+		}
+	}
+
 	return nil, fmt.Errorf("a SignedInUser was not found in the context")
 }
 
diff --git a/pkg/services/grafana-apiserver/auth/authorizer/provider.go b/pkg/services/grafana-apiserver/auth/authorizer/provider.go
index a330028f750..4deb3e414ee 100644
--- a/pkg/services/grafana-apiserver/auth/authorizer/provider.go
+++ b/pkg/services/grafana-apiserver/auth/authorizer/provider.go
@@ -1,9 +1,7 @@
 package authorizer
 
 import (
-	"k8s.io/apiserver/pkg/authentication/user"
 	"k8s.io/apiserver/pkg/authorization/authorizer"
-	"k8s.io/apiserver/pkg/authorization/authorizerfactory"
 	"k8s.io/apiserver/pkg/authorization/union"
 
 	"github.com/grafana/grafana/pkg/services/grafana-apiserver/auth/authorizer/org"
@@ -17,12 +15,7 @@ func ProvideAuthorizer(
 	stackIDAuthorizer *stack.StackIDAuthorizer,
 	cfg *setting.Cfg,
 ) authorizer.Authorizer {
-	authorizers := []authorizer.Authorizer{
-		// This will allow privileged uses to do anything.
-		// In development mode, a privileged user is configured and saved into:
-		// ${data}/grafana-apiserver/grafana.kubeconfig
-		authorizerfactory.NewPrivilegedGroups(user.SystemPrivilegedGroup),
-	}
+	authorizers := []authorizer.Authorizer{}
 
 	// In Hosted grafana, the StackID replaces the orgID as a valid namespace
 	if cfg.StackID != "" {