Grafana is an open source visualization tool that can be used on top of a variety of data stores (e.g., Graphite, InfluxDB, Elasticsearch and Logz.io).
Dashboard & Folder Permissions
Dashboard and folder permissions allows you to remove the default role based permissions for Editors and Viewers and assign permissions to specific Users and Teams. Learn more about Dashboard & Folder Permissions.
Datasource Permissions
Per default, a datasource in an organization can be queried by any user in that organization. For example a user with Viewer role can still issue any possible query to a data source, not just those queries that exist on dashboards he/she has access to.
Datasource permissions allows you to change the default permissions for datasources and restrict query permissions to specific Users and Teams. Read more about Datasource Permissions.
Based on permissions (or privileges), Grafana users are allowed to do various tasks and view different objects in the environment. User permissions in Grafana are determined by the following configurations:
Users can belong to one or more organizations. A user’s organization membership is tied to a role that defines what the user is allowed to do in that organization. There are three organization roles supported in Grafana:
- Organization Role
- Admin, Editor, or Viewer
- Grafana Admin
- Via the Grafana Admin (i.e. Super Admin) user flag
- Team Memberships
- Via Team memberships where the Team has been assigned specific permissions.
- Directly Assigned User Permissions
- Via permissions assigned directly to user (on folders, dashboards, data sources)
User Permissions
Organization Roles
- Admin Role
- Can do everything scoped to the organization. For example:
- Add & Edit data sources
- Add & Edit organization users & teams
- Configure App plugins & set org settings
- Editor Role
- Can create and modify dashboards & alert rules
- This can be disabled on specific folders and dashboards.
- Cannot create or edit data sources nor invite new users
- Viewer Role
- View any dashboard
- This can be disabled on specific folders and dashboards.
- Cannot create or edit dashboards nor data sources.
- This role can be tweaked via Grafana server setting viewers_can_edit.
- If you set this to true users with Viewer can also make transient dashboard edits, meaning they can modify panels & queries but not save the changes (nor create new dashboards).
- Useful for public Grafana installations where you want anonymous users to be able to edit panels & queries but not save or create new dashboards.
Grafana Admin
The admin flag makes a user a Super Admin. This means they can access the Server Admin views where all users and organizations can be administrated.
Dashboard & Folder Permissions
Dashboard and folder permissions allows you to remove the default role based permissions for Editors and Viewers and assign permissions to specific Users and Teams. Learn more about Dashboard & Folder Permissions.
Per default, a datasource in an organization can be queried by any user in that organization. For example a user with Viewer role can still issue any possible query to a data source, not just those queries that exist on dashboards he/she has access to.
Datasource permissions allows you to change the default permissions for datasources and restrict query permissions to specific Users and Teams. Read more about Datasource Permissions.
Figure 1. (Left) Admin Role vs. (Right) Viewer Role |
UI Differences (Admin Role vs. Viewer Role)
Compared to Admin Role, users with a Viewer Role have limited configuration capabilities. So, that's why their UIs also look different.
In Figure 1, the left side shows the UI of a user with Admin Role and the right side shows the UI of a user with Viewer Role. You can see that user with an Admin Role has the following extra menu buttons:
- Create (i.e., + icon)
- Alerting (i.e., bell icon)
- Configuration (i.e., tools icon)
Figure 2. Data Source Configuration Menu |
Figure 3. Add data source |
References
- Grafana Documentation
- Permissions Overview (Grafana)
- Organization Roles (Grafana)
- Oracle Cloud Infrastructure (redthunder.blog)
No comments:
Post a Comment