Skip to main content
Version: Next

Dashboard Access Control

This tutorial shows how to leverage Grafana's role-based access control (RBAC) to manage what dashboards a user has access to. If you're setting up a single DevLake instance to be shared by multiple teams in your organization, this tutorial can help you achieve data segregation between teams.

Example solution: one folder for each team

One of the simplest solutions is to create one Grafana folder for each team and assign permissions to teams at the folder level. Below is a step-by-step walk through.

  1. Sign in as Grafana admin and create a new folder

create-new-folder

  1. Click "Permissions" tab and remove the default access of "Editor (Role)" and "Viewer (Role)"

folder-permission

After removing default permissions:

after-remove-default-permissions

  1. Add "View" permission to the target team (you'll need to create this team in Grafana first)

add-team-permission

  1. Copy/move dashboards into this folder (you may need to edit the dashboard so that it only shows data belongs to this team)

Reference

  1. Manage dashboard permissions by Grafana