Dashboard Access Control

This tutorial shows how to leverage Grafana's role-based access control (RBAC) to manage what dashboards a user has access to. If you're setting up a single DevLake instance to be shared by multiple teams in your organization, this tutorial can help you achieve data segregation between teams.

Example solution: one folder for each team

One of the simplest solutions is to create one Grafana folder for each team and assign permissions to teams at the folder level. Below is a step-by-step walk through.

1. Sign in as Grafana admin and create a new folder

2. Click "Permissions" tab and remove the default access of "Editor (Role)" and "Viewer (Role)"

After removing default permissions:

3. Add "View" permission to the target team (you'll need to create this team in Grafana first)

4. Copy/move dashboards into this folder (you may need to edit the dashboard so that it only shows data belongs to this team)

Reference

1. Manage dashboard permissions by Grafana