Data
Reader small image

You're reading from  Learn Grafana 10.x - Second Edition

Product typeBook
Published inDec 2023
PublisherPackt
ISBN-139781803231082
Edition2nd Edition
Concepts
Data Visualization
Right arrow
Author (1)
Eric Salituro
Eric Salituro
author image
Eric Salituro

Eric Salituro is currently a Software Engineering Manger with the Enterprise Data and Analytics Platform team at Zendesk. He has an IT career spanning over 30 years, over 20 of which were in the motion picture industry working as a pipeline technical director and software developer for innovative and creative studios like DreamWorks, Digital Domain, and Pixar. Before moving to Zendesk, he worked at Pixar helping to manage and maintain their production render farm as a Senior Software Developer. Among his accomplishments there was the development of a Python API toolkit for Grafana aimed at streamlining the creation of rendering metrics dashboards
Read more about Eric Salituro

Right arrow

Managing Permissions for Users, Teams, and Organizations

In this chapter, we’ll be taking a closer look at how to manage users, teams, and organizations with respect to controlling access to Grafana resources, such as dashboards, folders, or data sources. Throughout the course of this book, you’ve probably been logging into your site as the sole admin user, which is fine for a server limited to a local computer used almost exclusively for learning. However, it would be a completely unsuitable setup for a server supporting even a handful of users.

If you are responsible for managing your Grafana site, you’ll soon be dealing with new users, and with every new user comes the inevitable question, how much access should I allow this user? You could set up every user with full admin permissions to do anything and everything, but what if they accidentally delete something important? What if they inadvertently create a panel that accesses a data source containing sensitive...

Understanding key permission concepts

Before we can delve into the specifics of adding users or setting their permissions, we need to cover some fundamental security concepts that are built into Grafana. Once you understand the terminology, it will be easier to piece together how these concepts interact to produce a coherent framework to govern user access.

Organizations

You may not have been aware of it, but for the entire time we’ve been learning about Grafana, we’ve been working inside an entity that Grafana refers to as an organization. Much like our universe is a single entity unto itself, this default organization, or org for short, can have its own teams, data sources, dashboards, dashboard folders, and so on. These types of resources cannot be accessed from or shared with any organization. Grafana lets you create as many organizations as you want, and while each one is completely independent of the others, users can be members of more than one organization...

Adding users

While it might seem perfectly reasonable to use and manage a simple Grafana tutorial server with a single admin user, it would be impractical, if not irresponsible, to try to do the same for a Grafana site with more than a couple of people. With that in mind, you should go ahead and establish independent user accounts for anyone who plans to access your site. It will also be your responsibility to add and delete those user accounts, set their roles, and establish what those users will be able to access within those roles.

Tip

Initially, you probably logged in with the default admin user, which is installed with every Grafana instance. That user has full administrative privileges and, unless you changed it, an insecure password. This is not at all secure, so before you even add a single user, be sure to reset the password to one of your own choosing.

Adding users – by invitation only

Out of the box, Grafana only provides a single mechanism to add users...

Setting permissions

While you can grant a role to every user for the purpose of ultimately restricting their access to your Grafana site, you also need the ability to determine what parts of the site are ultimately accessible to users with those different roles. Happily, Grafana allows users with admin privileges to specify access levels for dashboards and folders.

Setting organization roles

First off, let’s simply set the user’s organization role. It’s a straightforward process, and one that you probably followed when you first invited a user:

  1. Go to Users under Administration in the main menu.
  2. Select the Organization users tab.
  3. Set a Role for the user in the dropdown. This is what the Users tab page might look like with a handful of users:
Figure 15.5 – The Organization users tab

Figure 15.5 – The Organization users tab

Once we’ve set the role for the user, we can either allow the default roles to be applied to folders or choose whether...

Establishing teams

Above a user, a Team forms the next level of a kind of hierarchy of role class. While every user is assigned a permission level (Viewer, Editor, or Admin), you can also assign each user to a team, which can then have its own permission settings. The first thing we’ll need to do is add a team.

Setting up a team

Setting up a team and adding users requires a user with the organization role of admin. To create a team, follow these steps:

  1. Go to Administration | Teams from the main menu.
  2. Click New team.
  3. Enter the name of the team and an optional Email contact.
  4. Click Create, as shown in the following screenshot:
Figure 15.9 – A new team creation

Figure 15.9 – A new team creation

Once you’ve created a team, you can add users as members of the team, as follows:

  1. Go to Administration | Teams from the left sidebar.
  2. Select the team you wish to add members to.
  3. Click Add member.
  4. Select the role type from the drop...

Administering users and organizations

There are two major tasks that can only be performed by a user with the Super Admin role – the management of users and the management of organizations. When you logged into your brand-new Grafana site as admin, you were really logging in as a super admin, and as a super admin, you have the ability to create users and organizations. Managing users and organizations is accomplished through a special Server Admin page, which can only be accessed by super admins from the left sidebar.

First, let’s look at how to create new users. Previously, we discussed the idea that the only way to add new user accounts is to invite someone or (with a configuration change) allow users to add themselves. Those restrictions only apply to organizations and organizational Admins. As it turns out, there is yet another way – if you’re a Super Admin.

Managing users

If you have several users to add to your site and you need to assign...

Summary

In this chapter, we covered many common tasks faced by a Grafana admin. First, we took a closer look at users, teams, and organizations and saw how roles can be mapped to permissions for dashboards, folders, and data sources. Then, we learned how organization admins can manage both users and teams. Finally, we examined how the Super Admin role can create new users and organizations.

Don’t worry if it’s difficult to visualize all the possibilities afforded by the Grafana permission model. It may be that, for now, you have no need to establish multiple organizations, specify permissions on specific dashboards or folders, or even assemble users into teams. However, as your site grows in complexity, you may find that access control issues present themselves, and you may want to come back to this chapter. Concepts that seem a little abstract right now may have concrete relevance in the future.

Throughout the course of this book, we’ve been using a simple...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 19 of 23
Next Chapter
You have been reading a chapter from
Learn Grafana 10.x - Second Edition
Published in: Dec 2023Publisher: PacktISBN-13: 9781803231082
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Eric Salituro

Eric Salituro is currently a Software Engineering Manger with the Enterprise Data and Analytics Platform team at Zendesk. He has an IT career spanning over 30 years, over 20 of which were in the motion picture industry working as a pipeline technical director and software developer for innovative and creative studios like DreamWorks, Digital Domain, and Pixar. Before moving to Zendesk, he worked at Pixar helping to manage and maintain their production render farm as a Senior Software Developer. Among his accomplishments there was the development of a Python API toolkit for Grafana aimed at streamlining the creation of rendering metrics dashboards
Read more about Eric Salituro

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages