Grafana: [Feature Request] Add current user as templating variable

That's not possible at the moment.

I successfully worked around this with a reverse proxy that intercepts the "/api/datasources/proxy/:datasourceId/*" API calls in to the grafana back end, and injects a where clause. In conjunction with the awesome auth proxy behaviour of grafana, I now have no need for this feature now. In fact, based on some of Torkelo's previously stated views on security, and the lack of enforcement of user-level by back end databases, I feel this behaviour probably doesn't belong in Grafana at this time.

@abraae Can you elaborate how you implement this feature?

@abraae +1
could you explain what you have done ?

Sorry, don't have time to document what I did but from memory:

• use nginx as a reverse proxy in front of the grafana server, i.e. all incoming traffic to the grafana server passes through nginx
• set up nginx conf. to capture calls to /api/datasources/proxy/:datasourceId/*
• instead of passing them through, instead rewrite using nginx to add a where clause

So basically what you are doing is always forcing an extra where clause into all API calls that go back to the grafana back end.

There was a lot I had to do to get it working from memory :) Sorry can't be of more help.

-

@abraae Thx for your answer.
Is it possible to see what you have done in nginx.conf ?

Sure, here is nginx.conf.

[oops wrong file - see below]

I don't see in your file how you capture /api/datasources/proxy/:datasourceId/*
What did you do ? Where is your rewrite rule ?? :-)

Ah sorry, wrong file, try this: https://gist.github.com/abraae/c209b537350b2b2d9703ba126872cc3f

Would still be nice to have it as a builtin variable

Is taking username as a variable in query is implemented?

I would like this function as well and the reason for it as follows:

Let's say you have a dashboard where you list out requests from a ITSM tool and you want the graphs to only show requests that are assigned to the logged in user.
The ability to set a variable in the dashboard that points to the logged in username would solve our problem in the company where I work ( International BIG Company ).

Another example is to use the logged in username to get there department and use that to only show the data related to there department.

Adding a global variable to be used in dashboards that point to the logged in user so it can be used should not be that hard to do.

Lets say:
$Grafana.User.Email = [email protected]
$Grafana.User.Name = Gandolf
$Grafana.User.Surname = TheWize
$Grafana.User.Username = GDog

This would solve a lot of problems and limitations that people have with Grafana, and I strongly recommend that you consider implementing this.

Any news on this one?

Any update on this?

I would also find this feature very useful.

I'd also really need this feature atm. I'm working on deploying user specific Dashboards with Financial information that should only show the respective Users Data. Making 25 Copys of the same dashboard for this purpose feel unnecesarily tedious.

+1

+1

I want to use this value to restrict access to variables (authorization)
It would be the best solution for this

+1
The use case is that one user only could see information of his own department.
It could be used as an ACL instead of create a new copy dashboard for each department.

+1

hi all, I'd like integrate Grafana with OIDC Identity provider using authorization code flow [1] to have the SSO between different UIs provided by the platform. As main requirement I have to guarantee multi tenancy, so the best solution should be to use one of the user claims returned by the IdP in the JWT as a query parameter used by grafana to retrieve data from the db, in particular I'd use the claim that contains the tenantId to which the logged user belongs.

[1] https://grafana.com/docs/auth/generic-oauth/

Has anyone implemented something similar or has any suggestions for doing so?

thank you in advance

+1

My specific use case would be to make template variables to apply different filterings (Prometheus label values) depending on the logged-in user.

In other words, the contents of the "regex" field of the template variable could be dynamic and dependant on the logged-in user.

To accomplish this, each user in Grafana could have some optional metadata fields that are set by the Administrator at user creation time. These optional metadata fields could be referenced from the "regex" field of the template variable.

This could permit applying this "dynamic" filtering whose value setting is controlled by a higher level administrator.

Thanks a lot!

+1

$__currentUserEmail would be awesome.

+1

+1

+1 I would love to make a dashboard for our university users so they could see their WiFi and vpn stats based on their username. It could help them troubleshoot their connection before calling the help desk!

+1

It seems to me that there is no progress:( That would be very useful.

++

Hi!

Anyone succeed to implement this solution with @abraae code?
I'm trying to use it with grafana-azure-data-explorer (Kusto DB)

Thanks!!

+1

Hi,

My workaround is based on SimpleJSON datasource (https://github.com/grafana/simple-json-datasource)

The main idea is to Enable X-Grafana-User header and return it back from DS to populate a template variable

Implementation: https://github.com/rlklaser/grafana-logged-user

@rlklaser is here some example for Express JS?
or can you share .war file?
this not works for me on Express JS (((

app.get('/query', function (req, res) {
  res.status(200);
  res.json({ username: req.header('X-Grafana-User') })
});

app.get('/search', function (req, res) {
  res.status(200);
  res.json({ username: req.header('X-Grafana-User') })
});

and I'd like to use https://github.com/simPod/grafana-json-datasource as DS

@baur must change grafana defaults.ini to:

[dataproxy]

logging = true
send_user_header = true

This request was created two years ago and I haven't seen any updates on this. I believe this would be a very useful tool for many people, including me.

Is there any updates on this?

How to get the result of /api/user/teams in a SimpleJson GRAFANA and what is the query to get values of "name" in a variable ?
Example of Grafana http api result at https://www.logiserv.re/api/user/teams

We also need this feature badly for personalized dashboards

+1

Any update on this now that templating has added global variable support for __org? https://github.com/grafana/grafana/pull/21790

It seems by adding a __user variable would use the same mechanism:

    templateSrv.setGlobalVariable('__user', {
      value: {
        name: contextSrv.user.login,
        id: contextSrv.user.id,
        toString: function() {
          return this.id;
        },
      },
    });

++1
Grafana Dev Team,
This would be very useful feature and it will make data authorization job much easy for us, We are evaluating and in the process of implementing Grafana based reporting service at larger scale which includes connectivity with multiple data sources.
This specific feature will be crucial for data security in multi tenant deployment.

++1, hi Grafana dev team,
this is very useful feature for us, we want to do data access control based on the user for a specifci query, different user see different scope.

Grafana Dev Team, thank you very much for very useful feature !!!

The variable does not seem to work when used in a query inside the dashboards variable definitions.