:+1:

Good feedback and mockup! I think this makes a lot of sense, Dashboard folders will also be good abstraction to place permissions on when permission on dashboard / dashboard folders will be needed.

:+1:

:+1:

:+1:

:+1:

:+1:

:+1:

:+1:

:+1:

:+1:

:+1

:+1:

:+1:

:thumbsup:

:+1:

:+1:

In my company we were currently trying to use the Organizations feature to separate out different group's dashboards, but this causes problems for some managers who oversee different but related groups when they try to view the dashboards side by side in separate browser windows.

I realize we're using organizations incorrectly, so I am excited for this feature (Dashboard groups/folders with permissions) to be implemented.

:+1:

👍

+1

+1

We would be very interested in seeing this one worked on.

+1

We are really looking forward to this at my company. Will this 4.0 release include some kind of group permissions on the folders used to organize the dashboards?

+1

+1

+1

+1

+1

👍

+1

:thumbsup:

Getting folders first without LDAP / permissions around them would be a useful first step. LDAP could be phase 2.

👍

I see this topic is starting to attract some Raintank/GrafanaLabs LUV (see: Grafana 4.2 Beta Release note), which is great and essential for better multi-tenancy support. YAY!

I'd like to highlight @madshall's comment about including datasource groups/permissions here:
https://github.com/grafana/grafana/issues/4893#issuecomment-226174772, which seems to go hand in glove with creating dashboard groups/permissions. Having one without the other would be incomplete in terms of data access security.

In terms of the planned "improved support for multi-org setup" development mentioned in the Grafana 4.2 Beta Release note, how far will this development will be taken in terms of feature request #4893 which adds two additional concepts, namely:

• user groups which only have access to certain dashboard groups
• sub-organisations?

+1

Proposal: Dashboard Folders and a Permissions Model

Overview

From this issue:

There is currently no way of grouping dashboards, other than tag them with a common label. Things get messy quickly, when multiple teams create new dashboards or there are many apps that need to be monitored.

There is also a demand for a more fine grained permissions model, both for dashboards and data sources. This feature should also solve that requirement.

Goals

We want to keep this is as simple as possible. It should be

• Easy to understand.
• Easy to share folders with other users.
• Have minimal overhead for small organizations that do not need fine grained permissions.

Proposal for Dashboard Folders

Folders will be a way to group dashboards:

• A dashboard can only belong to one folder.
• A Dashboard Folder has an owner - per default the user who creates the folder.
• Folders will be visible to everyone. If a user has access then they will be able to see the dashboards, if not then they will be able to see the Dashboard Folder owner (so that they know who to ask to request access).
• Dashboard search will also return Dashboard Folders in the search result.
• Each Dashboard Folder will have a home page that lists the dashboards and for admins/owners -> the list of users and permissions for the Folder.

To keep this first version simple, we propose only allowing one level of folders. Not having subfolders hugely simplifies the permissions model that is described below.

Current Permissions Model

Dashboards are connected to an org. All users in an org have access to its dashboards. Roles are used to control read/write and admin access. Grafana currently has four roles: Admin, Editor, Read-only Editor and Viewer. Admins and Editors have full control over all dashboards. Admins can create/edit data sources. Read-only Editors can see the metrics tab and make changes but are not allowed to save (like on http://play.grafana.org). Viewers can view dashboards but cannot edit or save anything.

Proposal for a new Permissions Model

This proposal introduces an Access Control List (ACL) model with user groups for Dashboard Folders. The default is that everyone has access to a folder and that their permissions depend on their user role (Admin, Editor etc.). An Admin or Editor can remove the default access for everyone and can then assign a user or user group to a Dashboard Folder and an ACL is created that controls permissions for the Dashboard Folder. User groups make it easier to assign permissions for multiple users to multiple dashboards.

• The user who creates the folder is the owner. The owner can be changed by an admin.
• Per default, the ACL contains the Admin, Editor, Read-only Editor and Viewer groups (based on the user roles).
• The permissions that can be assigned for a folder are: View, Edit, Read-only Edit.
• Users with the Admin and Editor role are allowed to create new Dashboard Folders.
• Users with the Viewer role are not allowed to create new Dashboard Folders.
• Editors who are owners and Admins can assign permissions to users or user groups for Dashboard Folders.
• Default permissions can be removed except for the Admin permissions (View, Edit). Example: if you want a dashboard folder with limited permissions, you go to the security tab, remove the default permissions (everyone edit / view), specify: frontend-team edit / view and ops : view
• A user group is a list of users. A user group can be assigned permissions in the ACL of a dashboard folder or data source.
• Admins can create user groups.
• User groups cannot contain user groups.
• If a user belongs to multiple groups, their permissions would be merged to give them the highest permissions possible.
• At a later stage, this ACL model will be extended to data sources.

Use Case for Dashboard Folder Permissions

This feature request describes a complicated scenario with sub groups. This proposal should support this scenario except for the subgroups. To keep the complexity down, there is only one level of hierarchy. The subgroups use case would have to be worked around with some sort of naming convention e.g. Group1_SubGroup1.

Feedback

We would love your feedback on this. The aim is to cover the use case above while still keeping it simple and intuitive for most of our users. This is why we chose the folder/directory metaphor and the ACL model as we believe that it should be familiar to most people.

Specific points that we we would really like feedback on:

• Should Dashboard Folders permissions be limited to just user groups or should it be possible to add both groups and individual users?
• Should it be possible to remove Admin permissions to make a Dashboard Folder private?
• Should we have an Admin permission for Dashboard Folders so that multiple users can administrate the permissions?

References:

• Admin Roles
• Issue for Dashboard Folders - #1611
• Issue for User permissions per dashboard- #2132
• Issue for Fine Grained Permissions - #4893
• Issue for Extending LDAP to Dashboard Folders - #7212
• Issue for User Authentication & Groups and Roles - #1128
• History of Dashboard Updates - #1504

Specific points that we we would really like feedback on:

• Should Dashboard Folders permissions be limited to just user groups or should it be possible to add both groups and individual users?

In order to keep things simple for smaller outfits, it would make sense to allow single users to be added to dashboard folders, thereby avoiding an additional configuration step.

Another approach would be to not allow single users to be added to dashboard folders and rather have a default user group to which everybody belongs. When a new dashboard folder is created, the default group could be automatically added to the dashboard folder.

• Should it be possible to remove Admin permissions to make a Dashboard Folder private?

As a person in the admin camp I don't like this idea. I want to know what users are up to at all times.

• Should we have an Admin permission for Dashboard Folders so that multiple users can administrate the permissions?

Absolutely! I want to be able to retain admin permissions on all folders within an organisation but also be able to assign user admin permissions to say the IT manager of a company to whom we are providing our services. The IT manager can then administer:

• the users within their organisation
• the creation of folders within their organisation
• the dashboard folder admins within their organisation

As a larger firm which is integrating grafana into a broader suite of applications, we are not looking to use the administrative security features of grafana directly but indirecty by integrating our security system (SAML) with grafana. In particular we want to associate our managed ACLs with the grafana folders.

Also note that in our system - we are OK with everyone having read-only access to all folders and dashboards, but restricting write access to the dashboards based on the folder/acl permissions.

Also we would like APIs or some other way to automate the generation of folders. When a user tries to edit a dashboard we would want to perform the authorization check to see if they have write access to the folder / dashboard or not.

+1

👍+1

+1

+1

+2 (this really can't come soon enough)

+1

+1

+1

+1

+1

+1

+1

Could the alerts defined in these dashboards also be categorized in folders in the related views ? (if not already the case)

We have a similar requirement too to view the graphs based on particular user logged in

Yes please.

:+1:

@iksaif that a good question. I think not for v1 of dashboard folders but definitely later on.

+1 !

+1 can we get some basic folder grouping capabilities?

+1

+1

+1

+1

+1

What is the status of this?

@f1erro it is being worked on in the develop branch and will be included in Grafana 5.0 alpha release in the next few days. The alpha version will not include folder permissions but that feature will be included in the first beta release.

+1