Design and Provisioning for private annotations

:wave:all,

We deploy a standard dashboard for all Users and maintain this centrlaly.
This works nicely with global variables for login name in the queries.
We create user accounts with a CLI call to the api.
So far so good.

One issue with this setup is that Users’ annotations are all global and seen by every User. Not what we want in a health application.

So we want each user to have thier annotations as visible only to themselves.
(For that matter it would be nice for alerts, alarms and thresholds to be private).

And we would like to increase to two hierarchies.

  1. Organization
  2. User.

If there is a nice way to keep annotations private on level of User, then great, but if only possible on Org level, then this is okay.

These are some methods that we have come across but are interested to know what might be the easiest and most robust way that is scriptable and easily maintainable in the current state-of-art:

  • Folder permissions
  • Separate Orgs in a single instance with shared data config
  • Multiple instances per Org on k8 pods

Thanks a lot for any tips and best wishes
Eric