For templates,can we prevent a user to switch to a value

liqiheng · July 1, 2017, 7:06am

For dashboard templates,can we only allow a user to specify the values in url and don’t allow him to switch to different values?

for example,he can use following url to access a dashboard,but he can’t change var-DS to another value

http://rdsmon-test.huawei.com:8000/dashboard/db/cdb?var-DS=DS_P2_hwAdmin&var-architectureName=arch123&var-cdbName=clusterdb234&var-sid=cdbctF1

thanks

daniellee · July 1, 2017, 12:22pm

No, not really. Grafana does not provide security at this level. Even if we changed Grafana to prevent users switching to a value, they could easily get around this using a tool like curl, postman or a Chrome plugin. This sort of security should be implemented at the database level (like a relational database does with roles).

See this recent issue for a discussion on database security: https://github.com/grafana/grafana/issues/8731

Topic		Replies	Views
How to stop URL change to dashboard variable query response Grafana	2	1955	May 20, 2018
Limit users to access Variable values Elasticsearch templating	15	7667	January 20, 2025
Prevent user giving a template value?	4	1095	February 22, 2018
Dont pass variables via URL Configuration	6	1699	January 31, 2025
How to Combine Template Variables with a user's Role? Configuration templating , provisioning , backend-platform , user-essentials , scripts	7	2487	February 13, 2022

For templates,can we prevent a user to switch to a value

Related topics