Grafana Logged IN User Variable

Hi,

I am using Grafana Version 6.6.2

We have access defined in our database as per user email id. It would be very help if any Grafana expert can help with getting logged in user email id as an variable in Grafana dashboards.

We are also open to people who can help in developing such solution.

Welcome to the Grafana Community!

You’re in luck: Until a couple of months ago we couldn’t add that specific template variables because of the way our template variable system worked, but now we can and an open source contributor has provided a patch that would add this functionality. This feature is likely to make its way into a Grafana release soon :smiley:

If you use GitHub you can follow the progress of this feature on

NB Limiting access to specific queries for a data source accessible to the user is currently not supported by Grafana. It is trivial for a user to circumvent such a variable, so even when we add one it will only be useful for user convenience, not privacy/security protection.

Thank you very much for your support Emiltullstedt. Can you help me with which solution are you referring to in the shared link? I referred to it but was not able to find that.

Absolutely, this link goes directly to the PR for fixing this (it’s in the bottom of the issue I previously linked):

Appreciate your support Emiltullstedt :slight_smile: :+1:

Hello emiltullstedt and thanks for the link. As I see tampering by manipulation of http queries is may a game breaker for some implementations (I would love to do with grafana). Most datasources are too sophisticated to split them up in public and sensitive data. Also I have a lot of application defined databases as datasources. Would it maybe an idea to validate client-side queryies and system variables like __user{*} by salted checksums? I really would love to continiue with grafana, but I am a little afraid that client side query manipliation will get known well soon.

Thank you for your feedback, I agree with you. I hope that we’ll be able to work on this problem sooner rather than later, but it’ll take time before something like this makes it into Grafana.

One of the things that we already support to some extent is the forwarding of credentials to data sources supporting it, but that doesn’t work with backend jobs like alerting yet, so I’m not overly fond of suggesting using that. I would also like to see something like what you’ve suggested where Grafana, and not the data source, can determine what data a user is supposed to be allowed to ask for.

1 Like