Grafana Multi-Tenant Discussion

chan1992241 · September 5, 2024, 4:09pm

I try to achieve multi tenancy in grafana, something like user-a which only able to get the metric which fall under user-a role, if user-a try to get metric which not under its role, user-a will be forbidden to query the metric.

Does this possible to achieve in grafana, or we have to workaround on its datasources like we need to have multiple prometheus and restrict team or organization to access to that datasource.

maxlapshin · December 13, 2024, 8:04pm

It seems that there are several questions to solve:

How to obtain some kind of session API key. Maybe auth via oauth central access?
How to forward this API key to datasource
Prepare datasource so that it will limit all requests to this tenant
Do you want to allow to edit dashboards?
If yes, then how to update them?

jangaraj · December 13, 2024, 10:26pm

Grafana cloud has that.

You will define multiple datasources for the single Promethues with different LBAC

Then you will use RBAC to define teams/roles for those datasources:

Keep in mind: LBAC/RBAC are enterprise (paid) features.

Topic		Replies	Views
Granular data access control for users Configuration	0	343	December 13, 2023
Fine-grained access control to Prometheus metrics Dashboards templating	0	193	December 22, 2023
Limit non-admin to access part of the metrics from single Prometheus data source Prometheus datasource , permissions	0	879	June 7, 2023
Best practices for multi-tenant deployments Grafana	2	7431	May 7, 2020
Lock a user to a specific datasource Configuration	2	1209	January 25, 2019

Grafana Multi-Tenant Discussion

Related topics