How to set logged in User's username as a filter condition in Grafana

Hi There,

I request help for setting up logged in User’s username as a filter condition Grafana Dashboard.

In my case there are different Member users in the system. And when a Member user logged in,
he should be able to view his data only. For this I want to get the user name in my panels and
add this user name as a filter condition. I am using SQL server Database.

For eg.

There are Member1 and Member2, when Member1 logged into the system he should be 
able to view the Dashboard with his data only.
I have one column in my database table with user name data (eg. member1@gmail.com).
Here ‘member1@gmail.com’ is the user name of Member1 to log into the Dashboard.

How can I get the user name(member1@gmail.com) and apply the same as a filter condition in my query.

Suggesting work around also would be great help.

Thanks in advance,
Sony.

1 Like

Hi sonyvl!

Trying to enforce data access by adding conditions to a query at runtime isn’t going to give you the security they’re probably looking for since the queries are assembled in the browser. If you want to enforce data access restrictions that needs to be done in the data source.

In open source Grafana you’d need to use a separate orgs or a completely separate instance for each user with its own datasource defined that uses a dedicated database user account with access to just the data the user should be able to see (if the user should only be able to see certain rows then that would be done by creating a view that includes only those rows and not allowing the user access to the underlying table directly). In enterprise you can do the grafana part of restricting users to specific datasources via datasource permissions, rather than needing to use a separate org or instance. Unfortunately, this kind of access control is problematic in grafana today.

1 Like

Hi @ivanahuckova,

Thank you for your response. That is really informative for us.

Yes, we were looking to integrate a single data source and restrict user access based on email ID/username.

As per your explanation we understand that it is not possible in Grafana community version.

You did mention that enterprise allows to specify data source permissions. Is this possible only in the case of multiple data sources or is it feasible even if we’re using a single data source in Grafana enterprise ?

Could you please shed more light on the extent to which we can control data source permissions with Enterprise Grafana ?

Thank you

In enterprise you can control which users can access each datasource. If you want to control access to the data within a given database, you would need to define a login for the database server that has access only to the data you want, then create a datasource in grafana that uses that restricted account to access the database.

I tried to do the same thing for a Individual Metric page for a call center. Unless I hid the address bar, they would be able to copy the URL out to view the metric and change the ID to another user.

Another way to do it, is if you have a Concatenated name so they need an ID number as well.

image

Hi @brianhaskinstele

That sounds interesting. Can you please explain how you achieved to filter the data source for a specific user in the second option you mentioned (concatenated name).

Any sample code snippet would be really helpful!!

Thank you.