Hi,
According to the Grafana documentation, LBAC for data sources is supported for Loki and Prometheus (via GEL/GEM), but it is unclear whether LBAC can be used with VictoriaLogs, especially in an on-premise Grafana Enterprise setup.
I’m trying to understand:
-
Can Grafana LBAC filter or block queries to VictoriaLogs based on user or team attributes (for example, namespace)?
-
Has anyone implemented Grafana + Keycloak + VictoriaLogs on-prem with strict, deny-by-default isolation between teams?
-
If LBAC is not applicable, what approaches are commonly used to enforce team-based log access with VictoriaLogs in on-prem environments?
Any insights or real-world experience would be very helpful. Thanks!
#victoria-logs victoria-metrics #VictoriaLogs