I have created a dashboard which works based on the values of Variables (templating). The values of those variables are company names. Do we have any options to limit an user to use selected values from the drop downs?
For example, Company A user can view only the data of Company A while Admin can view all the data. The templating drop down should act accordingly.
I don’t think you can do that exactly - but a work around to achieve the desired result would be to create a copy of the dashboard per Company, and restrict the query to that company only.
Then assign viewer viewer permissions to the users that need to view that company. You might even create a Team for that Company, assign viewer permissions to that team, and then just drop the user accounts that need to view that company’s dashboard into the team.
I can understand copying a dashboard between organizations and granting each user a role to that organization will work for a few, but that seems like a difficult maintainability situation if there are quite a few organizations. Is there a fast process (or could I use something in the API) such that I could create a dashboard and have it duplicated in many organizations (say 100)? Could I use that same process if, once I’ve pushed/copied the dashboard to all organizations, I can make a change in the original and have it reflected in all organizations?
The situation I’m trying to avoid is copying a dashboard for many organizations, then needing to add something to the dashboard and have to go and update each organization’s dashboard individually. Will take a lot of time, and I’d enjoy just being able to restrict access to variables and have only a single dashboard to maintain.
One way would be to query the companies data by passing in the currently logged in username. For example if ajames is in company A and dvader is in company dark side
the user name, if available as a global value, is passed to the company names query.
not sure if there is such a global __currently_loggedin_user value.
an example in sql server
-- @username is of course passed in to the query
--on grafana side that creates the companies list
select c.companyid , c.name
from companies c
join companyuser cu on c.companyid = cu.companyid
join users u on u.userid = cu.userid
where u.samaccountname = @username
this is based on the following principle: access control list
based on the above here is an example with sample ddl & dml
--this is my own ms sql server database
--for testing things out not grafana's db
drop table companies
create table companies(companyid int identity(1,1),
companyname varchar(50) )
insert into companies
select 'Acme' union
drop table users;
create table users(username varchar(50))
insert into users
drop table usercompanies
create table usercompanies(username varchar(50),
insert into usercompanies
select u.username, c.companyid
from companies c , users u
where c.companyname = 'Acme'