Removing permissions from a nested folder

  • What Grafana version and what operating system are you using?
# grafana-server --version
Version 11.3.1 (commit: 9225f4a1cbd1cfe8b69f1aa2d62309a9700533a5, branch: HEAD)

# lsb_release -d
Description:    Ubuntu 22.04.5 LTS
  • What are you trying to achieve?

Given the following Dashboard-folder structure:

Projects/
├── ProjectA/
│   ├── Private/
│   └── Public/
├── ProjectB/
│   ├── Private/
│   └── Public/
└── ....

ProjectA will have a team ProjectATeam assigned with Admin access to to Projects/ProjectA/ folder, which nested permissions grant down the tree.

Similar, ProjectB will have a team ProjectBTeam, but applied to Projects/ProjectB/, etc.

I would like to give every logged-in user View access to whole folder structure as well as dashboards inside each projects’ Public-folder - but disallow them all access to all projects’ Private-folder (and the dashboards herein)

  • How are you trying to achieve it?

A team has been created for each project, the relevant team has been added the Projects/* folder, and Grafana applies it down the tree.

On the Projects/-folder, Viewers + Editors has been granted View-rights and Grafana applies it down the tree.

I went to each Private-folder, and tried to remove the Viewer + Editor access rights

  • What happened?

I couldn’t, as Grafana has locked it with the message Inherited Permission

  • What did you expect to happen?

To be able to remove a nested permission from a sub-folder

  • Can you copy/paste the configuration(s) that you are having problems with?

No configuration

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

No errors, the UI shows a lock inherited permissions preventing you from deleting the permission

  • Did you follow any online instructions? If so, what is the URL?

no


I figured out you can skip assigning Viewer + Editor access on the Projects/ folder, and only granting them on each projects Public-folder, but it lead to a mess in the UI, where you could only see Public & Private folders (timed by the amount of projects), with no indicator which project they were related to.

The breadcrumbs also just showed Projects/redacted/Public

Ideally I would want to just remove the permission from each Private folder, as it seems the “easiest”. But if you have better ideas on how to solve this problem, then I am all ears

Thanks!