- What Grafana version and what operating system are you using?
# grafana-server --version
Version 11.3.1 (commit: 9225f4a1cbd1cfe8b69f1aa2d62309a9700533a5, branch: HEAD)
# lsb_release -d
Description: Ubuntu 22.04.5 LTS
- What are you trying to achieve?
Given the following Dashboard-folder structure:
Projects/
├── ProjectA/
│ ├── Private/
│ └── Public/
├── ProjectB/
│ ├── Private/
│ └── Public/
└── ....
ProjectA
will have a team ProjectATeam
assigned with Admin
access to to Projects/ProjectA/
folder, which nested permissions grant down the tree.
Similar, ProjectB
will have a team ProjectBTeam
, but applied to Projects/ProjectB/
, etc.
I would like to give every logged-in user View
access to whole folder structure as well as dashboards inside each projects’ Public
-folder - but disallow them all access to all projects’ Private
-folder (and the dashboards herein)
- How are you trying to achieve it?
A team has been created for each project, the relevant team has been added the Projects/* folder, and Grafana applies it down the tree.
On the Projects/
-folder, Viewers + Editors has been granted View
-rights and Grafana applies it down the tree.
I went to each Private
-folder, and tried to remove the Viewer + Editor access rights
- What happened?
I couldn’t, as Grafana has locked it with the message Inherited Permission
- What did you expect to happen?
To be able to remove a nested permission from a sub-folder
- Can you copy/paste the configuration(s) that you are having problems with?
No configuration
- Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.
No errors, the UI shows a lock inherited permissions
preventing you from deleting the permission
- Did you follow any online instructions? If so, what is the URL?
no
I figured out you can skip assigning Viewer + Editor access on the Projects/
folder, and only granting them on each projects Public
-folder, but it lead to a mess in the UI, where you could only see Public
& Private
folders (timed by the amount of projects), with no indicator which project they were related to.
The breadcrumbs also just showed Projects/redacted/Public
Ideally I would want to just remove the permission from each Private
folder, as it seems the “easiest”. But if you have better ideas on how to solve this problem, then I am all ears
Thanks!