Restrict user/team to view particular dashboards in grafana

Hi all, I have a query related to RBAC permission to restrict dashboard for a team/users. did anyone came across this scenario. Looking for suggestion.

What happened: The Guest folder is created but the role viewer can see other dashboards as well. We want to restrict the guest users to see other dashboards.

What you expected to happen: Our expectation is to restrict the guest users to see few dashboards not General folder dashbards.

How to reproduce it (as minimally and precisely as possible):

  • LDAP configured with AD group and deployed ( the Guest users in ( Viewers and Editors) AD group)
  • The users pops up when the guest user login to grafana. i can see the users under "Server Admin " with Role: “Viewer”.
  • create guest folder > copy the dashboards from General. ( we are not using an folder structure)
  • Scenario 1: created teams and added guest users with permission “view”
  • The guest users can see the guest folder and the other dashboards in General as well.
  • Scenario 1 (a): created users and added guest users with permission “view” ( removed teams)
  • The guest users can see the guest folder and the other dashboards in General as well.
  • Scenario 2: If i can remove the view permission in General, the guest user can see only folder “guest”. In this scenario, the other teams with “viewer” role cannot see General folder.

Anything else we need to know?:

Environment: PROD

  • Grafana version: v8.1.2
  • Data source type & version: K3s,node_exporter.
  • OS Grafana is installed on: RHEL
  • User OS & Browser: Mac , Firefox
  • Grafana plugins: nope
  • Others:

Could you please suggestion on this query , how to restrict the guest users to restrict dashboard view.

Thanks

  • Did you follow any online instructions? If so, what is the URL

@david1412 – Interesting, this is similar to something I’m trying to do in a lab environment.

It seems to me that the RBAC is very permissive, in that every user is at least a “viewer”, and that none of the permissions on the dashboards will restrict that in any way, but can easily permit additional “edit” or “admin” access.

I’m going to be experimenting with this more today, I’ll post again if I have any revelations.

1 Like

Hi, Could you please tell me, Did you test on your lab environment.

Hi, To overcome this issue, we need to create the org unit for that restricted group to view only their dashboards. I successfully done this. When the Guest user login, he will see only his dashboards.
Thanks

Hi @david1412
Can you explain the steps you did for this from the beginning. Would appreciate it