I don’t understand why paranoid SQL users don’t solve it on the db level - create views, materialized views, whatever used DB provides and let Grafana user to access only those and not tables directly.
Then try solving the issue that users can still create malicious queries to grind your SQL server (or any other data source for that matter) to a halt, then I would agree with you.
Anyway, here’s a workaround to everyone that wants to do this: You can use the GrafanaJsonDatasource plugin, then you can code your own web server to do the queries.
The backend URL is not exposed because it is proxied via your Grafana server and, because you have full control on what will be queried, you won’t have issues with data leakage! This is also useful if you want to connect Grafana to other data sources that aren’t supported in Grafana yet. (And very useful if you want to workaround Grafana’s crappy ElasticSearch support)
So in my case, I set a custom
type in my panels with the JSON API plugin (example:
http-requests, etc etc etc) then, when Grafana queries the data source, the data source queries my http server, then my http server checks what is the
type that is being requested, retrieves the data from the database (PostgreSQL, ElasticSearch, Prometheus, etc) and returns the data accordingly.
This also has another huge advantage for public dashboards: Users aren’t able to query gigantic time ranges with the intent of crashing your dashboard, because you have full control on what is going to be queried, you can just coerce the input time to be something less malicious, yay!
Of course, users can still spam (DoS attack) your Grafana server to grind your database to a halt, but the attack surface is so small and the fix is so simple (throttle requests or cache requests) that this is a huge advantage compared to the current solution. (Which is: “lol just create a new user 4head”)
And yes, you still need to implement a bunch of other stuff in your web server to have the JSON API plugin behave exactly how you would expect compared to Grafana’s default data sources. But at least for me, this is a good workaround without any big downsides and a lot of big advantages.