Viewer that can edit but less

Hello,

we are using the approach to share dashboards for multiple users/teams and use variables to limit what they see. [1] That works well for viewers.

But, we’d like to allow users play with visualizations and suggest improvements etc. If viewers_can_edit is enabled then they get access to dashboard variables and panel queries and can temporarily bypass data visibility restrictions. I know that is rather poor man’s ACL solution, but anyway.

Is there some role/permission magic to restrict user access to variables and panel queries?

Thank you.

[1] Limit users to access Variable values - #10 by kburnett

Hi @alespour,

Thanks for opening this post.

Have you tried the permissions on the Dashboard level e.g. there is an existing Dashboard name ABC with some panels.

To restrict users, groups, and Orgs you can go into that Dashboard → Settings → Permissions and then define which gets access as either viewer or an editor

Here is a screenshot which we use within our Team to give access to certain users.

Also, we have this documentation which describes the permission role matrix if you want more detailed information.

Let us know if this helps.

Hi,

thank you. I checked the permission role matrix and it unfortunately seems it is not as fine-grained as we would need to. What we are looking for could be also described as ui-editor role, ie. user who can change visualizations, but cannot change dashboard variables nor panels queries.

Hi @alespour ,

I checked and found out that the more advanced RBAC available but only in the Enterprise or Advanced Cloud versions of Grafana.

If this is something you need for your organization then might be good option to go for Enterprise version and then get more details from our support and sales team about it.