Grafana 105: Sneak peeking Users, Organizations and their permissions with an example !

Hello Tech Maniacs !

If you are with me , throughout from blog1, on this Grafana Journey , then you would have known that Grafana is all set to make our life easier by providing its fully open source features those are just finger clicks away ! Now in this blog lets talk about Users, Organizations and Permissions in the world of Grafana !

ROLES:

These are basically the permission which will be assigned to the users which will define the scale of access to the dashboards . Suppose a user can just view the dashboards or a viewer can actually edit and even can delete the dashboards !

So we have three type of roles here :

→ Admin

→ Editor

→ Viewer

Users can belong to one or more organizations. A user’s organization membership is tied to a role that defines what the user is allowed to do in that organization.

Admin Role

  • Can do everything scoped to the organization. As stated in the below points.
  • Add and Edit data sources.
  • Add and Edit organization users and teams.
  • Configure App plugins and set org settings.

Editor Role

  • Can create and modify dashboards and alert rules. This can be disabled on specific folders and dashboards.
  • Cannot create or edit data sources nor invite new users.

Viewer Role

  • View any dashboard. This can be disabled on specific folders and dashboards.
  • Cannot create or edit dashboards nor data sources.

USERS:

A user is a named account in Grafana. A user can belong to one or more organizations and can be assigned different levels of privileges through roles. Grafana supports a wide variety of internal and external ways for users to authenticate themselves.

Just like in any other application , here users are the primary authenticated resources who can access Grafana and are prone to the World of Grafana depending upon the permissions provided on their users.

In this way you can create a users and view the permissions on your user ! Here you can see that Mohit is not a Grafana Admin under the Permission section. Mohit is assigned “viewer” access on the Main Org.

ORGANIZATIONS:

Organization is another kind of separation in the Grafana world . Suppose you have number of multiple dashboards , one for the Developers team, one for the business admins and one for your end users . Hence you want , all your Dashboards to be separated from one another and your end users should only see the “users centeric dashboards” and the developer team should only see the “developer centric dashboards” and it goes on ..

Users can belong to one or more organizations. A user’s organization membership is tied to a role that defines what the user is allowed to do in that organization. Grafana supports multiple organizations in order to support a wide variety of deployment models, including using a single Grafana instance to provide service to multiple potentially untrusted organizations.

In most cases, Grafana is deployed with a single organization.Each organization can have one or more data sources.All dashboards are owned by a particular organization.

And here you can create your Organization !
After this your Org is created and it will ask you to set some preferences like UI Theme (like dark or light) ,Home dashboards and TImezone !

Now since your org is created ! Create your Dashboards under this organization and provide access to your users to this organization . A user assigned to this Org only can only see the dashboards under this org only and cannot see the dashboards of the other Org .

For eg. we have created an org just now named “Production Organization”. Suppose we created some production related dashboards under this org. Now I want that my user “Mohit Shrestha” should only be allowed to view these dashboards which are created under “Production Organization” . So this is how we should proceed :

Select users from Server Admin from the left side panel and select your user you want to assign the organization on . Here we are selecting user “Mohit”
So we are into the correct user “Mohit”. Click on the tab “Add user to organization” and add our org to this user
Select your organization from the drop down and assign the kind of role , you want your user should have on this organization .
You can see that your user “Mohit” is attached to the organization “Production Organization” and can view the dashboards under this org.

Hope you liked this blog and it helped you out knowing more about Grafana! Here are the links to my previous blogs , follow me for more interesting blogs .

Link to my blog Grafana-101 : https://medium.com/@mohitshrestha02/grafana-101-what-is-grafana-installing-grafana-on-linux-and-docker-744244084bd7Link to my blog Grafana-102 : https://medium.com/@mohitshrestha02/grafana-102-creating-our-first-dashboard-with-grafana-d0a49425f977Link to my blog Grafana-103 : https://medium.com/@mohitshrestha02/grafana-103-customizing-login-screen-for-grafana-playing-with-white-labels-and-many-more-1d63c23a138cLink to my blog Grafana-104 : https://medium.com/@mohitshrestha02/grafana-104-adding-mongodb-as-a-datasource-in-grafana-type-of-datasources-f9531fbdf3a

Cheers !

Senior DevOps Engineer