Dashboard and folder permissions - Amazon Managed Grafana

Dashboard and folder permissions

For dashboards and dashboard folders, you can use the Permissions page to remove the default role based permissions for Editors and Viewers. On this page, you can add and assign permissions to specific Users and Teams.

Amazon Managed Grafana provides the following permission levels:

  • Admin: Can edit and create dashboards and edit permissions. Can also add, edit, and delete folders.

  • Edit: Can edit and create dashboards. Cannot edit folder or dashboard permissions, or add, edit, or delete folders.

  • View: Can only view existing dashboards and folders.

Granting folder permissions

To grant folder permissions

  1. In the sidebar, pause on the Dashboards (squares) icon, and then choose Manage.

  2. Pause on a folder, and then choose Go to folder.

  3. On the Permissions tab, choose Add Permission.

  4. In the Add Permission For dialog box, choose User, Team, or one of the role options.

  5. In the second box, select the user or team to add permission for. Skip this step if you selected a role option in the previous step.

  6. In the third box, select the permission that you want to add.

  7. Choose Save.

Granting dashboard permissions

To grant dashboard permissions

  1. In the top right corner of your dashboard, choose the cog icon to go to Dashboard settings.

  2. On the Permissions tab, choose Add Permission.

  3. In the Add Permission For dialog box, select User, Team, or one of the role options.

  4. In the second box, select the user or team to add permission for. Skip this step if you selected a role option in the previous step.

  5. In the third box, select the permission you that want to add.

  6. Choose Save.

Restricting access

The highest permission always wins.

  • You cannot override permissions for users with the Admin role. Admins always have access to everything.

  • A more specific permission with a lower permission level does not have any effect if a more general rule exists with a higher permission level. You need to remove or lower the permission level of the more general rule.

How Amazon Managed Grafana resolves multiple permissions – examples

The following examples show how multiple permissions are resolved.

Example 1: user1 has the Editor role

Permissions for a dashboard:

  • Everyone with the Editor role can edit.

  • user1 can view.

Result: user1 has Edit permission because the highest permission always wins.

Example 2: user1 has the Viewer role and is a member of team1

Permissions for a dashboard:

  • Everyone with the Viewer role can view.

  • user1 has the Editor role and can edit.

  • team1 has the Admin role.

Result: user1 has Admin permission because the highest permission always wins.

Example 3: user1 has multiple permissions at different levels

Permissions for a dashboard:

  • user1 has the Admin role (inherited from parent folder).

  • user1 has the Editor role and can edit.

Result: You cannot override to a lower permission. user1 has Admin permission because the highest permission always wins.

Summary

  • View: Can only view existing dashboards or folders.

  • A more specific permission with a lower permission level will not have any effect if a more general rule exists with higher permission level.