Configure RBAC permissions
SLO creation and management permissions are configurable through the Role-based access control (RBAC) function in Grafana Cloud. This page tells you how to configure SLO access on an organizational level, or on a user level with folder permissions.
RBAC user-based permissions
You can use RBAC permissions to control which users can view, create, edit, and delete SLOs. These rights apply to all SLOs.
By default, all users with Viewer basic organizational role have access to view SLOs, and all Editor and Admin roles have access to view, create, edit, and delete SLOs.
Configure SLO access across Grafana
You can modify an individual user’s permissions so that they are able to view, create, update, and delete SLOs across the entire Grafana Cloud instance. This is useful when you want to grant individual access to users who don’t have an Editor or Admin basic organizational role.
To grant a user access to view, create, update, and delete SLOs across the entire Grafana Cloud instance:
- Sign in to Grafana as an organization administrator.
- In the left navigation menu, click Administration > Users and access > Users.
- Click the Role for the user whose RBAC permissions you want to change.
- In the Organizations section, select Viewer basic role, SLO > SLO Writer and Folders > Writer.
- Click Apply to save the changes.
For more detailed information on how to provision granular permissions in Terraform, see the SLO Terraform docs.
RBAC folder-based permissions
Access to individual SLOs can be managed through folder permissions. By default, all users with Viewer basic organizational role have View permissions to view SLOs in all folders. Admin and Editor basic organizational roles have Edit permissions, and can view, create, edit, and delete SLOs in all folders.
You can edit the other actions available to individual users, service accounts, teams, and roles. See the folder permissions section of Grafana’s administration documentation for more information on how to manage folder permissions in Grafana.
If a folder with restricted permissions is deleted, the visibility of the SLOs contained in that folder will default to the visibility settings for the Grafana SLO folder and will be visible in the SLO Overview accordingly.
Configure SLO access within Folders
If you want to modify a user’s permissions so that they are able to view, create, update, and delete SLOs restricted to a particular Folder, you can use roles and folder permissions to achieve this.
To give a user view, create, update, and delete access for only the SLOs contained in a certain folder:
- Sign in to Grafana as an organization administrator.
- In the left-side menu, click Administration > Users and access > Users.
- Search for the user whose permissions you want to edit.
- Click the user’s role and, under the Plugins section of the drowpdown, click SLO > SLO Writer.
- Click Apply to save the changes.
- Next, go to the left-side menu and click Dashboards.
- Choose the folder you want to add permissions for.
- Click Folder actions and select Manage permissions from the dropdown.
- Click Add a permission and grant the specific user Folder Edit permissions.
- The user is now able to view, create, update, and delete SLOs restricted to the chosen Folder.