Menu
DocumentationGrafana CloudAlerts and IRMSLOSet upRBAC
Grafana Cloud

Configure RBAC permissions

SLO creation and management permissions are configurable through the Role-based access control (RBAC) function in Grafana Cloud. This page tells you how to configure SLO access on an organizational level, or on a user level with folder permissions.

Note

RBAC for Grafana SLOs is currently an experimental feature, so the feature toggles need to be enabled by Grafana support.
To enable SLO RBAC functionality, contact your support representative to have them enable the idForwarding and accessControlOnCall toggles.

RBAC user-based permissions

You can use RBAC permissions to control which users can view, create, edit, and delete SLOs. These rights apply to all SLOs.

By default, all users with Viewer basic organizational role have access to view SLOs, and all Editor and Admin roles have access to view, create, edit, and delete SLOs.

Configure SLO access across Grafana

You can modify an individual user’s permissions so that they are able to view, create, update, and delete SLOs across the entire Grafana Cloud instance. This is useful when you want to grant individual access to users who don’t have an Editor or Admin basic organizational role.

To grant a user access to view, create, update, and delete SLOs across the entire Grafana Cloud instance:

  1. Sign in to Grafana as an organization administrator.
  2. In the left navigation menu, click Administration > Users and access > Users.
  3. Click the edit icon for the user whose RBAC permissions you want to change.
  4. In the Organizations section, select Viewer basic role, SLO > SLO Writer and Folders > Writer.

For more detailed information on how to provision granular permissions in Terraform, see the SLO Terraform docs.

RBAC folder-based permissions

Access to individual SLOs can be managed through folder permissions. By default, all users with Viewer basic organizational role have View permissions to view SLOs in all folders. Admin and Editor basic organizational roles have Edit permissions, and can view, create, edit, and delete SLOs in all folders.

You can edit the other actions available to individual users, service accounts, teams, and roles. See the folder permissions section of Grafana’s administration documentation for more information on how to manage folder permissions in Grafana.

Note

If a folder with restricted permissions is deleted, the visibility of the SLOs contained in that folder will default to the visibility settings for the Grafana SLO folder and will be visible in the SLO Overview accordingly.

Configure SLO access within Folders

If you want to modify a user’s permissions so that they are able to view, create, update, and delete SLOs restricted to a particular Folder, you can use roles and folder permissions to achieve this.

To give a user view, create, update, and delete access for only the SLOs contained in a certain folder:

  1. Sign in to Grafana as an organization administrator.
  2. In the left-side menu, click Administration > Users and access > Users.
  3. Click the edit icon for the user whose RBAC permissions you want to change.
  4. In the Organizations section, select the Viewer basic role and SLO > SLO Writer.
  5. In the left-side menu, click Dashboards.
  6. Choose the folder you want to add permissions for.
  7. Click Folder actions and select Manage permissions from the dropdown.
  8. Click Add a permission and grant the specific user Folder Edit permissions.
  9. The user is now able to view, create, update, and delete SLOs restricted to the chosen Folder.