Menu
DocumentationGrafana CloudAlerts and IRMSLOSet upRBAC
Grafana Cloud

Configure RBAC permissions

SLO creation and management permissions are configurable through the Role-based access control (RBAC) function in Grafana Cloud.

Note

RBAC for Grafana SLOs is currently an experimental feature, so the feature toggles need to be enabled by Grafana support.
To enable SLO RBAC functionality, contact your support representative to have them enable the idForwarding and accessControlOnCall toggles.

RBAC action permissions

You can use RBAC permissions to control which users can view, create, edit, and delete SLOs. These rights apply to all SLOs. Access to individual SLOs can be managed through the folder permissions below

By default, all users with viewer basic organizational role have access to view SLOs. All Editor and Admin roles have view, create, edit, and delete SLOs.

To grant RBAC access to individual users who don’t have the basic roles:

  1. In the left navigation menu, click Administration > Users and access > Users.
  2. Click the edit icon for the user whose RBAC permissions you want to change.
  3. In the Organizations section, select SLO > Writer to grant permissions to create, edit, and delete SLOs. Select SLO > Reader to limit the user to view permissions.

For more detailed information on how to provision granular rights in Terraform, see the SLO Terraform docs.

Hide SLOs with scope restrictions

You can also choose to restrict access to specific SLOs through folder permissions. To learn more about how Grafana uses, see the folder permissions section of Grafana’s administration documentation.

Note

If a folder with restricted permissions is deleted, the visibility of the SLOs contained in that folder will default to the visibility settings for the Grafana SLO folder and will be visible in the SLO Overview accordingly.