---
title: "Security and access controls | Grafana Cloud documentation"
description: "Understand tenant isolation, authentication modes, RBAC roles, and the plugin proxy boundary in AI Observability."
---

> For a curated documentation index, see [llms.txt](/llms.txt). For the complete documentation index, see [llms-full.txt](/llms-full.txt).

# Security and access controls

Grafana AI Observability enforces security at multiple layers: tenant isolation at the API level, authentication on SDK connections, RBAC in the Grafana plugin, and a proxy boundary between the plugin and the AI Observability backend.

## Understand tenant isolation

Every API request requires a tenant identifier in the `X-Scope-OrgID` header. AI Observability enforces strict tenant boundaries. Generation data is scoped to the tenant that exported it. Query APIs return only data for the authenticated tenant. Evaluation rules and scores are tenant-scoped. There is no cross-tenant data access.

When `SIGIL_AUTH_ENABLED` is `true` (the default), AI Observability rejects requests without a tenant header with `401 Unauthorized` (HTTP) or `Unauthenticated` (gRPC).

## Choose an SDK authentication mode

SDKs authenticate using one of four modes. For production deployments, use `basic` (Grafana Cloud) or `bearer` (custom proxy) mode.

Expand table

| Mode     | Use case                                       |
|----------|------------------------------------------------|
| `none`   | Local development only — no authentication.    |
| `tenant` | Self-hosted with tenant header injection.      |
| `bearer` | Proxy-based authentication with bearer tokens. |
| `basic`  | Grafana Cloud with instance ID and API key.    |

## Configure plugin RBAC

The Grafana AI Observability plugin defines four roles with increasing permissions. Assign roles through Grafana’s RBAC system to control who can view, annotate, and configure AI Observability.

Expand table

| Role                  | Access                                                         |
|-----------------------|----------------------------------------------------------------|
| Sigil Viewer          | Landing page and tutorial.                                     |
| Sigil Reader          | Conversations, dashboards, traces, agents, evaluation results. |
| Sigil Feedback Writer | All Reader permissions plus feedback writing.                  |
| Sigil Admin           | Full access including evaluation configuration and settings.   |

## Understand the plugin proxy boundary

The Grafana plugin communicates with the AI Observability backend through a proxy that injects the tenant header from the Grafana user’s organization context, forwards only allowed API paths, enforces plugin-level RBAC before proxying requests, and doesn’t expose the AI Observability API directly to end users.

## Use health endpoints

The `/healthz` and `/readyz` endpoints are unauthenticated and don’t expose tenant data. They return only service health status.

## Secure operational endpoints

`/metrics` and the `/debug/pprof/` subtree (Go pprof plus godeltaprof `delta_heap`, `delta_block`, `delta_mutex`) are exposed unauthenticated on the same HTTP port. Restrict them at the gateway or network layer in deployments where they mustn’t be reachable by end users. AI Observability doesn’t register `/debug/pprof/cmdline`, so the endpoint doesn’t expose process arguments. Profile payloads can include strings that were on the heap, for example, tenant data, in-flight requests, or credentials loaded at startup. Treat the subtree as privileged.

## Next steps

- [Data handling and privacy](/docs/grafana-cloud/machine-learning/ai-observability/privacy-and-security/privacy)
- [Configure the AI Observability plugin](/docs/grafana-cloud/machine-learning/ai-observability/configure/plugin)