Documentationbreadcrumb arrow Grafana Cloudbreadcrumb arrow AI and machine learningbreadcrumb arrow Grafana AI Observabilitybreadcrumb arrow Manage privacy and securitybreadcrumb arrow Control access
Grafana Cloud

Security and access controls

Grafana AI Observability enforces security at multiple layers: tenant isolation at the API level, authentication on SDK connections, RBAC in the Grafana plugin, and a proxy boundary between the plugin and the AI Observability backend.

Understand tenant isolation

Every API request requires a tenant identifier in the X-Scope-OrgID header. AI Observability enforces strict tenant boundaries. Generation data is scoped to the tenant that exported it. Query APIs return only data for the authenticated tenant. Evaluation rules and scores are tenant-scoped. There is no cross-tenant data access.

When SIGIL_AUTH_ENABLED is true (the default), AI Observability rejects requests without a tenant header with 401 Unauthorized (HTTP) or Unauthenticated (gRPC).

Choose an SDK authentication mode

SDKs authenticate using one of four modes. For production deployments, use basic (Grafana Cloud) or bearer (custom proxy) mode.

ModeUse case
noneLocal development only — no authentication.
tenantSelf-hosted with tenant header injection.
bearerProxy-based authentication with bearer tokens.
basicGrafana Cloud with instance ID and API key.

Configure plugin RBAC

The Grafana AI Observability plugin defines four roles with increasing permissions. Assign roles through Grafana’s RBAC system to control who can view, annotate, and configure AI Observability.

RoleAccess
Sigil ViewerLanding page and tutorial.
Sigil ReaderConversations, dashboards, traces, agents, evaluation results.
Sigil Feedback WriterAll Reader permissions plus feedback writing.
Sigil AdminFull access including evaluation configuration and settings.

Understand the plugin proxy boundary

The Grafana plugin communicates with the AI Observability backend through a proxy that injects the tenant header from the Grafana user’s organization context, forwards only allowed API paths, enforces plugin-level RBAC before proxying requests, and doesn’t expose the AI Observability API directly to end users.

Use health endpoints

The /healthz and /readyz endpoints are unauthenticated and don’t expose tenant data. They return only service health status.

Secure operational endpoints

/metrics and the /debug/pprof/ subtree (Go pprof plus godeltaprof delta_heap, delta_block, delta_mutex) are exposed unauthenticated on the same HTTP port. Restrict them at the gateway or network layer in deployments where they mustn’t be reachable by end users. AI Observability doesn’t register /debug/pprof/cmdline, so the endpoint doesn’t expose process arguments. Profile payloads can include strings that were on the heap, for example, tenant data, in-flight requests, or credentials loaded at startup. Treat the subtree as privileged.

Next steps