Team LBAC
It is hard for teams to collaborate on dashboards because they have to use different datasources. Grafana instances become cluttered and confusing with 100s of datasources.
Team LBAC (Label Based Access Control) is our first step towards seamless management of Grafana Teams access for Loki logs. Each team views the same data source filtered by their team’s label permissions.
Feature highlights
- Teams can view queries to the same data source with different LBAC rules applied
- Configurable via API and the UI
- Simplified LBAC notation is automatically converted in correct custom headers
Best practices
- We recommend you only add query permissions for teams that will have LBAC rules, and remove default
Viewer
andEditor
query permissions. - As an initial setup, we recommend defining as few rules as possible for each team, making sure that they are additive rather than negating one another.
- For validating rules, we recommend testing each rule in Loki Explore view. This allows you to see the logs that would be returned for the specific rule.