Menu
Grafana Cloud
← Back to What's new
Available in public previewData sourcesLogsAuthentication and authorization
Release date: 2024-04-01

Team LBAC

It is hard for teams to collaborate on dashboards because they have to use different datasources. Grafana instances become cluttered and confusing with 100s of datasources.

Team LBAC (Label Based Access Control) is our first step towards seamless management of Grafana Teams access for Loki logs. Each team views the same data source filtered by their team’s label permissions.

Feature highlights

  • Teams can view queries to the same data source with different LBAC rules applied
  • Configurable via API and the UI
  • Simplified LBAC notation is automatically converted in correct custom headers

Best practices

  • We recommend you only add query permissions for teams that will have LBAC rules, and remove default Viewer and Editor query permissions.
  • As an initial setup, we recommend defining as few rules as possible for each team, making sure that they are additive rather than negating one another.
  • For validating rules, we recommend testing each rule in Loki Explore view. This allows you to see the logs that would be returned for the specific rule.

datasource permissions tab - team lbac