LBAC for data sources - logs
Grafana Cloud
← Back to What's newLBAC for data sources - logs
Generally AvailableData sourcesLogsAuthentication and authorization
Release date: 2025-02-28
It can be hard for teams to collaborate on dashboards when they have to use different data sources. Grafana instances can become cluttered and confusing with hundreds of data sources.
LBAC (Label Based Access Control) for data sources - logs (previously called Team LBAC) is our first step towards seamless management of access for Loki logs. Each team views the same data source filtered by their team’s label permissions.
Feature highlights
- Teams can view queries to the same data source with different LBAC rules applied
- Configurable using the API and the UI
- Simplified LBAC notation is automatically converted into correct custom headers
Best practices
- We recommend you only add query permissions for teams that will have LBAC rules and remove default
ViewerandEditorquery permissions. - As an initial setup, we recommend defining as few rules as possible for each team, making sure that they’re additive rather than negating one another.
- For validating rules, we recommend testing each rule in Loki Explore view. This allows you to see the logs that would be returned for the specific rule.
Was this page helpful?
Related resources from Grafana Labs
60 min
Getting started with managing your metrics, logs, and traces using Grafana
In this webinar, we’ll demo how to get started using the LGTM Stack: Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for metrics.
60 min
Intro to Kubernetes monitoring in Grafana Cloud
In this webinar you’ll learn how Grafana offers developers and SREs a simple and quick-to-value solution for monitoring their Kubernetes infrastructure.
30 Apr
Building advanced Grafana dashboards
In this webinar, we’ll demo how to build and format Grafana dashboards.