AdministrationRoles and permissionsGrafana Role-based access control (RBAC)Configure RBAC in Grafana

Configure RBAC in Grafana

Note: Available in Grafana Enterprise and Grafana Cloud Advanced.

The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as environment variables.

permission_cacheNoEnable to use in memory cache for loading and evaluating users’ permissions.true
permission_validation_enabledNoGrafana enforces validation for permissions when a user creates or updates a role. The system checks the internal list of scopes and actions for each permission to determine they are valid. By default, if a scope or action is not recognized, Grafana logs a warning message. When set to true, Grafana returns an error.false
reset_basic_rolesNoReset Grafana’s basic roles’ (Viewer, Editor, Admin, Grafana Admin) permissions to their default. Warning, if this configuration option is left to true this will be done on every reboot.true

Example RBAC configuration


permission_cache = true