This is documentation for the next version of Grafana documentation. For the latest stable release, go to the latest version.

Documentationbreadcrumb arrow Grafana documentationbreadcrumb arrow Administrationbreadcrumb arrow Roles and permissionsbreadcrumb arrow Role-based access control (RBAC)breadcrumb arrow Configure RBAC in Grafana
Grafana Cloud Enterprise

Configure RBAC options in Grafana

Note

Available in Grafana Enterprise and Grafana Cloud.

The table below describes the available RBAC configuration options for your Grafana stack. Like any other Grafana configuration, you can apply these options as environment variables.

SettingRequiredDescriptionDefault
permission_cacheNoEnable to use in memory cache for loading and evaluating users’ permissions.true
permission_validation_enabledNoGrafana enforces validation for permissions when a user creates or updates a role. The system checks the internal list of scopes and actions for each permission to determine they are valid. By default, if a scope or action is not recognized, Grafana logs a warning message. When set to true, Grafana returns an error.true
reset_basic_rolesNoReset Grafana’s basic roles’ (Viewer, Editor, Admin, Grafana Admin) permissions to their default. Warning, if this configuration option is left to true this will be done on every reboot.true

Example RBAC configuration

Bash 
[rbac]

permission_cache = true