This is documentation for the next version of Grafana documentation. For the latest stable release, go to the latest version.

Documentationbreadcrumb arrow Grafana documentationbreadcrumb arrow Alertingbreadcrumb arrow Additional configurationbreadcrumb arrow Configure roles and permissions
Open source

Configure roles and permissions

This guide explains how to configure roles and permissions for Grafana Alerting for Grafana OSS users. You’ll learn how to manage access using roles, folder permissions, and contact point permissions.

A user is any individual who can log in to Grafana. Each user is associated with a role that includes permissions. Permissions determine the tasks a user can perform in the system. For example, the Admin role includes permissions for an administrator to create and delete users.

For more information, refer to Organization roles.

Manage access using roles

Grafana OSS has three roles: Admin, Editor, and Viewer.

The following table describes the access each role provides for Grafana Alerting.

RoleAccess
ViewerRead access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences).
EditorWrite access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning.
AdminWrite access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning, as well as assign roles.

Assign roles

To assign roles, an admin needs to complete the following steps.

  1. Navigate to Administration > Users and access > Users, Teams, or Service Accounts.
  2. Search for the user, team or service account you want to add a role for.
  3. Add the role you want to assign.

Manage access using folder permissions

You can extend the access provided by a role to alert rules and rule-specific silences by assigning permissions to individual folders.

This allows different users, teams, or service accounts to have customized access to modify or silence alert rules in specific folders.

Refer to the following table for details on the additional access provided by folder permissions:

Folder permissionAdditional Access
ViewNo additional access: all permissions already contained in Viewer role.
EditWrite access to alert rules and their rule-specific silences only in the given folder and subfolders.
AdminSame additional access as Edit.

Note

You can’t use folders to customize access to notification resources.

To manage folder permissions, complete the following steps:

  1. In the left-side menu, click Dashboards.
  2. Hover your mouse cursor over a folder and click Go to folder.
  3. Click Manage permissions from the Folder actions menu.
  4. Update or add permissions as required.

Manage access to contact points

Extend or limit the access provided by a role to contact points by assigning permissions to individual contact points.

This allows different users, teams, or service accounts to have customized access to read or modify specific contact points.

Refer to the following table for details on the additional access provided by contact point permissions.

Contact point permissionAdditional Access
ViewView and export contact point as well as select it on the Alert rule edit page
EditUpdate or delete the contact point
AdminSame additional access as Edit and manage permissions for the contact point. User should have additional permissions to read users and teams.

Assign contact point permissions

To manage contact point permissions, complete the following steps:

  1. In the left-side menu, click Contact points.
  2. Hover your mouse cursor over a contact point and click More.
  3. Click Manage permissions from the actions menu.
  4. Update or add permissions as required.