Permissions on Grafana Labs

Dashboard and Folder Permissions

Fri, 06 Mar 2026 07:23:54 +0000

Dashboard and Folder Permissions

For dashboards and dashboard folders there is a Permissions page that makes it possible to remove the default role based permissions for Editors and Viewers. On this page you can add and assign permissions to specific Users and Teams.

You can assign and remove permissions for Organization Roles, Users and Teams.

Permission levels:

Admin: Can edit and create dashboards and edit permissions. Can also add, edit, and delete folders.
Edit: Can edit and create dashboards. Cannot edit folder/dashboard permissions, or add, edit, or delete folders.
View: Can only view existing dashboards/folders.

Restricting Access

The highest permission always wins so if you for example want to hide a folder or dashboard from others you need to remove the Organization Role based permission from the Access Control List (ACL).

You cannot override permissions for users with the Org Admin Role. Admins always have access to everything.
A more specific permission with a lower permission level will not have any effect if a more general rule exists with higher permission level. You need to remove or lower the permission level of the more general rule.

How Grafana Resolves Multiple Permissions - Examples

Example 1 (`user1` has the Editor Role)

Permissions for a dashboard:

Everyone with Editor Role Can Edit
user1 Can View

Result: user1 has Edit permission as the highest permission always wins.

Example 2 (`user1` has the Viewer Role and is a member of `team1`)

Permissions for a dashboard:

Everyone with Viewer Role Can View
user1 Can Edit
team1 Can Admin

Result: user1 has Admin permission as the highest permission always wins.

Example 3

Permissions for a dashboard:

user1 Can Admin (inherited from parent folder)
user1 Can Edit

Result: You cannot override to a lower permission. user1 has Admin permission as the highest permission always wins.

Summary

View: Can only view existing dashboards/folders.
You cannot override permissions for users with Org Admin Role
A more specific permission with lower permission level will not have any effect if a more general rule exists with higher permission level.

For example if “Everyone with Editor Role Can Edit” exists in the ACL list then John Doe will still have Edit permission even after you have specifically added a permission for this user with the permission set to View. You need to remove or lower the permission level of the more general rule.

You cannot override permissions for users with Org Admin Role
A more specific permission with lower permission level will not have any effect if a more general rule exists with higher permission level. For example if “Everyone with Editor Role Can Edit” exists in the ACL list then John Doe will still have Edit permission even after you have specifically added a permission for this user with the permission set to View. You need to remove or lower the permission level of the more general rule.

Datasource Permissions

Fri, 06 Mar 2026 07:23:54 +0000

Data source permissions

Data source permissions allow you to restrict access for users to query a data source. For each data source there is a permission page that allows you to enable permissions and restrict query permissions to specific Users and Teams.

Data source permissions are only available in Grafana Enterprise. For more information, refer to Data source permissions in Grafana Enterprise.

Grant dashboard and folder permissions

Fri, 06 Mar 2026 07:23:54 +0000

Grant dashboard and folder permissions

Grant permission to dashboards and folders to control who can access them.

Grant folder permissions

In the sidebar, hover your mouse over the Dashboards (squares) icon and then click Manage.
Hover your mouse cursor over a folder and click the gear icon to the right.
Go to the Permissions tab, and then click Add Permission.
In the Add Permission For dialog, select User or Team.
In the second box, select the user or team to add permission for.
In the third box, select the permission you want to add.
Click Save.

Grant dashboard permissions

In the top right corner of your dashboard, click the cog icon to go to Dashboard settings.
Go to the Permissions tab, and click Add Permission.
In the Add Permission For dialog, select User or Team.
In the second box, select the user or team to add permission for.
In the third box, select the permission you want to add.
Click Save.

Organization roles

Fri, 06 Mar 2026 07:23:54 +0000

Organization roles

Users can belong to one or more organizations. A user’s organization membership is tied to a role that defines what the user is allowed to do in that organization.

Admin role

Can do everything scoped to the organization. For example:

Can add, edit, and delete data sources.
Can add and edit users and teams in organizations.
Can add, edit, and delete folders.
Can configure app plugins and organization settings.
Can do everything allowed by the Editor role.

Editor role

Can view, add, and edit dashboards, panels, and alert rules in dashboards they have access to. This can be disabled on specific folders and dashboards.
Can create, update, or delete playlists.
Can access Explore.
Cannot add, edit, or delete data sources.
Cannot add, edit, or delete alert notification channels.
Cannot manage other organizations, users, and teams.

This role can be tweaked via Grafana server setting editors_can_admin. If you set this to true, then users with the Editor role can also administrate dashboards, folders and teams they create. This is especially useful for enabling self-organizing teams to administer their own dashboards.

Viewer role

Can view any dashboard they have access to. This can be disabled on specific folders and dashboards.
Cannot add, edit, or delete data sources.
Cannot add, edit, or delete dashboards or panels.
Cannot create, update, or delete playlists.
Cannot add, edit, or delete alert notification channels.
Cannot access Explore.
Cannot manage other organizations, users, and teams.

This role can be tweaked via Grafana server setting viewers_can_edit. If you set this to true, then users with the Viewer role can also make transient dashboard edits, meaning they can modify panels and queries but not save the changes (nor create new dashboards). This is especially useful for public Grafana installations where you want anonymous users to be able to edit panels and queries but not save or create new dashboards.

Overview

Fri, 06 Mar 2026 07:23:54 +0000

Permissions Overview

Grafana users have permissions that are determined by their:

Organization Role (Admin, Editor, Viewer)
Via Team memberships where the Team has been assigned specific permissions.
Via permissions assigned directly to user (on folders, dashboards, data sources)
The Grafana Admin (i.e. Super Admin) user flag.

Users

Grafana supports a wide variety of internal and external ways for users to authenticate themselves. These include from its own integrated database, from an external SQL server, or from an external LDAP server.

Grafana Admin

This admin flag makes user a Super Admin. This means they can access the Server Admin views where all users and organizations can be administrated.

Organization Roles

Users can belong to one or more organizations. A user’s organization membership is tied to a role that defines what the user is allowed to do in that organization. Grafana supports multiple organizations in order to support a wide variety of deployment models, including using a single Grafana instance to provide service to multiple potentially untrusted organizations.

In most cases, Grafana is deployed with a single organization.

Each organization can have one or more data sources.

All dashboards are owned by a particular organization.

Note: Most metric databases do not provide per-user series authentication. This means that organization data sources and dashboards are available to all users in a particular organization.

Refer to Organization roles for more information.

Dashboard and Folder Permissions

Dashboard and folder permissions allow you to remove the default role based permissions for Editors and Viewers and assign permissions to specific Users and Teams. Learn more about Dashboard and Folder Permissions.

Data source permissions

Per default, a data source in an organization can be queried by any user in that organization. For example a user with Viewer role can still issue any possible query to a data source, not just those queries that exist on dashboards he/she has access to.

Data source permissions allows you to change the default permissions for data sources and restrict query permissions to specific Users and Teams. Read more about data source permissions.

Permissions on Grafana Labs

Dashboard and Folder Permissions

Dashboard and Folder Permissions

Restricting Access

How Grafana Resolves Multiple Permissions - Examples

Example 1 (user1 has the Editor Role)

Example 2 (user1 has the Viewer Role and is a member of team1)

Example 3

Summary

Datasource Permissions

Data source permissions

Grant dashboard and folder permissions

Grant dashboard and folder permissions

Grant folder permissions

Grant dashboard permissions

Organization roles

Organization roles

Admin role

Editor role

Viewer role

Overview

Permissions Overview

Users

Grafana Admin

Organization Roles

Dashboard and Folder Permissions

Data source permissions

Example 1 (`user1` has the Editor Role)

Example 2 (`user1` has the Viewer Role and is a member of `team1`)