Configure data sources with LBAC

Configure data sources with label-based access control (LBAC)

Configuring data sources as code ensures consistent configuration across your environment. Adding label-based access controls (LBAC) restricts which teams can query specific data sources, implementing the principle of least privilege.

To configure data sources with access controls, complete the following steps:

Create a file named datasourceprometheus.tf for your Prometheus data source:

resource "grafana_data_source" "prometheus" {
  type = "prometheus"
  name = "--Prometheus"
  url  = "https://prometheus.example.com"

  json_data_encoded = jsonencode({
    httpMethod = "POST"
  })
}

Create a file named datasourcetestdata.tf for testing:

resource "grafana_data_source" "testdata" {
  type = "testdata"
  name = "--TestData"
}

Create a file named datasourceinfinity.tf for the Infinity plugin:

resource "grafana_data_source" "infinity" {
  type = "yesoreyeram-infinity-datasource"
  name = "--Infinity"
}

Create a file named datasource_perms.tf for label-based access control:

resource "grafana_data_source_permission" "testdata_finance" {
  datasource_id = grafana_data_source.testdata.id

  permissions {
    team_id    = grafana_team.finance.id
    permission = "Query"
  }
}

resource "grafana_data_source_permission" "infinity_marketing" {
  datasource_id = grafana_data_source.infinity.id

  permissions {
    team_id    = grafana_team.marketing.id
    permission = "Query"
  }
}

Apply the configuration:
sh
```
terraform apply
```

The data sources are created with team-specific query permissions. Only Finance can query the TestData source, and only Marketing can query the Infinity source.

In the next milestone, you’ll create dashboard folders and apply team permissions.

Configure RBAC

page 7 of 12

Import dashboards

page 7 of 12