Configure role-based access controls

Implementing role-based access control (RBAC) provides granular permissions management to control feature access.

To configure RBAC, complete the following steps:

1. Create a file named userrbac.tf for custom RBAC roles:

   hcl Copy

   resource "grafana_role" "finance_reporting" {
     name        = "Finance Reporting Access"
     description = "Provides reporting capabilities to Finance team"
     version     = 1
     uid         = "finance_reporting_v1"
   
     permissions {
       action = "reports:send"
     }
   
     permissions {
       action = "reports:read"
     }
   }
   
   resource "grafana_team_role_assignment" "finance_reporting" {
     role_uid = grafana_role.finance_reporting.uid
     team_id  = grafana_team.finance.id
   }

2. Add Marketing team application access:

   hcl Copy

   resource "grafana_role" "marketing_apps" {
     name        = "Marketing Additional Apps"
     description = "Provides K8s app access to Marketing"
     version     = 1
     uid         = "marketing_apps_v1"
   
     permissions {
       action = "plugins:app:access"
       scope  = "plugins:id:grafana-k8s-app"
     }
   }
   
   resource "grafana_team_role_assignment" "marketing_apps" {
     role_uid = grafana_role.marketing_apps.uid
     team_id  = grafana_team.marketing.id
   }

3. Apply the configuration:

   sh Copy

   terraform apply

You’ve just set custom RBAC roles to grant specific feature access.

In the next milestone, you’ll create data sources and configure their access permissions.