--- title: "Configure role-based access controls | Grafana Labs" description: "Implement granular access controls using custom RBAC roles." --- > For a curated documentation index, see [llms.txt](/llms.txt). For the complete documentation index, see [llms-full.txt](/llms-full.txt). # Configure role-based access controls Implementing role-based access control (RBAC) provides granular permissions management to control feature access. To configure RBAC, complete the following steps: 1. Create a file named `userrbac.tf` for custom RBAC roles: hcl ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```hcl resource "grafana_role" "finance_reporting" { name = "Finance Reporting Access" description = "Provides reporting capabilities to Finance team" version = 1 uid = "finance_reporting_v1" permissions { action = "reports:send" } permissions { action = "reports:read" } } resource "grafana_team_role_assignment" "finance_reporting" { role_uid = grafana_role.finance_reporting.uid team_id = grafana_team.finance.id } ``` 2. Add Marketing team application access: hcl ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```hcl resource "grafana_role" "marketing_apps" { name = "Marketing Additional Apps" description = "Provides K8s app access to Marketing" version = 1 uid = "marketing_apps_v1" permissions { action = "plugins:app:access" scope = "plugins:id:grafana-k8s-app" } } resource "grafana_team_role_assignment" "marketing_apps" { role_uid = grafana_role.marketing_apps.uid team_id = grafana_team.marketing.id } ``` 3. Apply the configuration: sh ![Copy code to clipboard](/media/images/icons/icon-copy-small-2.svg) Copy ```sh terraform apply ``` You’ve just set custom RBAC roles to grant specific feature access. In the next milestone, you’ll create data sources and configure their access permissions.