Create users and teams
Introduction
This tutorial is useful for admins and others who want to learn how to manage users. In this tutorial, you’ll add multiple users, organize them into teams, and make sure they’re only able to access the resources they need.
In this tutorial, you’ll:
- Add users.
- Assign users to teams.
- Manage dashboard access using folders.
- Override access for individual dashboards.
Scenario
Graphona, a fictional telemarketing company, has asked you to configure Grafana for their teams.
In this scenario, you’ll:
- Create users and organize them into teams.
- Manage resource access for each user and team through roles and folders.
Prerequisites
- Grafana 7.0
Add users
In Grafana, all users are granted an organization role that determines what resources they can access.
There are three types of organization roles in Grafana:
- Admin - For managing data sources, teams, and users within an organization.
- Editor - For creating and editing dashboards.
- Viewer - For viewing dashboards.
Note: You can also configure Grafana to allow anonymous access, to make dashboards available even to those who don’t have a Grafana user account. That’s how Grafana Labs made https://play.grafana.com publicly available.
Exercise
Graphona has asked you to add a group of early adopters.
Name | Username | |
---|---|---|
Almaz Russom | almaz.russom@example.com | almaz.russom |
Brenda Tilman | brenda.tilman@example.com | brenda.tilman |
Mada Rawdha Tahan | mada.rawdha.tahan@example | mada.rawdha.tahan |
Yuan Yang | yuan.yang@example.com | yuan.yang |
Add a user
Repeat the following steps for each of the employees.
- On the sidebar, click the Server Admin (shield) icon.
- In the Users tab, click New user.
- In Name, enter the name of the user.
- In E-mail, enter the email of the user.
- In Username, enter the username that the user will use to log in.
- In Password, enter a password. The user can change their password once they log in.
- Click Create to create the user account.
When you create a user, they’re granted the Viewer role, which means that they won’t be able to make any changes to any of the resources in Grafana. That’s ok for now, though. In the next step, you’ll grant some users more permissions by adding them to teams.
Assign users to teams
Instead of granting permissions to individual users, teams let you grant permissions to a group of users.
Teams are useful when onboarding new colleagues. If you add a user to a team, they get access to all resources assigned to that team.
Exercise
In this exercise, you’ll assign users to their corresponding team.
Username | Team |
---|---|
brenda.tilman | Marketing |
mada.rawdha.tahan | Marketing |
almaz.russom | Engineering |
yuan.yang | Engineering |
You’ll create a team, then add users to it. You’ll then repeat the process with the second team and the remaining users.
Create a team
- In the sidebar, hover your mouse over the Configuration (gear) icon and then click Teams.
- Click New team.
- In Name, enter the name of the team: either Marketing or Engineering. You do not need to enter an email.
- Click Create.
Add a user to a team
- Click Add member.
- In the Add team member box, select the user you want to add to the team. Refer to the table above for team assignments.
- Click Add to team.
When you’re done, you’ll have two teams with two users assigned to each.
Manage resource access with folders
Use folders to organize collections of related dashboards.
Exercise
The Marketing team is going to use Grafana for analytics, while the Engineering team wants to monitor the application they’re building.
You’ll create two folders, Analytics and Application, where each team can add their own dashboards. The teams still want to be able to view each other’s dashboards.
Folder | Team | Permissions |
---|---|---|
Analytics | Marketing | Edit |
Engineering | View | |
Application | Marketing | View |
Engineering | Edit |
Repeat the following steps for each folder.
Add a folder for each team
- In the sidebar, hover your cursor over the Dashboards (four squares) icon and then click Manage.
- To create a folder, click New Folder.
- In Name, enter the folder name.
- Click Create.
Remove Viewer role from folder permissions
By default, when you create a folder, all users with the Viewer role are granted permission to view the folder.
In this example, Graphona wants to explicitly grant teams access to folders. To support this, you need to remove the Viewer role from the list of permissions:
- In the sidebar, hover your cursor over the Dashboards (four squares) icon and then click Manage.
- Hover your cursor over the folder name, and click the cog icon to the right.
- Go to the Permissions tab.
- Remove the Viewer role from the list, by clicking the red button on the right.
Grant folder permissions to a team:
- Go to the Permissions tab, and then click Add Permission.
- In the Add Permission For dialog, make sure “Team” is selected in the first box.
- In the second box, select the team to grant access to.
- In the third box, select the access you want to grant.
- Click Save.
When you’re finished, you’ll have two empty folders, the contents of which can only be viewed by members of the Marketing or Engineering teams. Only Marketing team members can edit the contents of the Analytics folder, only Engineering team members can edit the contents of the Application folder.
Define granular permissions
By using folders and teams, you avoid having to manage permissions for individual users.
However, there are times when you need to configure permissions on a more granular level. For these cases, Grafana allows you to override permissions for specific dashboards.
Exercise
Graphona has hired a consultant to assist the Marketing team. The consultant should only be able to access the SEO dashboard in the Analytics folder.
Name | Username | |
---|---|---|
Luc Masson | luc.masson@exampleconsulting.com | luc.masson |
Add a new user
- In the sidebar, click the Server Admin (shield) icon.
- In the Users tab, click New user.
- In Name, enter the name of the user.
- In E-mail, enter the email of the user.
- In Username, enter the username that the user will use to log in.
- In Password, enter a password. The user can change their password once they log in.
- Click Create user to create the user account.
Create a dashboard
- In the sidebar, click the Create (plus) icon to create a new dashboard.
- In the top right corner, click the cog icon to go to Dashboard settings.
- In Name, enter SEO.
- In the Folder list, select Analytics.
- Click the Go back arrow and then click the Save dashboard (disk) icon.
- Click Save.
Grant a user permission to view dashboard
- In the top right corner of your dashboard, click the cog icon to go to Dashboard settings.
- Go to the Permissions tab, and click Add Permission.
- In the Add Permission For dialog, select User in the first box.
- In the second box, select the user to grant access to: Luc Masson.
- In the third box, select View.
- Click Save.
- Click Save dashboard.
- Add a note about giving Luc Masson Viewer permission for the dashboard and then click Save.
You’ve created a new user and given them unique permissions to view contents of a folder.
Summary
In this tutorial, you’ve configured Grafana for an organization:
- You added users to your organization.
- You created teams to manage permissions for groups of users.
- You configured permissions for folders and dashboard.