Change in resource admin behaviour
Change in resource admin behaviour
In Grafana Cloud, we’re rolling out a change to what resource administrators can see on a resource’s permissions list. If you can view and manage the permissions on a folder or dashboard, you will soon see every user and team that has access to it.
Today, Grafana filters that list. When you open the permissions for a resource, we hide any user or team you don’t otherwise have access to see. Going forward, anyone with admin-level permissions on a resource sees the full access list, with no filtering.
This changes what you can see, not who has access. No one gains access to any dashboard, folder, or data as a result of this change. The only difference is that the people who already manage a resource’s permissions get a complete picture of who can reach it.
Why we’re making this change. If you’re responsible for a resource and its permissions, you should have full insight into who can access it. A filtered list can hide access you’d want to know about. We found this behavior while migrating the resource permissions APIs to Grafana’s app platform, and it was the right time to correct it.
What to check before this rolls out. The full access list may surface grants you weren’t aware of, including access that crosses team boundaries. Before the change reaches your instance, review the permissions on your sensitive folders and dashboards and remove any access that shouldn’t be there. Doing this ahead of time avoids surprises once the complete list becomes visible.
