You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thinking about this in the most general case where we can have different ways for users to authenticate themselves, I see some options.
For customers with dedicated clusters:
We configure one additional user besides the admin user and the user created to update the grafana dashboards, and let that user have just read access to the instance. Then, we share those credentials with the community representatives to handle as they please.
We let Grafana work against the production JupyterHub as an identity provider
For customers with shared clusters:
0. First of all, I'm really not sure here because we have a shared grafana instance accessing several different data sources and providing a bit more dashboards etc.
I think maybe its reasonable to configure one additional user per hub, and a set of permissions for that user to have readonly access to the relevant prometheus data source.
I don't think its reasonable to setup auth against all of the jupyterhub's and even if we do, the permissions granted should depend on what hub you authed against etc.
Investigative work needed
Can we via REST API and/or configuration add a user to Grafana? I think yes, because I think @GeorgianaElena has done that already.
Can we via REST API and/or configuration make a user be granted permissions to a specific data source, so that a dropdown list will only include the datasources that the user has permissions to? Below is an example of a dropdownlist.
The text was updated successfully, but these errors were encountered:
damianavila
changed the title
Feature idea - help customers get read access to their relevant grafana dashboards
[Duplicated] Feature idea - help customers get read access to their relevant grafana dashboards
Jan 16, 2023
@scottyhq asked in a support ticket about providing access to a grafana:
Thinking about this in the most general case where we can have different ways for users to authenticate themselves, I see some options.
For customers with dedicated clusters:
admin
user and the user created to update the grafana dashboards, and let that user have just read access to the instance. Then, we share those credentials with the community representatives to handle as they please.For customers with shared clusters:
0. First of all, I'm really not sure here because we have a shared grafana instance accessing several different data sources and providing a bit more dashboards etc.
Investigative work needed
The text was updated successfully, but these errors were encountered: