Ref: Issue #1611 - Group dashboards in folders
For organizations with a large user base offering Grafana as an internal service to their users, it is critical to expand the scope of the Dashboard Folder issue to respect LDAP permissions.
@torkelo and I were chatting about this just before the holidays, and while it isnt a small undertaking, it will be extremely valuable.
First version will need to expand the existing LDAP integration, which currently just uses LDAP to create the user account (similar to Google, Github and Grafana.net OAUTH methods).
An open question: Currently, once a user is created in Grafana, their account no longer retains a connection to source ACLs (all permissions happen in Grafana). That would need to change to always check/respect centralized ACLs, which probably means groups or mappings and big changes to user structure, but ill defer to @torkelo on this.
More to come on this, but creating the issue to accelerate brainstorming and development.
This would allow for isolation of individual user to particular folders, creating a focused user experience for different groups within the company.
In smaller companies, this may be less of an issue, but for companies with several thousand employees using Grafana, the dashboard picker becomes near useless with (tens of) thousands of unorganized dashboards.
While tags can help segment the dashboards in a search, they dont go far enough. It's still overwhelming for the end user and creates a support burden for the team managing Grafana.
The preferred scenario would be to offer individual users access to the dashboard folders relevant to their task/group/scenario, as determined by observability team.
+1, it would be convenient to provide option to assign read/write/delete permission of specific dashboard to specific user/group.
+1 for this