Add documentation for access control and feature availability#21703
Merged
Add documentation for access control and feature availability#21703
Conversation
Document the access control policies that govern feature availability in Netdata across three access levels: Anonymous (no sign-in), Netdata Cloud Community, and Netdata Cloud Business. Covers: - Why access controls exist (security for sensitive data) - Feature availability tables for metrics, functions, configuration - Sensitive functions that require authentication - AI features and their availability - Node limits and custom dashboard limits - MCP availability at agents/parents - How to enable restricted features
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 1 file
Confidence score: 5/5
- Minor docs-only inconsistency in
docs/netdata-oss-limitations.mdabout custom dashboard limits; low user-impact and easy to fix. - Score reflects low severity (3/10) and no functional code changes indicated.
- Pay close attention to
docs/netdata-oss-limitations.md- align the summary table with the earlier limit statement.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="docs/netdata-oss-limitations.md">
<violation number="1" location="docs/netdata-oss-limitations.md:135">
P3: Custom dashboard limits are inconsistent ("1 per agent" vs "1 per room"). Align the summary table with the earlier limits so readers get a single, clear value.</violation>
</file>
Architecture diagram
sequenceDiagram
participant Client as User / MCP Client
participant Agent as Netdata Agent
participant Cloud as Netdata Cloud
participant Billing as Subscription Service
Note over Client, Agent: Anonymous Access (Public)
Client->>Agent: Request real-time metrics
Agent->>Agent: Check sensitivity level
Agent-->>Client: Return Metric Data (Anonymous Level)
Note over Client, Agent: Sensitive Data Access
Client->>Agent: CHANGED: Request Sensitive Function (Logs, Processes)
Agent->>Agent: Check Authentication
alt Not Signed In
Agent-->>Client: 401 Unauthorized / Blocked
else Signed In (Netdata Cloud)
Agent->>Cloud: Validate User Session & Space Membership
Cloud-->>Agent: Authorized
Agent-->>Client: Return Sensitive Data
end
Note over Client, Billing: Feature Availability (Tiers)
Client->>Cloud: Access Multi-node View / Custom Dashboards
Cloud->>Billing: Get Account Tier (Community vs Business)
alt Community Tier (Free)
Billing-->>Cloud: Tier: Community
Cloud->>Cloud: NEW: Enforce 5-node limit
Cloud->>Cloud: NEW: Enforce 1 custom dashboard limit
Cloud-->>Client: Render UI (Limited)
else Business Tier (Paid)
Billing-->>Cloud: Tier: Business
Cloud->>Cloud: NEW: Remove Node/Dashboard limits
Cloud->>Agent: NEW: Enable Dynamic Configuration APIs
Cloud->>Cloud: Enable RBAC & SSO
Cloud-->>Client: Render UI (Full Access)
end
Note over Client, Agent: MCP (Model Context Protocol) Flow
Client->>Agent: Query via MCP
alt No Cloud Connection
Agent->>Agent: NEW: Restricted to Public Functions
Agent-->>Client: Metrics/Public Data
else Cloud Connection Active
Agent->>Cloud: Inherit User Permissions
Cloud-->>Agent: Authorization Context
Agent-->>Client: Sensitive Data + AI Insights
end
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
sashwathn
approved these changes
Feb 4, 2026
Ancairon
pushed a commit
to Ancairon/netdata
that referenced
this pull request
Feb 12, 2026
…a#21703) * Add documentation for access control and feature availability Document the access control policies that govern feature availability in Netdata across three access levels: Anonymous (no sign-in), Netdata Cloud Community, and Netdata Cloud Business. Covers: - Why access controls exist (security for sensitive data) - Feature availability tables for metrics, functions, configuration - Sensitive functions that require authentication - AI features and their availability - Node limits and custom dashboard limits - MCP availability at agents/parents - How to enable restricted features * Add OSS limitations doc to learn site navigation * Fix inconsistent custom dashboard limit wording * Fix custom dashboard limits: per agent for OSS, per room for Cloud
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
Summary by cubic
Add a new docs page explaining Netdata’s access control and feature availability across Anonymous, Netdata Cloud Community, and Business tiers. It clarifies which functions require sign-in, node and custom dashboard limits, AI features, MCP access, and how to enable restricted features.
Written for commit ebe4ec4. Summary will update on new commits.