Grafana Cloud
Testing and synthetics
Performance testing
Manage projects and users
Configure RBACConfigure RBAC
Depending on the size of your team or organization, you might reach a point where you have too many Performance testing projects or tests, and you want to control who gets access to the information they need. Role-based Access Control (RBAC) allows you to define teams in your Grafana Cloud Stack, set specific roles for that team or individual users, and then assign them to specific Performance testing projects.
Grafana Cloud and RBAC concepts
There are a few concepts in Grafana Cloud that are important in understanding how RBAC works:
- Grafana Cloud account: a Grafana Cloud account represents a user, which can be a part of multiple stacks. Each account has a role of
Admin,Editor, orViewer. Refer to Grafana Cloud user roles and permissions for a complete list of permissions available for users in your Grafana Cloud account. - Grafana Cloud Stack: a Grafana Cloud Stack is an instance of the Grafana Cloud application. This is where you can use the applications, such as Performance testing. Each user in a stack can have multiple stack-level roles.
- Grafana Cloud Stack Team: Each user in a Grafana Cloud Stack can be a part of one or more teams. Each team can also have multiple stack-level roles. Refer to Grafana Teams for more information on how to configure and manage teams.
Roles and permissions
By default, there are three Performance Testing roles available in your Grafana Cloud Stack:
- Performance Testing Admin
- Performance Testing Editor
- Performance Testing Reader
You can assign these roles to a user or a team, and each role has a different set of permissions.
Note
If you give a user the Folders -> Writer permission under Administration -> Users and access, that user can access all Performance Testing projects.
Default Grants
By default, users are granted access to Performance testing based on their Grafana Stack role. You can then assign users a specific Performance testing role with different permissions. For example, a user with the Grafana Stack Viewer role can be granted the Performance Testing Admin role.
| Grafana Stack role | Performance Testing role |
|---|---|
| Admin | Performance Testing Admin |
| Editor | Performance Testing Editor |
| Viewer | Performance Testing Reader |
| No basic role | No role |
Note
When you initialize the Performance testing application in your Grafana Stack, Grafana Cloud k6 automatically creates a Default project. Grafana Stack users are automatically granted access to this project based on their stack role. Users with the Editor role are granted the Project Editor role and users with the Viewer role are granted the Project Viewer role.
Application permissions
Depending on the Performance testing role, users have different permissions to manage the application settings found in the Settings and Manage tabs.
| Permission | Performance Testing Admin | Performance Testing Editor | Performance Testing Viewer |
|---|---|---|---|
| Access Performance testing | x | x | x |
| Admin all projects | x | ||
| Can create a project | x | ||
| Can delete a project | x | ||
| Manage environment variables | x | ||
| View environment variables | x | x* | x* |
| Manage limits and quotas | x | ||
| Schedule test runs | x | x** | |
| Manage static IP addresses | x |
- * Editors and Viewers can see which environment variables are set but not their values.
- ** You can only schedule test runs for projects where you have Editor or Admin access.
Project permissions
In addition to Grafana Stack and Performance testing roles, users can also have project roles. These permissions apply to individual projects and users can have different roles on different projects.
| Permission | Project Admin | Project Editor | Project Viewer |
|---|---|---|---|
| View tests | x | x | x |
| View test runs | x | x | x |
| Run tests | x | x | |
| Can add users to a project | x | ||
| Can delete users from a project | x |
Differences between RBAC and legacy access control
If you’re a user who was familiar with the previous access control feature, there are two important differences between the previous behavior and RBAC:
- Grafana Cloud Stack and Performance testing Editors can no longer create projects.
- Project Admins can no longer delete projects.
Was this page helpful?
Related resources from Grafana Labs
