Manage users and teams for Synthetic Monitoring
Note
Synthetic Monitoring RBAC is currently in private preview. Grafana Labs offers support on a best-effort basis, and breaking changes might occur prior to the feature being made generally available.
Depending on the size of your team or organization, you might reach a point where you have a large number of checks, and you want to control who gets access to the information they need. Grafana provides two ways to manage user access: basic role authorization, and role-based access control (RBAC).
You can use both mechanisms to give users in your organization the access they need to view, edit, and manage resources in Synthetic Monitoring.
Before you begin
- Ensure you have organization administrator privileges.
Note
User roles and teams are managed at the organization level of your Grafana instance. They can’t be configured via the Synthetic Monitoring application. For more details, refer to Manage users in an organization.
User roles and permissions
There are two ways to manage user roles and permissions for Synthetic Monitoring.
Basic role authorization
By default, authorization within Synthetic Monitoring relies on the basic user roles configured at the organization level. All users are assigned a basic role by the
organization administrator. There are three available roles: Viewer, Editor, and Admin.
Role-based access control (RBAC)
RBAC for Grafana plugins provides fine-grained access control, allowing you to define custom roles and actions for users in Synthetic Monitoring. You can use RBAC to grant specific permissions without modifying the user’s basic role at the organization level. Additionally, you can fine-tune basic roles to add or remove specific Synthetic Monitoring RBAC roles.
For example, a user with the basic Viewer role at the organization level may need to edit checks. By assigning the Checks Writer role from Grafana Synthetic Monitoring’s RBAC, you can allow the user to view everything in Synthetic Monitoring, as well as allow them to edit checks.
To learn more about how RBAC works in Grafana, refer to Role-based access control (RBAC).
Synthetic Monitoring RBAC roles
Note
Granting any of the following roles also grants the user theplugins.app:accessaction with a scope ofplugins:id:grafana-synthethic-monitoring-app, which gives the user access to the Synthetic Monitoring plugin. Additionally, none of the following RBAC roles support scopes.
The following table provides details about the available Synthetic Monitoring roles and the actions each role grants to users or teams.
In order to get access to the Synthetic Monitoring datasource and use the plugin, the datasources:read permission must be assigned when No basic role is set.
Some other roles may require additional permissions that are external to Synthetic Monitoring. In such scenarios, the required permission will be explicitly detailed.
For details on how to assign roles to a user or team, refer to Assign RBAC roles.
| Role | Description | Granted Actions | Basic Roles Granted To |
|---|---|---|---|
| Checks reader | Read checks in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app.checks:read | Viewer |
| Checks writer | Create, edit, and delete checks in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.checks:writegrafana-synthetic-monitoring-app.checks:readgrafana-synthetic-monitoring-app.checks:delete | Admin, Editor |
| Probes reader | Read probes in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app.probes:read | Viewer |
| Probes writer | Create, edit, and delete probes in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.probes:writegrafana-synthetic-monitoring-app.probes:readgrafana-synthetic-monitoring-app.probes:delete | Admin, Editor |
| Alerts reader | Read alerts in the Synthetic Monitoring app. Also requires alert.instances.external:read | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app.alerts:read | Viewer |
| Alerts writer | Create, edit, and delete alerts in the Synthetic Monitoring app. Also requires alert.instances.external:write | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.alerts:writegrafana-synthetic-monitoring-app.alerts:readgrafana-synthetic-monitoring-app.alerts:delete | Admin, Editor |
| Thresholds reader | Read thresholds in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app.thresholds:read | Viewer |
| Thresholds writer | Read and edit thresholds in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.thresholds:writegrafana-synthetic-monitoring-app.thresholds:readgrafana-synthetic-monitoring-app.thresholds:delete | Admin, Editor |
| Access tokens writer | Create and delete access tokens in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.access-tokens:write | Admin |
| Admin | Full access to write and manage checks, probes, alerts, thresholds, and access tokens, as well as enabling/disabling the Synthetic Monitoring plugin. When enabling the datasource, datasources:create must also be granted. | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.plugin:writegrafana-synthetic-monitoring-app.checks:writegrafana-synthetic-monitoring-app.probes:writegrafana-synthetic-monitoring-app.alerts:writegrafana-synthetic-monitoring-app.thresholds:writegrafana-synthetic-monitoring-app.access-tokens:writegrafana-synthetic-monitoring-app.checks:readgrafana-synthetic-monitoring-app.probes:readgrafana-synthetic-monitoring-app.alerts:readgrafana-synthetic-monitoring-app.thresholds:readgrafana-synthetic-monitoring-app.checks:deletegrafana-synthetic-monitoring-app.probes:deletegrafana-synthetic-monitoring-app.alerts:deletegrafana-synthetic-monitoring-app.thresholds:delete | Admin |
| Editor | Add, update and delete checks, probes, alerts, thresholds, and access tokens in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app:writegrafana-synthetic-monitoring-app.checks:writegrafana-synthetic-monitoring-app.probes:writegrafana-synthetic-monitoring-app.alerts:writegrafana-synthetic-monitoring-app.thresholds:writegrafana-synthetic-monitoring-app.checks:readgrafana-synthetic-monitoring-app.probes:readgrafana-synthetic-monitoring-app.alerts:readgrafana-synthetic-monitoring-app.thresholds:readgrafana-synthetic-monitoring-app.checks:deletegrafana-synthetic-monitoring-app.probes:deletegrafana-synthetic-monitoring-app.alerts:deletegrafana-synthetic-monitoring-app.thresholds:delete | Admin, Editor |
| Reader | Read checks, probes, alerts, thresholds, and access tokens in the Synthetic Monitoring app | grafana-synthetic-monitoring-app:readgrafana-synthetic-monitoring-app.checks:readgrafana-synthetic-monitoring-app.probes:readgrafana-synthetic-monitoring-app.alerts:readgrafana-synthetic-monitoring-app.thresholds:read | Viewer |
Was this page helpful?
Related resources from Grafana Labs
