It seems that anonymous users can actually save and modify dashboards in grafana. Should we limit the save / deletion functionality in some way, perhaps the same way graphite is limited? So far vandalism has not been an issue, but it seems that it would be a matter of time.
Somewhat related, dashboard deletion is currently disabled by blocking the 'delete' verb in the Apache proxy in front of ElasticSearch. If we locked down editing, we might be able to open that up to authenticated users so that dashboard deletion in grafana would work as expected.