Page MenuHomePhabricator

Restrict edit rights in grafana / enable dashboard deletion
Closed, ResolvedPublic

Description

It seems that anonymous users can actually save and modify dashboards in grafana. Should we limit the save / deletion functionality in some way, perhaps the same way graphite is limited? So far vandalism has not been an issue, but it seems that it would be a matter of time.

Somewhat related, dashboard deletion is currently disabled by blocking the 'delete' verb in the Apache proxy in front of ElasticSearch. If we locked down editing, we might be able to open that up to authenticated users so that dashboard deletion in grafana would work as expected.

Event Timeline

GWicke raised the priority of this task from to Needs Triage.
GWicke updated the task description. (Show Details)
GWicke added subscribers: GWicke, yuvipanda, ori.
GWicke renamed this task from Restrict edit rights in grafana? to Restrict edit rights in grafana / enable dashboard deletion.Mar 24 2015, 5:26 PM
This comment was removed by Eevans.

@Eevans, it might make sense to add your comment to T88585 / T78514 or create a new task for pre-generating the JSON definition for the grafana dashboards of a class of services.

fgiunchedi triaged this task as Medium priority.Apr 2 2015, 9:44 AM
fgiunchedi added a subscriber: fgiunchedi.

Hasn't this been implemented now? Yesterday I was using grafana and it only prompted me for credentials when I tried to save a dashboard.

Dzahn claimed this task.
Dzahn added a subscriber: Dzahn.

Claiming it's resolved per "<Limit POST PUT DELETE>" in the second linked patch. @GWicke ok?