Grafana Role-based access control (RBAC) on Grafana Labshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/Recent content in Grafana Role-based access control (RBAC) on Grafana LabsHugo -- gohugo.ioenPlan your Grafana RBAC rollout strategyhttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/<h1 id="plan-your-rbac-rollout-strategy">Plan your RBAC rollout strategy</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>An RBAC rollout strategy helps you determine <em>how</em> you want to implement RBAC prior to assigning RBAC roles to users and teams.</p>Configure RBAC in Grafanahttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/configure-rbac/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/configure-rbac/<h1 id="configure-rbac-in-grafana">Configure RBAC in Grafana</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as <a href="/docs/grafana/v12.4/setup-grafana/configure-grafana/#override-configuration-with-environment-variables">environment variables</a>.</p>Assign Grafana RBAC roleshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/assign-rbac-roles/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/assign-rbac-roles/<h1 id="assign-rbac-roles">Assign RBAC roles</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>In this topic you&rsquo;ll learn how to use the role picker, provisioning, and the HTTP API to assign fixed and custom roles to users and teams.</p>Manage Grafana RBAC roleshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/manage-rbac-roles/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/manage-rbac-roles/<h1 id="manage-rbac-roles">Manage RBAC roles</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>This section includes instructions for how to view permissions associated with roles, create custom roles, and update and delete roles.</p>Provisioning RBAC with Grafanahttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/<h1 id="provisioning-rbac-with-grafana">Provisioning RBAC with Grafana</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> for self-managed instances. This feature is not available in Grafana Cloud.</p></blockquote></div> <p>You can create, change or remove <a href="/docs/grafana/v12.4/administration/roles-and-permissions/access-control/manage-rbac-roles/#create-custom-roles-using-provisioning">Custom roles</a> and create or remove <a href="/docs/grafana/v12.4/administration/roles-and-permissions/access-control/assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning">basic role assignments</a>, by adding one or more YAML configuration files in the <code>provisioning/access-control/</code> directory.</p>Provisioning RBAC with Terraformhttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-terraform-provisioning/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-terraform-provisioning/<h1 id="provisioning-rbac-with-terraform">Provisioning RBAC with Terraform</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>You can create, change or remove <a href="https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/role" target="_blank" rel="noopener noreferrer">Custom roles</a> and create or remove <a href="https://registry.terraform.io/providers/grafana/grafana/latest/docs/resources/role_assignment" target="_blank" rel="noopener noreferrer">basic and custom role assignments</a>, by using <a href="https://registry.terraform.io/providers/grafana/grafana/latest/docs" target="_blank" rel="noopener noreferrer">Terraform&rsquo;s Grafana provider</a>.</p>Grafana RBAC role definitionshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/<h1 id="grafana-rbac-role-definitions">Grafana RBAC role definitions</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>The following tables list permissions associated with basic and fixed roles. This does not include basic role assignments added by plugins or apps.</p>Grafana RBAC permissions, actions, and scopeshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/custom-role-actions-scopes/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/custom-role-actions-scopes/<h1 id="rbac-permissions-actions-and-scopes">RBAC permissions, actions, and scopes</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>A permission is comprised of an action and a scope. When creating a custom role, consider the actions the user can perform and the resources on which they can perform those actions.</p>RBAC for app pluginshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-for-app-plugins/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/rbac-for-app-plugins/<h1 id="rbac-for-app-plugins">RBAC for app plugins</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana/v12.4/introduction/grafana-enterprise/">Grafana Enterprise</a> and <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>RBAC can be used to manage access to <a href="/docs/grafana/latest/administration/plugin-management/#app-plugins">app plugins</a>. Each app plugin grants the basic Viewer, Editor and Admin organization roles a default set of plugin permissions. You can use RBAC to restrict which app plugins a basic organization role has access to. Some app plugins have fine-grained RBAC support, which allows you to grant additional access to these app plugins to teams and users regardless of their basic organization roles.</p>Grafana Cloud app plugin role definitionshttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/plugin-role-definitions/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/plugin-role-definitions/<h1 id="grafana-cloud-app-plugin-role-definitions">Grafana Cloud app plugin role definitions</h1> <div class="admonition admonition-note"><blockquote><p class="title text-uppercase">Note</p><p>Available in <a href="/docs/grafana-cloud/">Grafana Cloud</a>.</p></blockquote></div> <p>This page lists the RBAC roles available for Grafana Cloud app plugins. Plugin roles control access to specific plugin features and can be assigned to users, teams, or basic roles.</p>Troubleshooting RBAChttps://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/troubleshooting/Fri, 03 Apr 2026 19:43:06 +0000https://grafana.com/docs/grafana/v12.4/administration/roles-and-permissions/access-control/troubleshooting/<h1 id="troubleshooting-rbac">Troubleshooting RBAC</h1> <p>In this section, you’ll learn about logs that are available for RBAC and you’ll find the most common RBAC issues.</p> <h2 id="enable-debug-logging">Enable debug logging</h2> <p>You can enable debug log messages for RBAC in the Grafana configuration file. Debug logs are added to the Grafana server logs.</p>