04. 10. 2024 Emil Fazzi APM, ITOA

How to Restrict Viewing Access in Grafana Dashboards Based on Alyvix Tags

With the introduction of Alyvix Tags in NetEye 4.38, we’ve given users the ability to filter test cases and reports based on their tags, making it easier to focus on the specific test cases that matter to each department or subdivision within a tenant. One of the requests that emerged from this new feature was the need to apply similar viewing restrictions to Alyvix performance dashboards in Grafana.

Currently, although direct linking between Alyvix tags and Grafana teams isn’t available, there is a manual approach you can take to restrict viewing access based on tags. In this post, I’ll walk you step by step through the process for limiting the viewing capabilities of Grafana dashboards by using a manual configuration. This can be especially helpful for customers who need to split their performance data across multiple sub-companies or internal teams.

Why Viewing Restrictions Matter

Let’s consider a use case where a tenant, ACME, manages multiple test cases across different departments or companies. For instance, Testcase1 and Testcase2 may both belong to ACME’s Tokyo division, and we only want users from that division to have access to these test cases, rather than being able to see the entire suite of tenant test cases.

Alyvix’s tagging functionality allows us to filter test cases by tags in the UI, but to maintain consistency across NetEye, we also want to restrict the visibility of dashboards in Grafana so that users only see the data relevant to their specific tag(s).

Step by Step: Restricting Dashboard Views in Grafana

In this section, I’ll guide you through setting up Grafana to restrict users’ access to performance data based on tags, by using manual configurations.

1. Tagging Test Cases in Alyvix

The first step is to assign tags to the test cases you want to restrict in the Alyvix UI. For example, we’ll assign the Tokyo tag to Testcase1 and Testcase2. A detailed guide to this procedure can be found in the dedicated section of our NetEye User Guide.

  • Why this is important: Although assigning an Alyvix tag will have no effects on Grafana Alyvix dashboards as mentioned before, it is strictly related to the permission management of Tags and Testcases for user roles, and maintaining coherence between the two modules is crucial.

2. Setting up Access Control in NetEye

Now let’s create an inherited role for our restricted users.

  • Create an inherited role: The viewer role for the Tokyo team will be inherited from the main tenant role (e.g., neteye_tenant_ACME).
  • Alyvix module permissions: Assign the necessary permissions for the Alyvix module, including alyvix/tenant-viewer and alyvix/viewer-tags. In this case, the viewer role should be restricted to the Tokyo tag.This ensures that in the Alyvix UI, only the tagged test cases (Testcase1 and Testcase2) will be visible to members of this role.
  • Analytics module permissions: Similarly, assign Grafana permissions, specifying the viewer role for the Analytics module. Here we’ll define the Alyvix-Tokyo team under grafana/teams, ensuring in a future step that this team will only have access to the tagged test cases.

3. Configuring ITOA Dashboards in Grafana

Next, we move to Grafana to configure the dashboards and apply our viewing restrictions.

  • Create a Grafana team: In Grafana’s organization settings (ensure you’re in the correct organization, e.g., ACME), create a team called Alyvix-Tokyo or any suitable name that identifies the team for restricted access. Make sure the name of the team is the one specified in the previous step in the role permissions.
  • Remove general viewing permissions: To restrict this team’s access, remove the general Grafana Viewer role from the Visual Monitoring (Alyvix) folder. This ensures that only authorized users (those assigned to the Tokyo team) will have access to the specific dashboards we configure.

4. Cloning and Customizing Dashboards

Since we want to restrict viewing access to just the tagged test cases, we need to clone the relevant Alyvix dashboards and customize them to show only the appropriate data.

  • Clone the dashboard: Go to the Visual Monitoring (Alyvix) folder, find the relevant performance dashboard (e.g., Test Cases Performance), and clone it. Name it something like Tokyo Performance Dashboard.
  • Limit test cases: In the cloned dashboard, navigate to Variables and locate the variable that defines which test cases are displayed. Change the variable type to Custom, and manually enter the test cases associated with the tokyo tag (Testcase1 and Testcase2). This way, only these test cases will be visible on the dashboard.

5. Granting Viewing Access

After customizing the dashboard, we need to grant viewing permissions to the restricted team.

  • Assign team permissions: In the dashboard permissions, add the Alyvix-Tokyo team and grant them the View permission. This ensures that only users within this team can view the dashboard.
  • Remove Viewer View permission: Make sure that the general Viewer user does not have View permission on the modified dashboard, otherwise it will be visible to all users.

6. Restoring Full Access to Non-Restricted Viewers

Since we’ve removed general viewing permissions from the Alyvix folder, we need to make sure that non-restricted viewers (those who don’t fall under any tag restrictions) can still access the full dashboard suite.

  • Create a team for full access: Create a team called Full Viewers (or similar), and grant this team viewing permissions for the entire Alyvix folder.

Conclusion

By following this procedure, you can manually restrict viewing access in Grafana dashboards based on Alyvix tags, ensuring that each team or subdivision only sees the data that matters to them. While the current setup requires manual configuration, it offers a flexible way to control access, ensuring that users don’t see test cases outside their scope.

In future releases, we’ll introduce the idea to automate the linking of Alyvix tags with Grafana teams, making this process even more seamless. But for now, this solution offers a way to meet the immediate needs of environments where teams require strict control over test case visibility.

Stay tuned for more updates, and feel free to reach out with any questions or feedback!

These Solutions are Engineered by Humans

Are you passionate about performance metrics or other modern IT challenges? Do you have the experience to drive solutions like the one above? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this as well as other roles here at Würth Phoenix.

Emil Fazzi

Emil Fazzi

Software Developer, R&D Team in the "IT System & Service Management Solutions" group at Würth Phoenix.

Author

Emil Fazzi

Software Developer, R&D Team in the "IT System & Service Management Solutions" group at Würth Phoenix.

Latest posts by Emil Fazzi

05. 11. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.38
01. 10. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.37
02. 07. 2024 DevOps, NetEye
Enhancing Our CI System with Data Visualization
10. 06. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.36
10. 06. 2024 Bug Fixes, NetEye
Bug Fixes for NetEye 4.35
See All

Related Content

Tags: , , ,

12. 08. 2024 ITOA, NetEye

How to Integrate Metrics Collected in OpenShift into NetEye/Grafana

OpenShift already has a built-in monitoring suite with Prometheus, Grafana, and Alertmanager. This is all well and good, but what if organizations want to monitor their entire infrastructure, integrating all monitoring results under one umbrella? In this case, it's necessary Read More
02. 07. 2024 DevOps, NetEye

Enhancing Our CI System with Data Visualization

As you may have noticed from recent posts from some of my colleagues about "Boosting NetEye CI Speed: Test Parallelization" or "Speeding up the NetEye CI Testing Phase", we are improving our CI in order to have a reliable, fast Read More
27. 06. 2024 ITOA, NetEye, Unified Monitoring

Streamlining Icinga Director with Grafana

Icinga Director is a powerful configuration tool included in NetEye that streamlines the process of defining and managing monitoring configurations. However, you may encounter issues with duplicate addresses and spaces in hostnames, which can lead to confusion and monitoring inaccuracies. Read More
14. 06. 2024 APM, NetEye, Real User Experience, Visual Synthetic Monitoring

The Right Monitoring Tool: Elastic Synthetic Browser Monitor vs. Alyvix

In today’s digital landscape, ensuring optimal performance and availability of applications is critical. Monitoring tools like Elastic Synthetics Journey Monitor and Alyvix offer unique capabilities tailored to diverse needs. Understanding where each tool excels can help you choose the best Read More
25. 03. 2024 APM, NetEye, Visual Synthetic Monitoring

Migration from Alyvix Server to Alyvix Service

Beginning with NetEye version 4.26, Alyvix has been fully integrated into NetEye. Currently Alyvix within NetEye is implemented as the neteye-alyvix module, and is part of our Application Performance Monitoring (APM) world. We have Elastic with all the functionality of Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive