Fine-grained access control

Fine-grained access control provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as users and reports. Fine-grained access control works alongside the current Grafana permissions, and it allows you granular control of users’ actions.

To learn more about how fine-grained access control works, refer to and Permissions. To use the fine-grained access control system, refer to .

Fine-grained access control considers a) who has an access (), and b) what they can do and on which Grafana resource (role).

To grant or revoke access to your users, create or remove built-in role assignments. For more information, refer to .

Fine-grained access control is currently available for and Managing Users. To learn more about specific endpoints where you can use access control, refer to and to the relevant API guide:

• Fine-grained access control API
• Reporting API

Fine-grained access control is available behind the accesscontrol feature toggle in Grafana Enterprise 8.0+. You can enable it either in a or by configuring an environment variable.

You can use GF_FEATURE_TOGGLES_ENABLE = accesscontrol environment variable to override the config file configuration and enable fine-grained access control.

Refer to for more information.

You can verify if fine-grained access control is enabled or not by sending an HTTP request to the .