grafana/docs/sources/permissions/dashboard_folder_permissions.md

+++
title = "Dashboard and Folder Permissions"
description = "Grafana Dashboard and Folder Permissions Guide "
keywords = ["grafana", "configuration", "documentation", "dashboard", "folder", "permissions", "teams"]
weight = 200
+++

# Dashboard and Folder Permissions

{{< docs-imagebox img="/img/docs/v50/folder_permissions.png" max-width="500px" class="docs-image--right" >}}

For dashboards and dashboard folders there is a **Permissions** page that makes it possible to
remove the default role based permissions for Editors and Viewers. On this page you can add and assign permissions to specific **Users** and **Teams**.

You can assign and remove permissions for **Organization Roles**, **Users** and **Teams**.

Permission levels:

- **Admin**: Can edit and create dashboards and edit permissions. Can also add, edit, and delete folders.
- **Edit**: Can edit and create dashboards. **Cannot** edit folder/dashboard permissions, or add, edit, or delete folders.
- **View**: Can only view existing dashboards/folders.

## Grant folder permissions

1. In the sidebar, hover your mouse over the **Dashboards** (squares) icon and then click **Manage**.
1. Hover your mouse cursor over a folder and then click **Go to folder**.
1. Go to the **Permissions** tab, and then click **Add Permission**.
1. In the **Add Permission For** dialog, select **User**, **Team**, or one of the role options.
1. In the second box, select the user or team to add permission for. Skip this step if you selected a role option in the previous step.
1. In the third box, select the permission you want to add.
1. Click **Save**.

## Grant dashboard permissions

1. In the top right corner of your dashboard, click the cog icon to go to **Dashboard settings**.
1. Go to the **Permissions** tab, and then click **Add Permission**.
1. In the **Add Permission For** dialog, select **User**, **Team**, or one of the role options.
1. In the second box, select the user or team to add permission for. Skip this step if you selected a role option in the previous step.
1. In the third box, select the permission you want to add.
1. Click **Save**.

## Restricting Access

The highest permission always wins so if you for example want to hide a folder or dashboard from others you need to remove the **Organization Role** based permission from the Access Control List (ACL).

- You cannot override permissions for users with the Organization Admin role. Admins always have access to everything.
- A more specific permission with a lower permission level will not have any effect if a more general rule exists with higher permission level. You need to remove or lower the permission level of the more general rule.

### How Grafana Resolves Multiple Permissions - Examples

#### Example 1 (`user1` has the Editor Role)

Permissions for a dashboard:

- Everyone with Editor role can edit
- user1 can view

Result: `user1` has Edit permission as the highest permission always wins.

#### Example 2 (`user1` has the Viewer Role and is a member of `team1`)

Permissions for a dashboard:

- `Everyone with Viewer Role Can View`
- `user1 Can Edit`
- `team1 Can Admin`

Result: `user1` has Admin permission as the highest permission always wins.

#### Example 3

Permissions for a dashboard:

- `user1 Can Admin (inherited from parent folder)`
- `user1 Can Edit`

Result: You cannot override to a lower permission. `user1` has Admin permission as the highest permission always wins.

### Summary

- **View**: Can only view existing dashboards/folders.
- A more specific permission with lower permission level will not have any effect if a more general rule exists with higher permission level.

For example if "Everyone with Editor Role Can Edit" exists in the ACL list then **John Doe** will still have Edit permission even after you have specifically added a permission for this user with the permission set to **View**. You need to remove or lower the permission level of the more general rule.
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`+++`
Docs: Replace ampersands with and (#19609) 2019-10-03 11:20:52 -05:00			`title = "Dashboard and Folder Permissions"`
			`description = "Grafana Dashboard and Folder Permissions Guide "`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`keywords = ["grafana", "configuration", "documentation", "dashboard", "folder", "permissions", "teams"]`
Docs: Update Permissions documentation (#28144) * removed overview.md * content updates * Update datasource_permissions.md * update content * content updates * Update organization_roles.md * Update docs/sources/enterprise/saml.md Co-authored-by: Kyle Brandt <kyle@grafana.com> * Update dashboard_folder_permissions.md Co-authored-by: Kyle Brandt <kyle@grafana.com> 2020-10-09 12:08:29 -05:00			`weight = 200`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`+++`

Docs: Replace ampersands with and (#19609) 2019-10-03 11:20:52 -05:00			`# Dashboard and Folder Permissions`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
			`{{< docs-imagebox img="/img/docs/v50/folder_permissions.png" max-width="500px" class="docs-image--right" >}}`

Minor correction in documentation (#24469) 2020-05-09 08:00:33 -05:00			`For dashboards and dashboard folders there is a Permissions page that makes it possible to`
Update docs/sources/permissions/dashboard_folder_permissions.md Co-Authored-By: marefr <marcus.efraimsson@gmail.com> 2018-11-06 08:56:32 -06:00			`remove the default role based permissions for Editors and Viewers. On this page you can add and assign permissions to specific Users and Teams.`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
Docs: Replace ampersands with and (#19609) 2019-10-03 11:20:52 -05:00			`You can assign and remove permissions for Organization Roles, Users and Teams.`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
			`Permission levels:`

Docs: Added folder permission content (#26594) 2020-07-24 16:20:24 -05:00			`- Admin: Can edit and create dashboards and edit permissions. Can also add, edit, and delete folders.`
			`- Edit: Can edit and create dashboards. Cannot edit folder/dashboard permissions, or add, edit, or delete folders.`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`- View: Can only view existing dashboards/folders.`

Docs: Update Permissions documentation (#28144) * removed overview.md * content updates * Update datasource_permissions.md * update content * content updates * Update organization_roles.md * Update docs/sources/enterprise/saml.md Co-authored-by: Kyle Brandt <kyle@grafana.com> * Update dashboard_folder_permissions.md Co-authored-by: Kyle Brandt <kyle@grafana.com> 2020-10-09 12:08:29 -05:00			`## Grant folder permissions`

			`1. In the sidebar, hover your mouse over the Dashboards (squares) icon and then click Manage.`
			`1. Hover your mouse cursor over a folder and then click Go to folder.`
			`1. Go to the Permissions tab, and then click Add Permission.`
			`1. In the Add Permission For dialog, select User, Team, or one of the role options.`
			`1. In the second box, select the user or team to add permission for. Skip this step if you selected a role option in the previous step.`
			`1. In the third box, select the permission you want to add.`
			`1. Click Save.`

			`## Grant dashboard permissions`

			`1. In the top right corner of your dashboard, click the cog icon to go to Dashboard settings.`
			`1. Go to the Permissions tab, and then click Add Permission.`
			`1. In the Add Permission For dialog, select User, Team, or one of the role options.`
			`1. In the second box, select the user or team to add permission for. Skip this step if you selected a role option in the previous step.`
			`1. In the third box, select the permission you want to add.`
			`1. Click Save.`

restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`## Restricting Access`

			`The highest permission always wins so if you for example want to hide a folder or dashboard from others you need to remove the Organization Role based permission from the Access Control List (ACL).`

Docs: Update Permissions documentation (#28144) * removed overview.md * content updates * Update datasource_permissions.md * update content * content updates * Update organization_roles.md * Update docs/sources/enterprise/saml.md Co-authored-by: Kyle Brandt <kyle@grafana.com> * Update dashboard_folder_permissions.md Co-authored-by: Kyle Brandt <kyle@grafana.com> 2020-10-09 12:08:29 -05:00			`- You cannot override permissions for users with the Organization Admin role. Admins always have access to everything.`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`- A more specific permission with a lower permission level will not have any effect if a more general rule exists with higher permission level. You need to remove or lower the permission level of the more general rule.`

			`### How Grafana Resolves Multiple Permissions - Examples`

			#### Example 1 (`user1` has the Editor Role)

			`Permissions for a dashboard:`

Docs: Update Permissions documentation (#28144) * removed overview.md * content updates * Update datasource_permissions.md * update content * content updates * Update organization_roles.md * Update docs/sources/enterprise/saml.md Co-authored-by: Kyle Brandt <kyle@grafana.com> * Update dashboard_folder_permissions.md Co-authored-by: Kyle Brandt <kyle@grafana.com> 2020-10-09 12:08:29 -05:00			`- Everyone with Editor role can edit`
			`- user1 can view`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
			Result: `user1` has Edit permission as the highest permission always wins.

			#### Example 2 (`user1` has the Viewer Role and is a member of `team1`)

			`Permissions for a dashboard:`

			- `Everyone with Viewer Role Can View`
			- `user1 Can Edit`
			- `team1 Can Admin`

			Result: `user1` has Admin permission as the highest permission always wins.

			`#### Example 3`

			`Permissions for a dashboard:`

			- `user1 Can Admin (inherited from parent folder)`
			- `user1 Can Edit`

			Result: You cannot override to a lower permission. `user1` has Admin permission as the highest permission always wins.

Docs: Update Permissions documentation (#28144) * removed overview.md * content updates * Update datasource_permissions.md * update content * content updates * Update organization_roles.md * Update docs/sources/enterprise/saml.md Co-authored-by: Kyle Brandt <kyle@grafana.com> * Update dashboard_folder_permissions.md Co-authored-by: Kyle Brandt <kyle@grafana.com> 2020-10-09 12:08:29 -05:00			`### Summary`
Update docs/sources/permissions/dashboard_folder_permissions.md Co-Authored-By: marefr <marcus.efraimsson@gmail.com> 2018-11-07 02:17:36 -06:00
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`- View: Can only view existing dashboards/folders.`
Update docs/sources/permissions/dashboard_folder_permissions.md Co-Authored-By: marefr <marcus.efraimsson@gmail.com> 2018-11-07 02:17:36 -06:00			`- A more specific permission with lower permission level will not have any effect if a more general rule exists with higher permission level.`

			`For example if "Everyone with Editor Role Can Edit" exists in the ACL list then John Doe will still have Edit permission even after you have specifically added a permission for this user with the permission set to View. You need to remove or lower the permission level of the more general rule.`