Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Hide PMM dump and logs links for non-admin users

Description

Non admin users are currently able to see the pmm logs/dump links in the Help section, but once clicked are presented with a 401 message.

Current behavior
Grafana admin - No
PMM admin - No
- Logs visible in the menu and shows access denied, Dump page loads with 401 error and visible in the menu

Grafana admin - Yes
PMM admin - No
- Logs visible in the menu and works, Dump page loads and visible in the menu

Grafana admin - No
PMM admin - Yes
- Logs visible in the menu and shows access denied, Dump page loads with 401 error and visible in the menu

Grafana admin - Yes
PMM admin - Yes
- Logs and Dump visible in the menu and accessible via url.

Acceptance Criteria

  • Non admin users (viewer/editor) shouldn’t be able to see the PMM dump and PMM logs links in the Help section

  • PMM dump pages shouldn’t be accessible to non-admin users (direct navigation via url, etc.)

  • PMM logs should be accessible for the users with the roles Grafana Admin OR Org admin.

How to test

  • logs page route is handled by backend - should show access denied

  • Dump page (graph/pmm-dump) should show page not found or redirect to home page depending on the various Role combination of Pmm admin and grafana admin.

How to document

Add to/adjust existing Dump topic

Attachments

3

Smart Checklist

hide

Activity

Show:

Alex Demidoff April 25, 2025 at 5:51 PM

  1. I tried to find pmm-dump on the UI, but failed. Then I turned to the documentation -

The docs say - "From the main menu on the left, go to Help > PMM Dump."

The problem is - there is no Help item on the left side menu. The actual button can be found by clicking on the little question mark in the upper right corner (see the screenshot).


Suggestion: fix the documentation

  1. The default resource limit seems to be too low, which leads to a failure. I chose to export the internal PG database service right after the instance started, and it failed. To make things work, the user almost always needs to turn on “Ignore load” when exporting QAN data.

Suggestion: increase the default resource limit.

  1. “Editor” role without Grafana Admin privileges
    Both PMM Dump and PMM Logs are not visible. Accessing both via direct URL yields an error.
    However, when the user tries to find PMM Dump via search, Help → PMM Dump is still displayed to the user.

Suggestion: Do not display PMM Dump when the user searches for it via the search interface.

  1. “Editor” role with Grafana Admin privileges
    The menu items “PMM Dump” and “PMM Logs” are present. However, attempting to create a dataset from two services always fails with the error message: “2025-04-25T16:14:38Z FTL Failed to compose meta error="failed to get PMM timezone: non-ok status: 403" (see the screenshot).
    Downloading the logs works as expected.

Suggestion: fix the timezone failure.

  1. “Viewer” role without Grafana Admin privileges
    Both PMM Dump and PMM Logs are not visible. Accessing both via direct URL yields an error.
    However, when the user tries to find PMM Dump via search, Help → PMM Dump is still displayed to the user. Accessing both via direct URLs yields an error.

Suggestion: Do not display PMM Dump when the user searches for it via the search interface.

  1. “Viewer” role with Grafana Admin privileges
    The menu items “PMM Dump” and “PMM Logs” are present. However, attempting to create a dataset from two services always fails with the error message: “2025-04-25T16:14:38Z FTL Failed to compose meta error="failed to get PMM timezone: non-ok status: 403" (see the screenshot). Downloading the logs works as expected.

Suggestion: fix the timezone failure.

  1. “Admin” role with Grafana Admin privileges
    Both PMM Dump and PMM Logs are visible. Accessing both via direct URL is possible.
    Both PMM Dump and PMM Logs work as expected.

 

  1. “Admin” role without Grafana Admin privileges
    Both PMM Dump and PMM Logs are visible. Accessing both via direct URL is possible.
    Both PMM Dump and PMM Logs work as expected.


Details

Assignee

Reporter

Priority

Components

Labels

Needs QA

Needs Doc

Planned Version/s

Story Points

Sprint

Smart Checklist Progress

Start date

Smart Checklist

Created December 4, 2024 at 2:32 PM
Updated last month