Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

QAN - Implement label based access control

Description

Currently, there is no way to restrict user access by granting rights only for specific metrics. But for regular dashboards, at least, there is a workaround with setting up custom dashboards and adjusting the variables on those dashboards.

Unfortunately, this does not work with Query Analytics. There is no way to customize filter values. It would be nice to have a way to restrict access in QAN. E.g., allow MySQL users to see only MySQL-related DBs, Service Types, etc. And do not allow them to see or choose filters for PG, MongoDB, etc.

How to test

  1. Set up a PMM Server instance

  2. Add two databases to monitoring:

    1. mysql with slowlog

    2. postgres with

  3. Enable Access Control in the Settings

  4. Go to Access Control and create two new roles with the following LBAC selectors

    1.  

How to document

Extending current Label based access docs

AFFECTED CS IDs

CS0022314, CS0045261, CS0044927, CS0050687

Activity

Catalina Adam 
May 3, 2025 at 6:42 AM

Documented with and

Alex Demidoff 
March 17, 2025 at 6:52 PM

While the ultimate goal is clear, I don’t quite get how PMM should define a “MySQL” user mentioned in the description.

Maxim Kondratenko 
November 2, 2022 at 12:55 PM

No, the RBAC for metrics spec doesn't cover this case. We need to cover QAN separately.

duygu.aksoy 
October 27, 2022 at 9:36 AM

can you take a look at this ticket and comment here based on our work for accessss limitation for metrics? Thank you

Roma Novikov 
November 15, 2021 at 9:20 AM
(edited)

This problem can be solved with our planned RBAC feature () 

Details

Assignee

Reporter

Priority

Components

Labels

Needs QA

Needs Doc

Planned Version/s

Fix versions

Story Points

Sprint

Smart Checklist Progress

Start date

Due date

Parent

Created November 11, 2021 at 3:22 PM
Updated 3 days ago