仅使用一个特定变量授予对仪表板的访问权限

Posted

技术标签:

【中文标题】仅使用一个特定变量授予对仪表板的访问权限【英文标题】:Grant access to dashboard with only one specific variable 【发布时间】:2021-04-27 01:18:16 【问题描述】:

我有一个仪表板,其中包含一些变量(在本例中:类别和 URL):


  "templating": 
    "list": [
      
        "allValue": null,
        "current": 
          "selected": false,
          "text": "default",
          "value": "default"
        ,
        "datasource": "Influx-SP",
        "definition": "",
        "error": null,
        "hide": 0,
        "includeAll": false,
        "label": null,
        "multi": false,
        "name": "category",
        "options": [],
        "query": "SHOW TAG VALUES WITH KEY = \"category\"",
        "refresh": 1,
        "regex": "",
        "skipUrlSync": false,
        "sort": 0,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      ,
      
        "allValue": null,
        "datasource": "Influx-SP",
        "definition": "",
        "error": null,
        "hide": 0,
        "includeAll": false,
        "label": "group",
        "multi": false,
        "name": "group",
        "options": [],
        "query": "SHOW TAG VALUES WITH KEY = \"group\" WHERE \"category\" =~ /$category/",
        "refresh": 1,
        "regex": "",
        "skipUrlSync": false,
        "sort": 0,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      ,
      
        "allValue": null,
        "current": 
          "selected": false,
          "text": "_",
          "value": "_"
        ,
        "datasource": "Influx-SP",
        "definition": "",
        "error": null,
        "hide": 0,
        "includeAll": false,
        "label": null,
        "multi": false,
        "name": "page",
        "options": [],
        "query": "SHOW TAG VALUES WITH KEY = \"page\" WHERE \"group\" =~ /$group/ AND \"category\" =~ /$category/",
        "refresh": 1,
        "regex": "",
        "skipUrlSync": false,
        "sort": 0,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      ,
      
        "allValue": null,
        "current": 
          "selected": false,
          "text": "chrome",
          "value": "chrome"
        ,
        "datasource": "Influx-SP",
        "definition": "",
        "error": null,
        "hide": 0,
        "includeAll": false,
        "label": null,
        "multi": false,
        "name": "browser",
        "options": [],
        "query": "SHOW TAG VALUES WITH KEY = \"browser\" WHERE \"group\" =~ /$group/ AND \"page\"  =~ /$page/ AND \"category\" =~ /$category/",
        "refresh": 1,
        "regex": "",
        "skipUrlSync": false,
        "sort": 0,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      ,
      
        "allValue": null,
        "current": 
          "selected": false,
          "text": "native",
          "value": "native"
        ,
        "datasource": "Influx-SP",
        "definition": "",
        "error": null,
        "hide": 0,
        "includeAll": false,
        "label": null,
        "multi": false,
        "name": "connectivity",
        "options": [],
        "query": "SHOW TAG VALUES WITH KEY = \"connectivity\" WHERE \"group\" =~ /$group/ AND \"page\"  =~ /$page/ AND \"browser\" =~ /$browser/ AND \"category\" =~ /$category/",
        "refresh": 1,
        "regex": "",
        "skipUrlSync": false,
        "sort": 0,
        "tagValuesQuery": "",
        "tags": [],
        "tagsQuery": "",
        "type": "query",
        "useTags": false
      
    ]
  

现在我想让用户查看特定网址的测量值。目前,group 字段显示所有 URL,用户可以看到所有 url 的列表,无论他是否应该看到它(当然,这是因为查询 SHOW TAG VALUES WITH KEY = \"group\" WHERE \"category\" =~ /$category/ 返回所有条目) .

所以我想获得一些最佳实践来解决这个问题。不幸的是,文档并没有帮助我:-(

【问题讨论】:

【参考方案1】:

Grafana 不提供此类功能。 我们实现这种情况的方式是在某些数据源(例如 SQL)中为每个实体配置用户访问权限,然后查询它以显示用户特定的类别/url/等。

此配置可以基于用户的电子邮件/登录名/id 进行,您只能在 Grafana v7.1+ 中将其作为变量“抓取”:

$__user.id 是当前用户的ID $__user.login 是当前用户的登录句柄 $__user.email 是当前用户的电子邮件

参考: https://grafana.com/docs/grafana/latest/variables/variable-types/global-variables/#__user

【讨论】:

以上是关于仅使用一个特定变量授予对仪表板的访问权限的主要内容,如果未能解决你的问题,请参考以下文章

授予对 Postgres 中所有表的访问权限

限制对 Redshift 表的访问,仅授予对视图的访问权限

授予特定用户对特定(多个)文档的访问权限

ASP.NET 登录以授予对特定类型人群的访问权限

S3 存储桶策略授予/限制对特定联合用户的访问权限

C# 授予对特定不相关类的访问权限