Skip to content

Grafana

Overview

Grafana is an open-source platform for monitoring and observability. It allows users to query, visualize, alert on, and explore their metrics, logs, and traces wherever they are stored. Grafana provides a powerful and elegant way to create, explore, and share dashboards and data with your team.

Description

Architecture

img

  • Create an App registration from Microsoft Entra ID (AAD) and add a secret to it.
  • Grant the Log Analytics API delegate role to this service principal from AAD.
  • Grant Reader role of the subscription or to one or more resource groups to the service principal.
  • The admin of the grafana organization creates data sources under the Connections tab by providing respective app registration details.
  • On the data source level, user must be provided with viewer access to restrict their access from other subscriptions data.
  • Grant viewer access to the user over their respective dashboard folder level. Custom viewer or Custom editor roles can be granted to the users on individual dashboards based on the requirements.
  • [Grafana RBAC] (https://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/)

Client Organization RBAC

img

  • Organization for the client will be created along with three teams at organization level with the following privileges respectively: Admin, Contributor(Editing permissions) and Viewer.
  • One data source for the entire client subscription will be created from Tier0 end.
  • Default dashboards will be provided to the client organization initially while handing over which can be modified by the client users if needed.
  • Once the organization is handed over to the client, the organization admin users will be provided with full fexibility to create and manage their organization data and its RBAC.
  • Client has freedom to create the folders and dashboards. Default dashboards will be provided by Tier0 which will be managed and maintained by client. Other custom dashboards can be created and managed by the client including the RBAC and folder-dashboards permissions.

Constraints

  • Grafana’s performance may be limited by the underlying hardware and network infrastructure.
  • Integration with some data sources may require additional configuration or plugins.
  • Since Grafana connects to various data sources, an exposed instance could leak critical information like metrics, logs, or even business intelligence data if not protected behind authentication and firewalls.
  • If the size of queried data exceeds a certain limit, it gives the error and the data is not displayed inside the panel.

Benefits and Business Case

Responsibilities

Operation and Maintenance

  1. Creation of Dashboards and Panels
  2. Sharing of Dashboards and Panels
  3. Grafana Phase-1 Dashboards