Protecting dashboards from users

Asked by Francois Mikus

Graphite users may be novices and could easily delete, re-arrange dashboards that were created.

I understand some of the original intent to have Graphite not deal with user classes (public, user, admin); I use public in a general way to describe users that do not have write access in the previous sentence, but could still be authorized by another external mechanism.

There will always be a need for user classes, if simply to help make users and administrators jobs easier.

Edit: Okay, I am a donut. I had an sqlite database problem which was why my events and user management was not working...

I understand also, that pickle and raw sockets are not the safest means of communicating. My question is more on the usability standpoint and not really from a security/interity standpoint.

Is there a means to protect some dashboards so that they are read-only. So users can clone them if they wish, but only admins could modify them. How are others coping with protecting dashboards from fat fingered users??

Question information

Language:
English Edit question
Status:
Solved
For:
Graphite Edit question
Assignee:
No assignee Edit question
Solved by:
Francois Mikus
Solved:
Last query:
Last reply:
Revision history for this message
Nicholas Leskiw (nleskiw) said :
#1

I make regular backups of the sqlite.DB file...

Francois Mikus <email address hidden> wrote:

>Question #200730 on Graphite changed:
>https://answers.launchpad.net/graphite/+question/200730
>
>Description changed to:
>Graphite users may be novices and could easily delete, re-arrange
>dashboards that were created.
>
>I understand some of the original intent to have Graphite not deal with
>user classes (public, user, admin); I use public in a general way to
>describe users that do not have write access in the previous sentence,
>but could still be authorized by another external mechanism.
>
>There will always be a need for user classes, if simply to help make
>users and administrators jobs easier.
>
>Edit: Okay, I am a donut. I had an sqlite database problem which was why
>my events and user management was not working...
>
>I understand also, that pickle and raw sockets are not the safest means
>of communicating. My question is more on the usability standpoint and
>not really from a security/interity standpoint.
>
>Is there a means to protect some dashboards so that they are read-only.
>So users can clone them if they wish, but only admins could modify them.
>How are others coping with protecting dashboards from fat fingered
>users??
>
>--
>You received this question notification because you are a member of
>graphite-dev, which is an answer contact for Graphite.
>
>_______________________________________________
>Mailing list: https://launchpad.net/~graphite-dev
>Post to : <email address hidden>
>Unsubscribe : https://launchpad.net/~graphite-dev
>More help : https://help.launchpad.net/ListHelp

Revision history for this message
Francois Mikus (fmikus) said :
#2

Yeah, that's one way to do it.

I guess I was wondering more about having readonly dashboards, that users can see, and if they wish to do something, they can clone them and roll their own from a starting point. But at least they can see them, even if they can't change them.

Thanks.