Graphite

Set permissions on data

Asked by Norbert Winkler

Hello,
after setting up Graphite and using it for quite some time now I ran into a simple question.
Is it anyhow possible to set permission schemas on the data?
It would be really nice to be able to specify something like the following:

Deny view of carbon.agents.myhost.errors to user xy
Deny view of carbon.* to user ab

or maybe the other way round:
Allow only the view of carbon.* to user az

Is something like this available, or if not, could you give me a hint how (and especially where/in which file) to implement it myself?

Question information

Language:
English Edit question
Status:
Answered
For:
Graphite Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Nicholas Leskiw (nleskiw) said : 		#1

Graphite currently has no functionality to hide metrics from certain users. It was not designed to be used in an insecure environment and we don't recommend using it if you have confidential data, or non-authorized users can get to the webapp.

You do, however, have some options:

1. Move the confidential metrics to a different instance, and use firewall rules to prevent access from unauthorized people.
2. Pull graphs with wget / curl, move them to a webserver once a minute ( or however often) and only give untrusted users access to these pre-generated graphs. (Overwrite them and write a pretty, static HTML page that will arrange them and stuff.)

I hope this answers your question.

Can you help with this problem?

Provide an answer of your own, or ask Norbert Winkler for more information if necessary.

To post a message you must log in.