Hello!
I’m creating a dashboard for monitoring vehicles. The database is InfluxDb and query language is InfluxQL. The dashboard panels show the data of a vehicle. A user should be able to see only their vehicles.
For eg. user A can see their vehicles A,B,C. user B can see their vehicles D,E.
I’m using a query variable VIN to query the vehicles mapped to the currently logged in user.
The issue I’m facing now is that if the user changes the VIN in the URL and chances upon a valid VIN, they will be able to see the data of that VIN. I believe there’s no native Grafana support available to validate if the value of the VIN variable in the URL is allowed for the user (present in the queried result of the VIN variable tag). I’ve been thinking for a solution for sometime now. It would be highly helpful if I could get any leads on any workarounds.
Thank you!
are you using standard login or a custom login like okta or ldap?
I’m using standard login
do you have any data in your data source that maps user.name and vin?
Yes I do. I’m querying the vin mapped/ assigned to the username using the ${__user.login} global variable
please share that query
SHOW TAG VALUES FROM “user_info_test” WITH KEY=“vin” WHERE “userlogin”=’${__user.login}’
this part does not make sense to me “The issue I’m facing now is that if the user changes the VIN in the URL” is this you doing it or grafana?
So the dashboard will have multiple users. The idea is that each user will use the dashboard to monitor their vehicles. The ‘vin’ query variable creates a dropdown of the vins that a user can access. So the URL also have a “var-vin=” part in the webpage search bar. If the user changes the to a valid vin, they will still be able to see the dashboard of that vehicle, even if its not present in the ‘vin’ variable query return.
yeah so you cant do that.
and you dont need to do that url stuff
I have a geomap dashboard that shows the location of the vehicles. When I click on a particular vehicle, this URL shows up and on clicking that, it navigates to the second dashboard.
Since I’m using a query variable, I will need the var-vin= part in the url right?
which will cause someone else to manually type the vin, so not a good solution
so this is my query emulating yours. notice I use both user.login and vin as params
as
(
select 1 vin, 'toyota' as make, 'camry' model, 2024 make_year, 'admin' owner union
select 2 vin, 'toyota' as make, 'Vercel' model, 2024 make_year, 'admin' owner union
select 3 vin, 'tesla' as make, 'robot' model, 2034 make_year, 'elonmusk' owner
)
select make, model, make_year, owner
from src
where owner = '${__user.login}'
and vin = $vins ```no url involved, clean
I had a couple of doubts on the above implementation:
- The above query generates both the toggle as well as the table panel?
- I have multiple panels like gauge to get the battery values, time series, stat time line etc. How can I apply the above logic to multiple panels?
- Does the vin=$vins in the where condition- where owner = ‘${__user.login}’ and vin = $vins- take multiple vin values?
- each have their own data source and query. the toggle is strictly
select distinct vin from yadiyada where user = $user.login
- the same way you do it for any panel, query using filter of current user and selected vin
- yes it can take multiple in which case you do
where vin in ($vin:csv)
kind of interpoltation
In what type of visualization panel can I implement the toggle?
