Grafana - Authentication and access control

Is grafana ready to be exposed to internet if login enabled with Google OAuth?

It’s a good question, but very complicated to answer

It depends very much on your mileage

For instance, what datasources you’re exposing, and how those are protected

Let me take an example: let’s say you are using only one elasticsearch datasource, and using openid to secure both grafana login and the datasource itself

Le’ts further say that elasticsearch is configured to use openidc with very fine grained permissions

Then I’d say you’re pretty safe : even if there’s a bug in grafana, and someone is leveraging it to access someone else’s privilege, they could only ever send commands to the datasource using the user’s privileges

What I’d really avoid doing is create some user for the datasouce that has too many privileges, and give that to grafana.ini

You could have a look at these https://www.cvedetails.com/product/47055/Grafana-Grafana.html?vendor_id=18548

It also depends on how often you upgrade your server’s software