Access Control

Proper access control is a crucial component of any observability solution. In Dash0, we've designed a flexible access control system that balances security with usability, ensuring your team can collaborate effectively while maintaining appropriate permission boundaries.

User Roles

Dash0 provides two primary user roles to manage access within your organization: Admin and Member. These roles determine what actions users can perform within the Dash0 platform.

You can invite users and modify their roles within your organization settings in the dialog under Members.

Organization settings screen showing members of the organization

Invite users and change their roles within the settings screen.

User Role Permission Comparison

Permission	Admin	Member
View traces, logs, and metrics	✅	✅
Create and edit spam filters	✅	❌
Create, edit and share dashboards	✅	✅
Create and edit views	✅	✅
View check rules and failed checks	✅	✅
Edit check rules	✅	❌
Invite new users to the organization	✅	❌
Remove users from the organization	✅	❌
Change user roles	✅	❌
View endpoints	✅	✅
View and edit auth tokens	✅	❌
View datasets	✅	✅
Create and edit datasets	✅	❌
View notification channels	✅	✅
Create and edit notification channels	✅	❌
Modify billing information	✅	❌
View usage and billing data	✅	❌
Rename, change avatar and delete organization	✅	❌

Auth Tokens

Dash0 provides auth tokens that enable programmatic interaction with the platform. These tokens are essential to send data to Dash0 or to integrate Dash0 with other solutions and technologies, e.g., Grafana or Terraform.

Auth tokens are of the form auth_abc123... and you can manage them through your organization's settings.

The Dash0 organization settings screen showing the auth token dialog

Within the auth token settings you can manage your authentication tokens, and see whether they are still in use.

Key Features of Auth Tokens

Organization-level scope: Auth tokens operate at the organization level, allowing access to all permitted resources within that organization.
Configurable permissions: Administrators can create tokens with specific permission scopes.
Revocable access: Tokens can be immediately revoked if compromised or no longer needed.

Resource-Based Access Control

In addition to user roles, Dash0 implements granular access control at the resource level, particularly for user-created assets like dashboards.

Resource owners can assign the following permission levels to other users based on their roles:

No access: As the same implies.
View: Users can view the resource but cannot modify it.
Edit: Users can both view and modify the resource, including the ability to delete it and manage access permissions.

The dashboard settings are accessible through a side-bar

Modify access granted to dashboards via the dashboard's settings panel.

Last updated: May 4, 2025

Dash0 Kubernetes Operator

Semantic Conventions