Access Control
Proper access control is a crucial component of any observability solution. In Dash0, we've designed a flexible access control system that balances security with usability, ensuring your team can collaborate effectively while maintaining appropriate permission boundaries.
Member Roles
Dash0 provides two primary member roles to manage access within your organization: Admin and Member. These roles determine what actions members can perform within the Dash0 platform. You can invite members and modify their roles within your organization settings in the dialog under Members.
Actions which require admin role
- Create datasets
- Modify billing information
- View usage and billing data
- Rename, change avatar and delete organization
- View and edit auth tokens
- Change member roles
- Invite new members to the organization
- Remove members from the organization
- View audit logs
- Add members to teams
- View member details
- Create and edit teams
Asset-Based Access Control
In addition to member roles, Dash0 implements granular access control at the asset level like dashboards, views, check rules or synthetic checks.
As creator from one of the above mentioned assets you are able to share them with view or edit permissions with roles, teams or individual members.
- With view permissions you gave the permission to view and clone the asset.
- With edit permission you can also delete, edit and update the sharing settings of the asset.
Static permissions
Some assets have static permissions which can not be changed. Every member in your organization has view permissions on all check rules and synthetic checks. And admins are always allowed to edit all check rules and synthetic checks. On dataset level admin have always “maintain” permissions.
Assets which are maintained via infrastructure as code (IaC) you are not able to edit in the UI. You can only delete and clone them.
Dataset permissions
On every dataset you can assign the “maintain”, “edit” and “read” permissions for different roles, teams and individual members. Admins always have “maintain” permission on every dataset.
On every new dataset members will also get “read” permission per default which can be removed in the settings.
Dataset Permission Comparison
| Actions | Maintain | Edit | Read |
|---|---|---|---|
| View traces, logs, and metrics | ✅ | ✅ | ✅ |
| Create and edit spam filters | ✅ | ❌ | ❌ |
| Create, edit and share dashboards | ✅ | ✅ | ✅ |
| Create, edit and share views | ✅ | ✅ | ✅ |
| View check rules and failed checks | ✅ | ✅ | ✅ |
| Create check rules | ✅ | ✅ | ❌ |
| View synthetic checks | ✅ | ✅ | ✅ |
| Create synthetic checks | ✅ | ✅ | ✅ |
| View notification channels and rules | ✅ | ✅ | ✅ |
| Create and edit notification rules | ✅ | ✅ | ❌ |
| Edit and delete dataset | ✅ | ❌ | ❌ |
| View datasets | ✅ | ✅ | ✅ |
| View endpoints | ✅ | ✅ | ✅ |
| View teams and members | ✅ | ✅ | ✅ |
Auth Tokens
Dash0 provides auth tokens that enable programmatic interaction with the platform. These tokens are essential to send data to Dash0 or to integrate Dash0 with other solutions and technologies, e.g., Grafana or Terraform.
Auth tokens are of the form auth_abc123... and you can manage them through your organization's settings.
Key Features of Auth Tokens
- Organization-level scope: Auth tokens operate at the organization level, allowing access to all permitted resources within that organization.
- Configurable permissions: Administrators can create tokens with specific permission scopes.
- Revocable access: Tokens can be immediately revoked if compromised or no longer needed.
In this section
Last updated: November 20, 2025