Access Control
Proper access control is a crucial component of any observability solution. In Dash0, we've designed a flexible access control system that balances security with usability, ensuring your team can collaborate effectively while maintaining appropriate permission boundaries.
User Roles
Dash0 provides two primary user roles to manage access within your organization: Admin and Member. These roles determine what actions users can perform within the Dash0 platform.
You can invite users and modify their roles within your organization settings in the dialog under Members.
User Role Permission Comparison
Permission | Admin | Member |
---|---|---|
View traces, logs, and metrics | ✅ | ✅ |
Create and edit spam filters | ✅ | ❌ |
Create, edit and share dashboards | ✅ | ✅ |
Create and edit views | ✅ | ✅ |
View check rules and failed checks | ✅ | ✅ |
Edit check rules | ✅ | ❌ |
Invite new users to the organization | ✅ | ❌ |
Remove users from the organization | ✅ | ❌ |
Change user roles | ✅ | ❌ |
View endpoints | ✅ | ✅ |
View and edit auth tokens | ✅ | ❌ |
View datasets | ✅ | ✅ |
Create and edit datasets | ✅ | ❌ |
View notification channels | ✅ | ✅ |
Create and edit notification channels | ✅ | ❌ |
Modify billing information | ✅ | ❌ |
View usage and billing data | ✅ | ❌ |
Rename, change avatar and delete organization | ✅ | ❌ |
Auth Tokens
Dash0 provides auth tokens that enable programmatic interaction with the platform. These tokens are essential to send data to Dash0 or to integrate Dash0 with other solutions and technologies, e.g., Grafana or Terraform.
Auth tokens are of the form auth_abc123...
and you can manage them through your organization's settings.
Key Features of Auth Tokens
- Organization-level scope: Auth tokens operate at the organization level, allowing access to all permitted resources within that organization.
- Configurable permissions: Administrators can create tokens with specific permission scopes.
- Revocable access: Tokens can be immediately revoked if compromised or no longer needed.
Resource-Based Access Control
In addition to user roles, Dash0 implements granular access control at the resource level, particularly for user-created assets like dashboards.
Resource owners can assign the following permission levels to other users based on their roles:
- No access: As the same implies.
- View: Users can view the resource but cannot modify it.
- Edit: Users can both view and modify the resource, including the ability to delete it and manage access permissions.
Last updated: May 4, 2025