we are now investigating Grafana Loki… I am trying to understand its security model.
More specifically: we have several categories of logs, some are totally harmless, but some are more sensitive and only authorized personnel should have permission to access these.
In Grafana it seems that security is enforced only on DataSource level…that it is not possible to pass role of the user (or his group) as additional query filter to Loki backend.
What is the recommended approach for segmenting logs and ensuring role based authorization on row level?
Loki itself doesn’t really have a security model aside from the concept of tenants.
The most basic approach could be taken is to separate the logs based on sensitivity into different tenants within Loki and then you could configure separate datasources within Grafana to access these.
This has a few limitations though, mainly it lacks the ability for one person to write a query that covers all logs, though in the future I believe we are going to add support for Loki’s query-frontend to be able to query over multiple tenants/Loki clusters.
Additional levels of access control, say based on labels, would be left as an exercise for you to implement on top of Loki. Grafana is building such a feature within our enterprise offering which might be an option for you? Features such as access control, authentication, deployment/provisioning are where we are drawing the distinction between the OSS project and our commercial offering so that we can continue to grow and fund the OSS project!