Scoped custom RBAC role for Grafana Plugins? (original) (raw)

Hi guys,

With great new feature about supporting rbac in plugins (What's new in Grafana v11.3 | Grafana documentation) I am wondering if it’s achievable to have scoped permissions for plugins?

For now I achieved protecting datasource proxy routes for given custom actions (following docs: Metadata (plugin.json) | Grafana Plugin Tools) and users without that permission are not able to access it - that’s good.

But my use case is more complex: I have some folder-like structure (called workspaces) inside my App Plugin and I would like to give users custom permission like plugin-workspace-edit scoped only for a given workspace. I see that granular scopes are possible already for folder/teams etc. (Plan your Grafana RBAC rollout strategy | Grafana documentation) but is it achievable to set custom scopes inside custom roles?

Best regards,
Adam