Folder Permissions

Table of Contents

Overview
Folder managed objects
Permission Levels
Permission Inheritance
View Folder Permissions
- Update a Role Permission
- Update User, Team, or Service Account Access
Troubleshooting

Overview

Folders are the primary mechanism for organizing and controlling access to Kloudfuse content. When a permission is assigned to a folder, it applies to everything inside it — dashboards, alerts, sub-folders, and all other objects contained within.

Permissions can be granted to four types of principals:

Users	Human accounts authenticated through the login page or an SSO provider. Permissions can be assigned directly to a specific user, granting that individual access to the folder and its contents.
Teams	Groups of users. Assigning a team to a folder grants access to all current and future team members simultaneously. Teams are the recommended approach for managing shared folder access at scale.
Roles	System-wide roles (Admin, Editor, or Viewer). Assigning a role to a folder grants access to every user who holds that role. Each role receives default folder permissions that can be adjusted on a per-folder basis.
Service Accounts	Non-human identities used for API access and system integrations. Service Accounts can be granted folder permissions independently of team membership, allowing automated pipelines to access specific content.

Users

Human accounts authenticated through the login page or an SSO provider. Permissions can be assigned directly to a specific user, granting that individual access to the folder and its contents.

Teams

Groups of users. Assigning a team to a folder grants access to all current and future team members simultaneously. Teams are the recommended approach for managing shared folder access at scale.

Roles

System-wide roles (Admin, Editor, or Viewer). Assigning a role to a folder grants access to every user who holds that role. Each role receives default folder permissions that can be adjusted on a per-folder basis.

Service Accounts

Non-human identities used for API access and system integrations. Service Accounts can be granted folder permissions independently of team membership, allowing automated pipelines to access specific content.

A user’s effective permission level on a folder is the highest level granted across all of their applicable permission sources.

Folder managed objects

The following Kloudfuse objects are governed by folder-level permissions:

Object	Description
Dashboards	Visualization panels and charts that display metrics, logs, traces, and other telemetry data.
Alert rules	Threshold and anomaly detection rules across all signal types — Metrics, Events, Logs, Traces, APM, SLO, and RUM.
Sub-folders	Nested folders used to further organize content within a parent folder. Sub-folders inherit the parent folder’s permissions.
Scheduled Views	Pre-computed log views that run on a schedule to improve query performance over large datasets.
Saved Queries	Reusable query definitions that can be shared across dashboards and explorers.
Lookup Tables	Reference data tables used to enrich telemetry streams with additional context during query time.
Favorite Facets	User-defined field groupings that appear as quick-filter options in the log and trace explorers.
Scheduled Searches	Saved searches configured to run automatically and deliver results on a defined schedule.

Object

Description

Dashboards

Visualization panels and charts that display metrics, logs, traces, and other telemetry data.

Alert rules

Threshold and anomaly detection rules across all signal types — Metrics, Events, Logs, Traces, APM, SLO, and RUM.

Sub-folders

Nested folders used to further organize content within a parent folder. Sub-folders inherit the parent folder’s permissions.

Scheduled Views

Pre-computed log views that run on a schedule to improve query performance over large datasets.

Saved Queries

Reusable query definitions that can be shared across dashboards and explorers.

Lookup Tables

Reference data tables used to enrich telemetry streams with additional context during query time.

Favorite Facets

User-defined field groupings that appear as quick-filter options in the log and trace explorers.

Scheduled Searches

Saved searches configured to run automatically and deliver results on a defined schedule.

Creating objects at the root level (outside any folder) only requires the user to hold an Admin or Editor account role. Root-level objects are not subject to folder permissions.

Permission Levels

Level	What it grants
View	Read-only access. Users can view the folder and its contents but cannot create, edit, or delete any objects.
Edit	Full create, edit, and delete access for all objects within the folder. Editors can also create sub-folders.
Admin	All Edit capabilities, plus the ability to manage the folder’s own permissions — adding, changing, and removing access for users, teams, and roles.
No Access	Completely hides the folder from the user. The folder will not appear in dropdowns or listings. Use this to restrict a role that would otherwise inherit access through a default role assignment.

Level

What it grants

View

Read-only access. Users can view the folder and its contents but cannot create, edit, or delete any objects.

Edit

Full create, edit, and delete access for all objects within the folder. Editors can also create sub-folders.

Admin

All Edit capabilities, plus the ability to manage the folder’s own permissions — adding, changing, and removing access for users, teams, and roles.

No Access

Completely hides the folder from the user. The folder will not appear in dropdowns or listings. Use this to restrict a role that would otherwise inherit access through a default role assignment.

Permission Inheritance

Permissions flow downward through the folder hierarchy. A user who has Edit access on a parent folder automatically has at least Edit access on all sub-folders within it. A sub-folder’s effective permission level for a user cannot fall below what they inherit from a parent folder, but additional permissions can be granted to specific users, teams, or roles on the sub-folder.

Admin users always have full access to all folders, regardless of folder-level permission assignments.

View Folder Permissions

In the sidebar, click Admin in the lower left corner and navigate to the Folders option.
In the Folders table, click the name of the folder you want to manage.
A permissions sidebar appears on the right, listing all current assignments for that folder by role, team, user, and service account.

Update a Role Permission

Every role is assigned a default permission level for every folder:

Admin — Admin access
Editor — Edit access
Viewer — View access

To prevent all users with a given role from accessing a folder, change that role’s permission to No Access. Users then need an explicit team, user, or service account assignment to access the folder.

Update User, Team, or Service Account Access

Users, Teams, and Service Accounts can all be granted additional permissions beyond what is inherited from their Role. Select a specific User, Team, or Service Account and assign them Admin, Edit, or View access.

Troubleshooting

Cannot Change Admin Role

The option to change the Admin Role is greyed-out because it will always have Admin access to a folder and cannot be changed.

Cannot Create a Folder

Only users with an Admin or Editor account role can create folders under the root. If the New folder option is unavailable, check that the user’s account role is Editor or Admin.

To create a sub-folder inside an existing folder, the user must have Edit or Admin permission on that parent folder.

Cannot Create or Edit an object in a Folder

To create or modify objects in a folder, a user needs Edit or Admin permission from at least one permission source (a direct user assignment, a team membership, or a role-based assignment). Check all three sources in the Manage permissions panel.

Folder Is Greyed Out in the Dropdown

A greyed-out folder in a dropdown means the user has View permission only across all applicable sources. Grant Edit or Admin permission through a user, team, or role assignment.