Query RBAC

[pavolloffay]

Is your feature request related to a problem? Please describe.

I would like to define fine grained query RBAC - e.g. show only spans/traces from Kubernetes namespaces which user can access.

Describe the solution you'd like

Enable RBAC on Tempo backend.

Describe alternatives you've considered

Implement a proxy that would enforce RBAC.

Additional context

[joe-elliott]

Can you share any more details to help us work on this feature? i.e. Is it important that this feature works on span and resource level? Are you expecting a mapping of tenants to allowed labels? How would you expect the data returned from the various APIs to be impacted by the configuration?

[pavolloffay]

A couple of thoughts

• both span and resource attributes should be masked if a user should not have access to that data
• on kubernetes we would like to use a single tenant on Tempo, but then mask data if a specific cluster user does not have access to a particular namespace where a span was creted
• the returned trace should have the original structure, e.g. spans should not be removed only span/resource attributes
• by default all attributes should be removed which could be overridden by whitelist configuration (e.g. keep service name or errors)