Grafana MCP Policy

GET STARTED

Download this policy scaffold and add your rules. Intercept enforces them on every tool call before it reaches Grafana.

terminal

# Download policy scaffold


curl -o grafana.yaml https://raw.githubusercontent.com/policylayer/intercept/main/policies/grafana.yaml

# Run with Intercept


intercept --policy grafana.yaml -- npx -y @grafana/mcp-grafana

Server documentation: https://github.com/grafana/mcp-grafana

READ TOOLS

24

get_dashboard_by_uid Retrieve complete dashboard details

get_dashboard_panel_queries Extract panel titles, queries, and datasource info

get_dashboard_property Extract specific parts using JSONPath

get_dashboard_summary Obtain compact overview without full JSON

get_datasource Retrieve datasource details by UID or name

get_panel_image Render dashboards as PNG

get_query_examples Access sample queries for learning syntax

get_role_details Role permission inspection

list_alert_rules View alerting configurations

list_all_roles Available role listings

list_annotations Query dashboard annotations

list_cloudwatch_namespaces AWS service discovery

list_datasources View all configured datasources

list_incidents Browse Grafana Incident records

list_loki_label_names Log label exploration

list_prometheus_metric_names Available metrics discovery

list_teams View Grafana teams

list_users_by_org Organisation user directory

query_clickhouse Execute SQL with macro substitution

query_cloudwatch Run AWS CloudWatch metric queries

query_elasticsearch Search using Lucene or Query DSL

query_loki_logs Run LogQL queries for logs and metrics

query_prometheus Execute PromQL against Prometheus

search_dashboards Locate dashboards by title or metadata

WRITE TOOLS

3

create_alert_rule Define new alert conditions

create_incident Initiate new incidents

update_dashboard Create or modify dashboards

OTHER TOOLS

2

generate_deeplinks Create accurate Grafana resource URLs

patch_dashboard Apply targeted changes without full JSON

POLICY YAML

This scaffold lists every tool with empty rules. Add conditions — rate limits, argument validation, deny rules — then deploy with Intercept.

grafana.yaml

version: "1"
description: "Policy for grafana/mcp-grafana"
default: "allow"
tools:
    get_dashboard_by_uid:
        rules: []
    get_dashboard_panel_queries:
        rules: []
    get_dashboard_property:
        rules: []
    get_dashboard_summary:
        rules: []
    get_datasource:
        rules: []
    get_panel_image:
        rules: []
    get_query_examples:
        rules: []
    get_role_details:
        rules: []
    list_alert_rules:
        rules: []
    list_all_roles:
        rules: []
    list_annotations:
        rules: []
    list_cloudwatch_namespaces:
        rules: []
    list_datasources:
        rules: []
    list_incidents:
        rules: []
    list_loki_label_names:
        rules: []
    list_prometheus_metric_names:
        rules: []
    list_teams:
        rules: []
    list_users_by_org:
        rules: []
    query_clickhouse:
        rules: []
    query_cloudwatch:
        rules: []
    query_elasticsearch:
        rules: []
    query_loki_logs:
        rules: []
    query_prometheus:
        rules: []
    search_dashboards:
        rules: []
    create_alert_rule:
        rules: []
    create_incident:
        rules: []
    update_dashboard:
        rules: []
    generate_deeplinks:
        rules: []
    patch_dashboard:
        rules: []

RELATED POLICIES

Datadog 20 tools

observability

FREQUENTLY ASKED QUESTIONS

What tools does the Grafana MCP server expose?

The Grafana MCP Server exposes 29 tools across 3 categories: Read, Write, Other. Each tool can be individually controlled with Intercept policies.

How do I enforce policies on Grafana?

Download the policy scaffold, add rules (rate limits, argument validation, deny rules), then run Intercept as a proxy in front of the Grafana MCP server. Every tool call is evaluated against your YAML policy before execution.

Is the Grafana policy free to use?

Yes. All Intercept policies are open source under the Apache 2.0 licence. Download, modify, and deploy without restrictions.

ENFORCE POLICIES ON GRAFANA

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Browse all policies →