add storage test

Merge branch 'main' into wb/pluginmeta-local
fix linter
2025-12-11 21:22:28 -05:00 · 2025-12-11 16:59:33 +00:00 · 2025-12-11 16:06:27 +00:00 · 2025-12-11 15:55:17 +00:00 · 2025-12-11 15:48:26 +00:00 · 2025-12-11 15:34:55 +00:00
485 changed files with 5048 additions and 23139 deletions
@@ -208,7 +208,7 @@
 /pkg/tests/apis/shorturl @grafana/sharing-squad
 /pkg/tests/api/correlations/ @grafana/datapro
 /pkg/tsdb/grafanads/ @grafana/grafana-backend-group
-/pkg/tsdb/opentsdb/ @grafana/oss-big-tent
+/pkg/tsdb/opentsdb/ @grafana/partner-datasources
 /pkg/util/ @grafana/grafana-backend-group
 /pkg/web/ @grafana/grafana-backend-group

@@ -260,7 +260,7 @@
 /devenv/dev-dashboards/dashboards.go @grafana/dataviz-squad
 /devenv/dev-dashboards/home.json @grafana/dataviz-squad
 /devenv/dev-dashboards/datasource-elasticsearch/ @grafana/partner-datasources
-/devenv/dev-dashboards/datasource-opentsdb/ @grafana/oss-big-tent
+/devenv/dev-dashboards/datasource-opentsdb/ @grafana/partner-datasources
 /devenv/dev-dashboards/datasource-influxdb/ @grafana/partner-datasources
 /devenv/dev-dashboards/datasource-mssql/ @grafana/partner-datasources
 /devenv/dev-dashboards/datasource-loki/ @grafana/plugins-platform-frontend
@@ -307,7 +307,7 @@
 /devenv/docker/blocks/mysql_exporter/ @grafana/oss-big-tent
 /devenv/docker/blocks/mysql_opendata/ @grafana/oss-big-tent
 /devenv/docker/blocks/mysql_tests/ @grafana/oss-big-tent
-/devenv/docker/blocks/opentsdb/ @grafana/oss-big-tent
+/devenv/docker/blocks/opentsdb/ @grafana/partner-datasources
 /devenv/docker/blocks/postgres/ @grafana/oss-big-tent
 /devenv/docker/blocks/postgres_tests/ @grafana/oss-big-tent
 /devenv/docker/blocks/prometheus/ @grafana/oss-big-tent
@@ -520,7 +520,7 @@ i18next.config.ts @grafana/grafana-frontend-platform
 /e2e-playwright/various-suite/solo-route.spec.ts @grafana/dashboards-squad
 /e2e-playwright/various-suite/trace-view-scrolling.spec.ts @grafana/observability-traces-and-profiling
 /e2e-playwright/various-suite/verify-i18n.spec.ts @grafana/grafana-frontend-platform
-/e2e-playwright/various-suite/visualization-suggestions.spec.ts @grafana/dataviz-squad
+/e2e-playwright/various-suite/visualization-suggestions.spec.ts @grafana/dashboards-squad
 /e2e-playwright/various-suite/perf-test.spec.ts @grafana/grafana-frontend-platform

 # Packages
@@ -956,7 +956,6 @@ playwright.storybook.config.ts @grafana/grafana-frontend-platform
 /public/app/features/notifications/ @grafana/grafana-search-navigate-organise
 /public/app/features/org/ @grafana/grafana-search-navigate-organise
 /public/app/features/panel/ @grafana/dashboards-squad
-/public/app/features/panel/components/VizTypePicker/VisualizationSuggestions.tsx @grafana/dataviz-squad
 /public/app/features/panel/suggestions/ @grafana/dataviz-squad
 /public/app/features/playlist/ @grafana/dashboards-squad
 /public/app/features/plugins/ @grafana/plugins-platform-frontend
@@ -1101,7 +1100,7 @@ eslint-suppressions.json @grafanabot
 /public/app/plugins/datasource/mixed/ @grafana/dashboards-squad
 /public/app/plugins/datasource/mssql/ @grafana/partner-datasources
 /public/app/plugins/datasource/mysql/ @grafana/oss-big-tent
-/public/app/plugins/datasource/opentsdb/ @grafana/oss-big-tent
+/public/app/plugins/datasource/opentsdb/ @grafana/partner-datasources
 /public/app/plugins/datasource/grafana-postgresql-datasource/ @grafana/oss-big-tent
 /public/app/plugins/datasource/prometheus/ @grafana/oss-big-tent
 /public/app/plugins/datasource/cloud-monitoring/ @grafana/partner-datasources
@@ -12,7 +12,6 @@ on:
 permissions:
  id-token: write
  contents: read
-  statuses: write

 # Since this is run on a pull request, we want to apply the patches intended for the
 # target branch onto the source branch, to verify compatibility before merging.
@@ -29,10 +29,6 @@ permissions:
 # target branch onto the source branch, to verify compatibility before merging.
 jobs:
  dispatch-job:
-    # If the source is not from a fork then dispatch the job to the workflow.
-    # This will fail on forks when trying to broker a token, so instead, forks will create the required status and mark
-    # it as a success
-    if: ${{ ! github.event.pull_request.head.repo.fork }}
    env:
      HEAD_REF: ${{ inputs.head_ref }}
      BASE_REF: ${{ github.base_ref }}
@@ -80,20 +76,3 @@ jobs:
                  triggering_github_handle: SENDER
                }
            })
-  dispatch-job-fork:
-    # If the source is from a fork then use the built-in workflow token to create the same status and unconditionally
-    # mark it as a success.
-    if: ${{ github.event.pull_request.head.repo.fork }}
-    permissions:
-      statuses: write
-    runs-on: ubuntu-latest
-    steps:
-      - name: Create status
-        uses: myrotvorets/set-commit-status-action@6d6905c99cd24a4a2cbccc720b62dc6ca5587141
-        with:
-          token: ${{ github.token }}
-          sha: ${{ inputs.pr_commit_sha }}
-          repo: ${{ inputs.repo }}
-          status: success
-          context: "Test Patches (event)"
-          description: "Test Patches (event) on a fork"
@@ -111,13 +111,12 @@ jobs:
      ownerRepo: 'grafana/grafana-enterprise'
      from: ${{ needs.setup.outputs.release_branch }}
      to: ${{ needs.create_next_release_branch_enterprise.outputs.branch }}
-  # Removed this for now since it doesn't work
-  # post_changelog_on_forum:
-  #   needs: setup
-  #   uses: grafana/grafana/.github/workflows/community-release.yml@main
-  #   with:
-  #     version: ${{ needs.setup.outputs.version }}
-  #     dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
+  post_changelog_on_forum:
+    needs: setup
+    uses: grafana/grafana/.github/workflows/community-release.yml@main
+    with:
+      version: ${{ needs.setup.outputs.version }}
+      dry_run: ${{ needs.setup.outputs.dry_run == 'true' }}
  create_github_release:
    # a github release requires a git tag
    # The github-release action retrieves the changelog using the /repos/grafana/grafana/contents/CHANGELOG.md API
@@ -3,7 +3,7 @@
 # Others can set up the YAML LSP manually, which supports schemas: https://github.com/redhat-developer/yaml-language-server

 # $schema: https://golangci-lint.run/jsonschema/golangci.jsonschema.json
-version: '2'
+version: "2"
 run:
  timeout: 15m
  concurrency: 10
@@ -83,16 +83,6 @@ linters:
          deny:
            - pkg: github.com/grafana/grafana/pkg
              desc: apps/playlist is not allowed to import grafana core
-        apps-dashboard:
-          list-mode: lax
-          files:
-            - ./apps/dashboard/*
-            - ./apps/dashboard/**/*
-          allow:
-            - github.com/grafana/grafana/pkg/apimachinery
-          deny:
-            - pkg: github.com/grafana/grafana/pkg
-              desc: apps/dashboard is not allowed to import grafana core
        apps-secret:
          list-mode: lax
          files:
@@ -291,16 +281,16 @@ linters:
        text: G306
      - linters:
          - gosec
-        text: '401'
+        text: "401"
      - linters:
          - gosec
-        text: '402'
+        text: "402"
      - linters:
          - gosec
-        text: '501'
+        text: "501"
      - linters:
          - gosec
-        text: '404'
+        text: "404"
      - linters:
          - errorlint
        text: non-wrapping format verb for fmt.Errorf
@@ -15,7 +15,6 @@ require (
 	github.com/stretchr/testify v1.11.1
 	k8s.io/apimachinery v0.34.2
 	k8s.io/apiserver v0.34.2
-	k8s.io/client-go v0.34.2
 	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912
 )

@@ -44,7 +43,6 @@ replace github.com/grafana/grafana/apps/plugins => ../plugins
 replace github.com/prometheus/alertmanager => github.com/grafana/prometheus-alertmanager v0.25.1-0.20250911094103-5456b6e45604

 require (
-	cel.dev/expr v0.24.0 // indirect
 	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	dario.cat/mergo v1.0.2 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
@@ -57,7 +55,6 @@ require (
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
-	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/VividCortex/mysqlerr v0.0.0-20170204212430-6c6b55f8796f // indirect
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
@@ -88,7 +85,6 @@ require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cheekybits/genny v1.0.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
@@ -105,7 +101,6 @@ require (
 	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/gchaincl/sqlhooks v1.3.0 // indirect
 	github.com/getkin/kin-openapi v0.133.0 // indirect
@@ -149,13 +144,12 @@ require (
 	github.com/golang-migrate/migrate/v4 v4.7.0 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/cel-go v0.26.1 // indirect
 	github.com/google/flatbuffers v25.2.10+incompatible // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/google/wire v0.7.0 // indirect
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // indirect
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // indirect
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // indirect
 	github.com/grafana/dataplane/sdata v0.0.9 // indirect
 	github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4 // indirect
@@ -168,7 +162,6 @@ require (
 	github.com/grafana/sqlds/v4 v4.2.7 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.1.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 // indirect
-	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20191002090509-6af20e3a5340 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
@@ -183,7 +176,6 @@ require (
 	github.com/hashicorp/memberlist v0.5.2 // indirect
 	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/huandu/xstrings v1.5.0 // indirect
-	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jaegertracing/jaeger-idl v0.5.0 // indirect
 	github.com/jessevdk/go-flags v1.6.1 // indirect
 	github.com/jmespath-community/go-jmespath v1.1.1 // indirect
@@ -256,9 +248,7 @@ require (
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
-	github.com/spf13/cobra v1.10.1 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
-	github.com/stoewer/go-strcase v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tetratelabs/wazero v1.8.2 // indirect
 	github.com/thomaspoignant/go-feature-flag v1.42.0 // indirect
@@ -266,9 +256,6 @@ require (
 	github.com/woodsbury/decimal128 v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/xxh3 v1.0.2 // indirect
-	go.etcd.io/etcd/api/v3 v3.6.4 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
-	go.etcd.io/etcd/client/v3 v3.6.4 // indirect
 	go.mongodb.org/mongo-driver v1.17.4 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
@@ -287,8 +274,6 @@ require (
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/mock v0.6.0 // indirect
-	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.45.0 // indirect
@@ -312,26 +297,23 @@ require (
 	google.golang.org/grpc v1.77.0 // indirect
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/mail.v2 v2.3.1 // indirect
-	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/src-d/go-errors.v1 v1.0.0 // indirect
 	gopkg.in/telebot.v3 v3.3.8 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.34.2 // indirect
 	k8s.io/apiextensions-apiserver v0.34.2 // indirect
+	k8s.io/client-go v0.34.2 // indirect
 	k8s.io/component-base v0.34.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kms v0.34.2 // indirect
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
 	modernc.org/libc v1.66.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 	modernc.org/sqlite v1.40.1 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.1 // indirect
@@ -282,7 +282,6 @@ github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03V
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8=
 github.com/cznic/fileutil v0.0.0-20180108211300-6a051e75936f/go.mod h1:8S58EK26zhXSxzv7NQFpnliaOQsmDUxvoQO3rt154Vg=
@@ -407,8 +406,6 @@ github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
 github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
-github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/analysis v0.24.0 h1:vE/VFFkICKyYuTWYnplQ+aVr45vlG6NcZKC7BdIXhsA=
 github.com/go-openapi/analysis v0.24.0/go.mod h1:GLyoJA+bvmGGaHgpfeDh8ldpGo69fAJg7eeMDMRCIrw=
 github.com/go-openapi/errors v0.22.3 h1:k6Hxa5Jg1TUyZnOwV2Lh81j8ayNw5VVYLvKrp4zFKFs=
@@ -609,10 +606,8 @@ github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z
 github.com/gorilla/mux v1.7.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
-github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
@@ -754,8 +749,6 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
 github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
-github.com/jonboulle/clockwork v0.5.0 h1:Hyh9A8u51kptdkR+cqRpT1EebBwTn1oK9YfGYbdFz6I=
-github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7XN3SzBPjZF60=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=
@@ -986,7 +979,6 @@ github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSg
 github.com/pressly/goose/v3 v3.26.0 h1:KJakav68jdH0WDvoAcj8+n61WqOIaPGgH0bJWS6jpmM=
 github.com/pressly/goose/v3 v3.26.0/go.mod h1:4hC1KrritdCxtuFsqgs1R4AU5bWtTAf+cnWvfhf2DNY=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM=
 github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
 github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
@@ -1004,7 +996,6 @@ github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
 github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
-github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
@@ -1019,7 +1010,6 @@ github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57J
 github.com/prometheus/exporter-toolkit v0.14.0 h1:NMlswfibpcZZ+H0sZBiTjrA3/aBFHkNZqE+iCj5EmRg=
 github.com/prometheus/exporter-toolkit v0.14.0/go.mod h1:Gu5LnVvt7Nr/oqTBUC23WILZepW0nffNo10XdhQcwWA=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
@@ -1046,7 +1036,6 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA=
 github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sagikazarmark/crypt v0.6.0/go.mod h1:U8+INwJo3nBv1m6A/8OBXAq7Jnpspk5AxSgDyEQcea8=
 github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
@@ -1069,8 +1058,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
-github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -1084,7 +1071,6 @@ github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
 github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.13.0/go.mod h1:Icm2xNL3/8uyh/wFuB1jI7TiTNKp8632Nwegu+zgdYw=
@@ -1110,7 +1096,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
@@ -1127,8 +1112,6 @@ github.com/thomaspoignant/go-feature-flag v1.42.0/go.mod h1:y0QiWH7chHWhGATb/+Xq
 github.com/tidwall/pretty v0.0.0-20180105212114-65a9db5fad51/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tjhop/slog-gokit v0.1.5 h1:ayloIUi5EK2QYB8eY4DOPO95/mRtMW42lUkp3quJohc=
 github.com/tjhop/slog-gokit v0.1.5/go.mod h1:yA48zAHvV+Sg4z4VRyeFyFUNNXd3JY5Zg84u3USICq0=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o=
 github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk=
@@ -1146,8 +1129,6 @@ github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcY
 github.com/xanzy/go-gitlab v0.15.0/go.mod h1:8zdQa/ri1dfn8eS3Ir1SyfvOKlw7WBJ8DVThkpGiXrs=
 github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I=
 github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y=
-github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk=
-github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -1158,8 +1139,6 @@ github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
 gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
-go.etcd.io/bbolt v1.4.2 h1:IrUHp260R8c+zYx/Tm8QZr04CX+qWS5PGfPdevhdm1I=
-go.etcd.io/bbolt v1.4.2/go.mod h1:Is8rSHO/b4f3XigBC0lL0+4FwAQv3HXEEIgFMuKHceM=
 go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
 go.etcd.io/etcd/api/v3 v3.6.4 h1:7F6N7toCKcV72QmoUKa23yYLiiljMrT4xCeBL9BmXdo=
 go.etcd.io/etcd/api/v3 v3.6.4/go.mod h1:eFhhvfR8Px1P6SEuLT600v+vrhdDTdcfMzmnxVXXSbk=
@@ -1170,12 +1149,6 @@ go.etcd.io/etcd/client/v2 v2.305.4/go.mod h1:Ud+VUwIi9/uQHOMA+4ekToJ12lTxlv0zB/+
 go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY=
 go.etcd.io/etcd/client/v3 v3.6.4 h1:YOMrCfMhRzY8NgtzUsHl8hC2EBSnuqbR3dh84Uryl7A=
 go.etcd.io/etcd/client/v3 v3.6.4/go.mod h1:jaNNHCyg2FdALyKWnd7hxZXZxZANb0+KGY+YQaEMISo=
-go.etcd.io/etcd/pkg/v3 v3.6.4 h1:fy8bmXIec1Q35/jRZ0KOes8vuFxbvdN0aAFqmEfJZWA=
-go.etcd.io/etcd/pkg/v3 v3.6.4/go.mod h1:kKcYWP8gHuBRcteyv6MXWSN0+bVMnfgqiHueIZnKMtE=
-go.etcd.io/etcd/server/v3 v3.6.4 h1:LsCA7CzjVt+8WGrdsnh6RhC0XqCsLkBly3ve5rTxMAU=
-go.etcd.io/etcd/server/v3 v3.6.4/go.mod h1:aYCL/h43yiONOv0QIR82kH/2xZ7m+IWYjzRmyQfnCAg=
-go.etcd.io/raft/v3 v3.6.0 h1:5NtvbDVYpnfZWcIHgGRk9DyzkBIXOi8j+DDp1IcnUWQ=
-go.etcd.io/raft/v3 v3.6.0/go.mod h1:nLvLevg6+xrVtHUmVaTcTz603gQPHfh7kUAwV6YpfGo=
 go.mongodb.org/mongo-driver v1.1.0/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.17.4 h1:jUorfmVzljjr0FLzYQsGP8cgN/qzzxlY9Vh0C9KFXVw=
 go.mongodb.org/mongo-driver v1.17.4/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
@@ -1328,7 +1301,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1740,7 +1712,6 @@ google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba h1:UKgtfRM7Yh93Sya0Fo8ZzhDP4qBckrrxEr2oF5UIVb8=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
-google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -8,24 +8,18 @@ import (

 	"github.com/grafana/grafana-app-sdk/app"
 	"github.com/grafana/grafana-app-sdk/k8s"
-	appsdkapiserver "github.com/grafana/grafana-app-sdk/k8s/apiserver"
 	"github.com/grafana/grafana-app-sdk/logging"
 	"github.com/grafana/grafana-app-sdk/operator"
 	"github.com/grafana/grafana-app-sdk/resource"
 	"github.com/grafana/grafana-app-sdk/simple"
-	advisorapi "github.com/grafana/grafana/apps/advisor/pkg/apis"
 	advisorv0alpha1 "github.com/grafana/grafana/apps/advisor/pkg/apis/advisor/v0alpha1"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checkregistry"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checks"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checkscheduler"
 	"github.com/grafana/grafana/apps/advisor/pkg/app/checktyperegisterer"
 	"github.com/grafana/grafana/pkg/apimachinery/identity"
-	"github.com/grafana/grafana/pkg/services/org"
-	"github.com/grafana/grafana/pkg/setting"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apiserver/pkg/authorization/authorizer"
-	"k8s.io/client-go/rest"
 )

 func New(cfg app.Config) (app.App, error) {
@@ -194,45 +188,3 @@ func GetKinds() map[schema.GroupVersion][]resource.Kind {
 		},
 	}
 }
-
-func ProvideAppInstaller(
-	authorizer authorizer.Authorizer,
-	checkRegistry checkregistry.CheckService,
-	cfg *setting.Cfg,
-	orgService org.Service,
-) (*AdvisorAppInstaller, error) {
-	provider := simple.NewAppProvider(advisorapi.LocalManifest(), nil, New)
-	pluginConfig := cfg.PluginSettings["grafana-advisor-app"]
-	specificConfig := checkregistry.AdvisorAppConfig{
-		CheckRegistry: checkRegistry,
-		PluginConfig:  pluginConfig,
-		StackID:       cfg.StackID,
-		OrgService:    orgService,
-	}
-	appCfg := app.Config{
-		KubeConfig:     rest.Config{},
-		ManifestData:   *advisorapi.LocalManifest().ManifestData,
-		SpecificConfig: specificConfig,
-	}
-
-	defaultInstaller, err := appsdkapiserver.NewDefaultAppInstaller(provider, appCfg, advisorapi.NewGoTypeAssociator())
-	if err != nil {
-		return nil, err
-	}
-
-	installer := &AdvisorAppInstaller{
-		AppInstaller: defaultInstaller,
-		authorizer:   authorizer,
-	}
-
-	return installer, nil
-}
-
-type AdvisorAppInstaller struct {
-	appsdkapiserver.AppInstaller
-	authorizer authorizer.Authorizer
-}
-
-func (a *AdvisorAppInstaller) GetAuthorizer() authorizer.Authorizer {
-	return a.authorizer
-}
@@ -0,0 +1,47 @@
+package app
+
+import (
+	"context"
+
+	claims "github.com/grafana/authlib/types"
+	"github.com/grafana/grafana/pkg/apimachinery/identity"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+func GetAuthorizer() authorizer.Authorizer {
+	return authorizer.AuthorizerFunc(func(
+		ctx context.Context, attr authorizer.Attributes,
+	) (authorized authorizer.Decision, reason string, err error) {
+		if !attr.IsResourceRequest() {
+			return authorizer.DecisionNoOpinion, "", nil
+		}
+
+		// Check for service identity
+		if identity.IsServiceIdentity(ctx) {
+			return authorizer.DecisionAllow, "", nil
+		}
+
+		// Check for access policy identity
+		info, ok := claims.AuthInfoFrom(ctx)
+		if ok && claims.IsIdentityType(info.GetIdentityType(), claims.TypeAccessPolicy) {
+			// For access policy identities, we need to use ResourceAuthorizer
+			// This requires an AccessClient, which should be provided by the API server
+			// For now, we'll use the default ResourceAuthorizer from the API server
+			// This will be set up by the API server's authorization chain
+			return authorizer.DecisionNoOpinion, "", nil
+		}
+
+		// For regular Grafana users, check if they are admin
+		u, err := identity.GetRequester(ctx)
+		if err != nil {
+			return authorizer.DecisionDeny, "valid user is required", err
+		}
+
+		// check if is admin
+		if u.HasRole(identity.RoleAdmin) {
+			return authorizer.DecisionAllow, "", nil
+		}
+
+		return authorizer.DecisionDeny, "forbidden", nil
+	})
+}
@@ -0,0 +1,91 @@
+package app
+
+import (
+	"context"
+	"testing"
+
+	claims "github.com/grafana/authlib/types"
+	"github.com/grafana/grafana/pkg/apimachinery/identity"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apiserver/pkg/authorization/authorizer"
+)
+
+func TestGetAuthorizer(t *testing.T) {
+	tests := []struct {
+		name             string
+		ctx              context.Context
+		attr             authorizer.Attributes
+		expectedDecision authorizer.Decision
+		expectedReason   string
+		expectedErr      error
+	}{
+		{
+			name:             "non-resource request",
+			ctx:              context.TODO(),
+			attr:             &mockAttributes{resourceRequest: false},
+			expectedDecision: authorizer.DecisionNoOpinion,
+			expectedReason:   "",
+			expectedErr:      nil,
+		},
+		{
+			name:             "user is admin",
+			ctx:              identity.WithRequester(context.TODO(), &mockUser{isGrafanaAdmin: true}),
+			attr:             &mockAttributes{resourceRequest: true},
+			expectedDecision: authorizer.DecisionAllow,
+			expectedReason:   "",
+			expectedErr:      nil,
+		},
+		{
+			name:             "user is not admin",
+			ctx:              identity.WithRequester(context.TODO(), &mockUser{isGrafanaAdmin: false}),
+			attr:             &mockAttributes{resourceRequest: true},
+			expectedDecision: authorizer.DecisionDeny,
+			expectedReason:   "forbidden",
+			expectedErr:      nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			auth := GetAuthorizer()
+			decision, reason, err := auth.Authorize(tt.ctx, tt.attr)
+			assert.Equal(t, tt.expectedDecision, decision)
+			assert.Equal(t, tt.expectedReason, reason)
+			assert.Equal(t, tt.expectedErr, err)
+		})
+	}
+}
+
+type mockAttributes struct {
+	authorizer.Attributes
+	resourceRequest bool
+}
+
+func (m *mockAttributes) IsResourceRequest() bool {
+	return m.resourceRequest
+}
+
+// Implement other methods of authorizer.Attributes as needed
+
+type mockUser struct {
+	identity.Requester
+	isGrafanaAdmin bool
+}
+
+func (m *mockUser) GetIsGrafanaAdmin() bool {
+	return m.isGrafanaAdmin
+}
+
+func (m *mockUser) HasRole(role identity.RoleType) bool {
+	return role == identity.RoleAdmin && m.isGrafanaAdmin
+}
+
+func (m *mockUser) GetUID() string {
+	return "test-uid"
+}
+
+func (m *mockUser) GetIdentityType() claims.IdentityType {
+	return claims.TypeUser
+}
+
+// Implement other methods of identity.Requester as needed
@@ -4,7 +4,7 @@ go 1.25.5

 require (
 	github.com/go-kit/log v0.2.1
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba
 	github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4
 	github.com/grafana/grafana-app-sdk v0.48.5
 	github.com/grafana/grafana-app-sdk/logging v0.48.3
@@ -216,10 +216,12 @@ github.com/google/pprof v0.0.0-20250403155104-27863c87afa6/go.mod h1:boTsfXsheKC
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/grafana/grafana-app-sdk v0.48.5 h1:MS8l9fTZz+VbTfgApn09jw27GxhQ6fNOWGhC4ydvZmM=
+github.com/grafana/grafana-app-sdk v0.48.5/go.mod h1:HJsMOSBmt/D/Ihs1SvagOwmXKi0coBMVHlfvdd+qe9Y=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4 h1:jSojuc7njleS3UOz223WDlXOinmuLAIPI0z2vtq8EgI=
 github.com/grafana/dskit v0.0.0-20250908063411-6b6da59b5cc4/go.mod h1:VahT+GtfQIM+o8ht2StR6J9g+Ef+C2Vokh5uuSmOD/4=
 github.com/grafana/grafana-app-sdk v0.48.5 h1:MS8l9fTZz+VbTfgApn09jw27GxhQ6fNOWGhC4ydvZmM=
@@ -9,7 +9,6 @@ require (
 	github.com/grafana/grafana-app-sdk/logging v0.48.3
 	github.com/grafana/grafana-plugin-sdk-go v0.284.0
 	github.com/grafana/grafana/pkg/apimachinery v0.0.0-20250514132646-acbc7b54ed9e
-	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/prometheus/client_golang v1.23.2
 	github.com/stretchr/testify v1.11.1
 	k8s.io/apimachinery v0.34.2
@@ -58,6 +57,7 @@ require (
 	github.com/hashicorp/go-hclog v1.6.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.7.0 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/yamux v0.1.2 // indirect
 	github.com/jaegertracing/jaeger-idl v0.5.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -1,603 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v1beta1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    },
-    "annotations": {},
-    "managedFields": []
-  },
-  "spec": {
-    "annotations": {
-      "list": [
-        {
-          "builtIn": 1,
-          "datasource": {
-            "type": "grafana",
-            "uid": "-- Grafana --"
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations & Alerts",
-          "type": "dashboard"
-        }
-      ]
-    },
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "fiscalYearStartMonth": 0,
-    "graphTooltip": 0,
-    "links": [],
-    "panels": [
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "critical": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Critical!"
-                  },
-                  "warning": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  },
-                  "ok": {
-                    "color": "green",
-                    "index": 2,
-                    "text": "OK"
-                  }
-                },
-                "type": "value"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 100
-                },
-                {
-                  "id": "custom.align",
-                  "value": "center"
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 0
-        },
-        "id": 1,
-        "targets": [
-          {
-            "expr": "up",
-            "refId": "A"
-          }
-        ],
-        "title": "ValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "from": 0,
-                  "to": 50,
-                  "result": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Low"
-                  }
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 50,
-                  "to": 80,
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Medium"
-                  }
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 80,
-                  "to": 100,
-                  "result": {
-                    "color": "red",
-                    "index": 2,
-                    "text": "High"
-                  }
-                },
-                "type": "range"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^cpu_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "percent"
-                },
-                {
-                  "id": "decimals",
-                  "value": 2
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 0
-        },
-        "id": 2,
-        "targets": [
-          {
-            "expr": "cpu_usage_percent",
-            "refId": "A"
-          }
-        ],
-        "title": "RangeMap Example",
-        "type": "gauge"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "pattern": "/^error.*/",
-                  "result": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Error"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^warn.*/",
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^info.*/",
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "Info"
-                  }
-                },
-                "type": "regex"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "string"
-              },
-              "properties": [
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-text"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 8
-        },
-        "id": 3,
-        "targets": [
-          {
-            "expr": "log_level",
-            "refId": "A"
-          }
-        ],
-        "title": "RegexMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 0,
-                    "text": "No Data"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 1,
-                    "text": "Not a Number"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "null+nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 2,
-                    "text": "N/A"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "true",
-                  "result": {
-                    "color": "green",
-                    "index": 3,
-                    "text": "Yes"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "false",
-                  "result": {
-                    "color": "red",
-                    "index": 4,
-                    "text": "No"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "empty",
-                  "result": {
-                    "color": "gray",
-                    "index": 5,
-                    "text": "Empty"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "A"
-              },
-              "properties": [
-                {
-                  "id": "color",
-                  "value": {
-                    "mode": "fixed",
-                    "fixedColor": "blue"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 8
-        },
-        "id": 4,
-        "targets": [
-          {
-            "expr": "some_metric",
-            "refId": "A"
-          }
-        ],
-        "title": "SpecialValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "success": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Success"
-                  },
-                  "failure": {
-                    "color": "red",
-                    "index": 1,
-                    "text": "Failure"
-                  }
-                },
-                "type": "value"
-              },
-              {
-                "options": {
-                  "from": 0,
-                  "to": 100,
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "In Range"
-                  }
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "pattern": "/^[A-Z]{3}-\\d+$/",
-                  "result": {
-                    "color": "purple",
-                    "index": 3,
-                    "text": "ID Format"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 4,
-                    "text": "Missing"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 120
-                },
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-background"
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^value_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "short"
-                },
-                {
-                  "id": "min",
-                  "value": 0
-                },
-                {
-                  "id": "max",
-                  "value": 100
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "number"
-              },
-              "properties": [
-                {
-                  "id": "decimals",
-                  "value": 2
-                },
-                {
-                  "id": "thresholds",
-                  "value": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "yellow",
-                        "value": 50
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "B"
-              },
-              "properties": [
-                {
-                  "id": "displayName",
-                  "value": "Secondary Query"
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byValue",
-                "options": {
-                  "reducer": "allIsNull",
-                  "op": "gte",
-                  "value": 0
-                }
-              },
-              "properties": [
-                {
-                  "id": "custom.hidden",
-                  "value": true
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 24,
-          "x": 0,
-          "y": 16
-        },
-        "id": 5,
-        "targets": [
-          {
-            "expr": "combined_metric",
-            "refId": "A"
-          },
-          {
-            "expr": "secondary_metric",
-            "refId": "B"
-          }
-        ],
-        "title": "Combined Mappings and Overrides Example",
-        "type": "table"
-      }
-    ],
-    "schemaVersion": 42,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "templating": {
-      "list": []
-    },
-    "time": {
-      "from": "now-6h",
-      "to": "now"
-    },
-    "timepicker": {},
-    "timezone": "browser",
-    "title": "Value Mapping and Overrides Test",
-    "weekStart": ""
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v0alpha1"
-    }
-  },
-  "access": {
-    "slug": "value-mapping-test",
-    "url": "/d/value-mapping-test/value-mapping-and-overrides-test",
-    "canSave": true,
-    "canEdit": true,
-    "canAdmin": true,
-    "canStar": true,
-    "canDelete": true,
-    "annotationsPermissions": {
-      "dashboard": {
-        "canAdd": true,
-        "canEdit": true,
-        "canDelete": true
-      },
-      "organization": {
-        "canAdd": true,
-        "canEdit": true,
-        "canDelete": true
-      }
-    }
-  }
-}
@@ -530,7 +530,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -546,7 +546,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -548,7 +548,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -574,7 +574,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -1663,7 +1663,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -1727,7 +1727,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -328,7 +328,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -335,7 +335,7 @@
            "kind": "RowsLayoutRow",
            "spec": {
              "title": "",
-              "collapse": false,
+              "collapse": true,
              "hideHeader": true,
              "layout": {
                "kind": "GridLayout",
@@ -1,580 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v0alpha1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    }
-  },
-  "spec": {
-    "annotations": {
-      "list": [
-        {
-          "builtIn": 1,
-          "datasource": {
-            "type": "grafana",
-            "uid": "-- Grafana --"
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations \u0026 Alerts",
-          "type": "dashboard"
-        }
-      ]
-    },
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "fiscalYearStartMonth": 0,
-    "graphTooltip": 0,
-    "links": [],
-    "panels": [
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "critical": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Critical!"
-                  },
-                  "ok": {
-                    "color": "green",
-                    "index": 2,
-                    "text": "OK"
-                  },
-                  "warning": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  }
-                },
-                "type": "value"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 100
-                },
-                {
-                  "id": "custom.align",
-                  "value": "center"
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 0
-        },
-        "id": 1,
-        "targets": [
-          {
-            "expr": "up",
-            "refId": "A"
-          }
-        ],
-        "title": "ValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "from": 0,
-                  "result": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Low"
-                  },
-                  "to": 50
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 50,
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Medium"
-                  },
-                  "to": 80
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "from": 80,
-                  "result": {
-                    "color": "red",
-                    "index": 2,
-                    "text": "High"
-                  },
-                  "to": 100
-                },
-                "type": "range"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^cpu_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "percent"
-                },
-                {
-                  "id": "decimals",
-                  "value": 2
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 0
-        },
-        "id": 2,
-        "targets": [
-          {
-            "expr": "cpu_usage_percent",
-            "refId": "A"
-          }
-        ],
-        "title": "RangeMap Example",
-        "type": "gauge"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "pattern": "/^error.*/",
-                  "result": {
-                    "color": "red",
-                    "index": 0,
-                    "text": "Error"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^warn.*/",
-                  "result": {
-                    "color": "orange",
-                    "index": 1,
-                    "text": "Warning"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "pattern": "/^info.*/",
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "Info"
-                  }
-                },
-                "type": "regex"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "string"
-              },
-              "properties": [
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-text"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 0,
-          "y": 8
-        },
-        "id": 3,
-        "targets": [
-          {
-            "expr": "log_level",
-            "refId": "A"
-          }
-        ],
-        "title": "RegexMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 0,
-                    "text": "No Data"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 1,
-                    "text": "Not a Number"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "null+nan",
-                  "result": {
-                    "color": "gray",
-                    "index": 2,
-                    "text": "N/A"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "true",
-                  "result": {
-                    "color": "green",
-                    "index": 3,
-                    "text": "Yes"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "false",
-                  "result": {
-                    "color": "red",
-                    "index": 4,
-                    "text": "No"
-                  }
-                },
-                "type": "special"
-              },
-              {
-                "options": {
-                  "match": "empty",
-                  "result": {
-                    "color": "gray",
-                    "index": 5,
-                    "text": "Empty"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "A"
-              },
-              "properties": [
-                {
-                  "id": "color",
-                  "value": {
-                    "fixedColor": "blue",
-                    "mode": "fixed"
-                  }
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 12,
-          "x": 12,
-          "y": 8
-        },
-        "id": 4,
-        "targets": [
-          {
-            "expr": "some_metric",
-            "refId": "A"
-          }
-        ],
-        "title": "SpecialValueMap Example",
-        "type": "stat"
-      },
-      {
-        "datasource": {
-          "type": "prometheus",
-          "uid": "prometheus-uid"
-        },
-        "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-        "fieldConfig": {
-          "defaults": {
-            "mappings": [
-              {
-                "options": {
-                  "failure": {
-                    "color": "red",
-                    "index": 1,
-                    "text": "Failure"
-                  },
-                  "success": {
-                    "color": "green",
-                    "index": 0,
-                    "text": "Success"
-                  }
-                },
-                "type": "value"
-              },
-              {
-                "options": {
-                  "from": 0,
-                  "result": {
-                    "color": "blue",
-                    "index": 2,
-                    "text": "In Range"
-                  },
-                  "to": 100
-                },
-                "type": "range"
-              },
-              {
-                "options": {
-                  "pattern": "/^[A-Z]{3}-\\d+$/",
-                  "result": {
-                    "color": "purple",
-                    "index": 3,
-                    "text": "ID Format"
-                  }
-                },
-                "type": "regex"
-              },
-              {
-                "options": {
-                  "match": "null",
-                  "result": {
-                    "color": "gray",
-                    "index": 4,
-                    "text": "Missing"
-                  }
-                },
-                "type": "special"
-              }
-            ]
-          },
-          "overrides": [
-            {
-              "matcher": {
-                "id": "byName",
-                "options": "status"
-              },
-              "properties": [
-                {
-                  "id": "custom.width",
-                  "value": 120
-                },
-                {
-                  "id": "custom.cellOptions",
-                  "value": {
-                    "type": "color-background"
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byRegexp",
-                "options": "/^value_/"
-              },
-              "properties": [
-                {
-                  "id": "unit",
-                  "value": "short"
-                },
-                {
-                  "id": "min",
-                  "value": 0
-                },
-                {
-                  "id": "max",
-                  "value": 100
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byType",
-                "options": "number"
-              },
-              "properties": [
-                {
-                  "id": "decimals",
-                  "value": 2
-                },
-                {
-                  "id": "thresholds",
-                  "value": {
-                    "mode": "absolute",
-                    "steps": [
-                      {
-                        "color": "green",
-                        "value": null
-                      },
-                      {
-                        "color": "yellow",
-                        "value": 50
-                      },
-                      {
-                        "color": "red",
-                        "value": 80
-                      }
-                    ]
-                  }
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byFrameRefID",
-                "options": "B"
-              },
-              "properties": [
-                {
-                  "id": "displayName",
-                  "value": "Secondary Query"
-                }
-              ]
-            },
-            {
-              "matcher": {
-                "id": "byValue",
-                "options": {
-                  "op": "gte",
-                  "reducer": "allIsNull",
-                  "value": 0
-                }
-              },
-              "properties": [
-                {
-                  "id": "custom.hidden",
-                  "value": true
-                }
-              ]
-            }
-          ]
-        },
-        "gridPos": {
-          "h": 8,
-          "w": 24,
-          "x": 0,
-          "y": 16
-        },
-        "id": 5,
-        "targets": [
-          {
-            "expr": "combined_metric",
-            "refId": "A"
-          },
-          {
-            "expr": "secondary_metric",
-            "refId": "B"
-          }
-        ],
-        "title": "Combined Mappings and Overrides Example",
-        "type": "table"
-      }
-    ],
-    "schemaVersion": 42,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "templating": {
-      "list": []
-    },
-    "time": {
-      "from": "now-6h",
-      "to": "now"
-    },
-    "timepicker": {},
-    "timezone": "browser",
-    "title": "Value Mapping and Overrides Test",
-    "weekStart": ""
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v1beta1"
-    }
-  }
-}
@@ -1,783 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v2alpha1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    }
-  },
-  "spec": {
-    "annotations": [
-      {
-        "kind": "AnnotationQuery",
-        "spec": {
-          "datasource": {
-            "type": "grafana",
-            "uid": "-- Grafana --"
-          },
-          "query": {
-            "kind": "grafana",
-            "spec": {}
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations \u0026 Alerts",
-          "builtIn": true,
-          "legacyOptions": {
-            "type": "dashboard"
-          }
-        }
-      }
-    ],
-    "cursorSync": "Off",
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "elements": {
-      "panel-1": {
-        "kind": "Panel",
-        "spec": {
-          "id": 1,
-          "title": "ValueMap Example",
-          "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "up"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "stat",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "critical": {
-                          "text": "Critical!",
-                          "color": "red",
-                          "index": 0
-                        },
-                        "ok": {
-                          "text": "OK",
-                          "color": "green",
-                          "index": 2
-                        },
-                        "warning": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 100
-                      },
-                      {
-                        "id": "custom.align",
-                        "value": "center"
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-2": {
-        "kind": "Panel",
-        "spec": {
-          "id": 2,
-          "title": "RangeMap Example",
-          "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "cpu_usage_percent"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "gauge",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 50,
-                        "result": {
-                          "text": "Low",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 50,
-                        "to": 80,
-                        "result": {
-                          "text": "Medium",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 80,
-                        "to": 100,
-                        "result": {
-                          "text": "High",
-                          "color": "red",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^cpu_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "percent"
-                      },
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-3": {
-        "kind": "Panel",
-        "spec": {
-          "id": 3,
-          "title": "RegexMap Example",
-          "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "log_level"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "stat",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^error.*/",
-                        "result": {
-                          "text": "Error",
-                          "color": "red",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^warn.*/",
-                        "result": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^info.*/",
-                        "result": {
-                          "text": "Info",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "string"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-text"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-4": {
-        "kind": "Panel",
-        "spec": {
-          "id": 4,
-          "title": "SpecialValueMap Example",
-          "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "some_metric"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "stat",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "No Data",
-                          "color": "gray",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "nan",
-                        "result": {
-                          "text": "Not a Number",
-                          "color": "gray",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null+nan",
-                        "result": {
-                          "text": "N/A",
-                          "color": "gray",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "true",
-                        "result": {
-                          "text": "Yes",
-                          "color": "green",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "false",
-                        "result": {
-                          "text": "No",
-                          "color": "red",
-                          "index": 4
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "empty",
-                        "result": {
-                          "text": "Empty",
-                          "color": "gray",
-                          "index": 5
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "A"
-                    },
-                    "properties": [
-                      {
-                        "id": "color",
-                        "value": {
-                          "fixedColor": "blue",
-                          "mode": "fixed"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-5": {
-        "kind": "Panel",
-        "spec": {
-          "id": 5,
-          "title": "Combined Mappings and Overrides Example",
-          "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "combined_metric"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                },
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "prometheus",
-                      "spec": {
-                        "expr": "secondary_metric"
-                      }
-                    },
-                    "datasource": {
-                      "type": "prometheus",
-                      "uid": "prometheus-uid"
-                    },
-                    "refId": "B",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "table",
-            "spec": {
-              "pluginVersion": "",
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "failure": {
-                          "text": "Failure",
-                          "color": "red",
-                          "index": 1
-                        },
-                        "success": {
-                          "text": "Success",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 100,
-                        "result": {
-                          "text": "In Range",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^[A-Z]{3}-\\d+$/",
-                        "result": {
-                          "text": "ID Format",
-                          "color": "purple",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "Missing",
-                          "color": "gray",
-                          "index": 4
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 120
-                      },
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-background"
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^value_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "short"
-                      },
-                      {
-                        "id": "min",
-                        "value": 0
-                      },
-                      {
-                        "id": "max",
-                        "value": 100
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "number"
-                    },
-                    "properties": [
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      },
-                      {
-                        "id": "thresholds",
-                        "value": {
-                          "mode": "absolute",
-                          "steps": [
-                            {
-                              "color": "green",
-                              "value": null
-                            },
-                            {
-                              "color": "yellow",
-                              "value": 50
-                            },
-                            {
-                              "color": "red",
-                              "value": 80
-                            }
-                          ]
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "B"
-                    },
-                    "properties": [
-                      {
-                        "id": "displayName",
-                        "value": "Secondary Query"
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byValue",
-                      "options": {
-                        "op": "gte",
-                        "reducer": "allIsNull",
-                        "value": 0
-                      }
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.hidden",
-                        "value": true
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      }
-    },
-    "layout": {
-      "kind": "GridLayout",
-      "spec": {
-        "items": [
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-1"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-2"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-3"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-4"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 16,
-              "width": 24,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-5"
-              }
-            }
-          }
-        ]
-      }
-    },
-    "links": [],
-    "liveNow": false,
-    "preload": false,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "timeSettings": {
-      "timezone": "browser",
-      "from": "now-6h",
-      "to": "now",
-      "autoRefresh": "",
-      "autoRefreshIntervals": [
-        "5s",
-        "10s",
-        "30s",
-        "1m",
-        "5m",
-        "15m",
-        "30m",
-        "1h",
-        "2h",
-        "1d"
-      ],
-      "hideTimepicker": false,
-      "fiscalYearStartMonth": 0
-    },
-    "title": "Value Mapping and Overrides Test",
-    "variables": []
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v1beta1"
-    }
-  }
-}
@@ -1,795 +0,0 @@
-{
-  "kind": "DashboardWithAccessInfo",
-  "apiVersion": "dashboard.grafana.app/v2beta1",
-  "metadata": {
-    "name": "value-mapping-test",
-    "namespace": "default",
-    "uid": "value-mapping-test",
-    "resourceVersion": "1765384157199094",
-    "generation": 2,
-    "creationTimestamp": "2025-11-19T20:09:28Z",
-    "labels": {
-      "grafana.app/deprecatedInternalID": "646372978987008"
-    }
-  },
-  "spec": {
-    "annotations": [
-      {
-        "kind": "AnnotationQuery",
-        "spec": {
-          "query": {
-            "kind": "DataQuery",
-            "group": "grafana",
-            "version": "v0",
-            "datasource": {
-              "name": "-- Grafana --"
-            },
-            "spec": {}
-          },
-          "enable": true,
-          "hide": true,
-          "iconColor": "rgba(0, 211, 255, 1)",
-          "name": "Annotations \u0026 Alerts",
-          "builtIn": true,
-          "legacyOptions": {
-            "type": "dashboard"
-          }
-        }
-      }
-    ],
-    "cursorSync": "Off",
-    "description": "Test dashboard for all value mapping types and override matcher types",
-    "editable": true,
-    "elements": {
-      "panel-1": {
-        "kind": "Panel",
-        "spec": {
-          "id": 1,
-          "title": "ValueMap Example",
-          "description": "Panel with ValueMap mapping type - maps specific text values to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "up"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "stat",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "critical": {
-                          "text": "Critical!",
-                          "color": "red",
-                          "index": 0
-                        },
-                        "ok": {
-                          "text": "OK",
-                          "color": "green",
-                          "index": 2
-                        },
-                        "warning": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 100
-                      },
-                      {
-                        "id": "custom.align",
-                        "value": "center"
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-2": {
-        "kind": "Panel",
-        "spec": {
-          "id": 2,
-          "title": "RangeMap Example",
-          "description": "Panel with RangeMap mapping type - maps numerical ranges to colors and display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "cpu_usage_percent"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "gauge",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 50,
-                        "result": {
-                          "text": "Low",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 50,
-                        "to": 80,
-                        "result": {
-                          "text": "Medium",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 80,
-                        "to": 100,
-                        "result": {
-                          "text": "High",
-                          "color": "red",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^cpu_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "percent"
-                      },
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-3": {
-        "kind": "Panel",
-        "spec": {
-          "id": 3,
-          "title": "RegexMap Example",
-          "description": "Panel with RegexMap mapping type - maps values matching regex patterns to colors",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "log_level"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "stat",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^error.*/",
-                        "result": {
-                          "text": "Error",
-                          "color": "red",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^warn.*/",
-                        "result": {
-                          "text": "Warning",
-                          "color": "orange",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^info.*/",
-                        "result": {
-                          "text": "Info",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "string"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-text"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-4": {
-        "kind": "Panel",
-        "spec": {
-          "id": 4,
-          "title": "SpecialValueMap Example",
-          "description": "Panel with SpecialValueMap mapping type - maps special values like null, NaN, true, false to display text",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "some_metric"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "stat",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "No Data",
-                          "color": "gray",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "nan",
-                        "result": {
-                          "text": "Not a Number",
-                          "color": "gray",
-                          "index": 1
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null+nan",
-                        "result": {
-                          "text": "N/A",
-                          "color": "gray",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "true",
-                        "result": {
-                          "text": "Yes",
-                          "color": "green",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "false",
-                        "result": {
-                          "text": "No",
-                          "color": "red",
-                          "index": 4
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "empty",
-                        "result": {
-                          "text": "Empty",
-                          "color": "gray",
-                          "index": 5
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "A"
-                    },
-                    "properties": [
-                      {
-                        "id": "color",
-                        "value": {
-                          "fixedColor": "blue",
-                          "mode": "fixed"
-                        }
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      },
-      "panel-5": {
-        "kind": "Panel",
-        "spec": {
-          "id": 5,
-          "title": "Combined Mappings and Overrides Example",
-          "description": "Panel with all mapping types combined - demonstrates mixing different mapping types and multiple override matchers",
-          "links": [],
-          "data": {
-            "kind": "QueryGroup",
-            "spec": {
-              "queries": [
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "combined_metric"
-                      }
-                    },
-                    "refId": "A",
-                    "hidden": false
-                  }
-                },
-                {
-                  "kind": "PanelQuery",
-                  "spec": {
-                    "query": {
-                      "kind": "DataQuery",
-                      "group": "prometheus",
-                      "version": "v0",
-                      "datasource": {
-                        "name": "prometheus-uid"
-                      },
-                      "spec": {
-                        "expr": "secondary_metric"
-                      }
-                    },
-                    "refId": "B",
-                    "hidden": false
-                  }
-                }
-              ],
-              "transformations": [],
-              "queryOptions": {}
-            }
-          },
-          "vizConfig": {
-            "kind": "VizConfig",
-            "group": "table",
-            "version": "",
-            "spec": {
-              "options": {},
-              "fieldConfig": {
-                "defaults": {
-                  "mappings": [
-                    {
-                      "type": "value",
-                      "options": {
-                        "failure": {
-                          "text": "Failure",
-                          "color": "red",
-                          "index": 1
-                        },
-                        "success": {
-                          "text": "Success",
-                          "color": "green",
-                          "index": 0
-                        }
-                      }
-                    },
-                    {
-                      "type": "range",
-                      "options": {
-                        "from": 0,
-                        "to": 100,
-                        "result": {
-                          "text": "In Range",
-                          "color": "blue",
-                          "index": 2
-                        }
-                      }
-                    },
-                    {
-                      "type": "regex",
-                      "options": {
-                        "pattern": "/^[A-Z]{3}-\\d+$/",
-                        "result": {
-                          "text": "ID Format",
-                          "color": "purple",
-                          "index": 3
-                        }
-                      }
-                    },
-                    {
-                      "type": "special",
-                      "options": {
-                        "match": "null",
-                        "result": {
-                          "text": "Missing",
-                          "color": "gray",
-                          "index": 4
-                        }
-                      }
-                    }
-                  ]
-                },
-                "overrides": [
-                  {
-                    "matcher": {
-                      "id": "byName",
-                      "options": "status"
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.width",
-                        "value": 120
-                      },
-                      {
-                        "id": "custom.cellOptions",
-                        "value": {
-                          "type": "color-background"
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byRegexp",
-                      "options": "/^value_/"
-                    },
-                    "properties": [
-                      {
-                        "id": "unit",
-                        "value": "short"
-                      },
-                      {
-                        "id": "min",
-                        "value": 0
-                      },
-                      {
-                        "id": "max",
-                        "value": 100
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byType",
-                      "options": "number"
-                    },
-                    "properties": [
-                      {
-                        "id": "decimals",
-                        "value": 2
-                      },
-                      {
-                        "id": "thresholds",
-                        "value": {
-                          "mode": "absolute",
-                          "steps": [
-                            {
-                              "color": "green",
-                              "value": null
-                            },
-                            {
-                              "color": "yellow",
-                              "value": 50
-                            },
-                            {
-                              "color": "red",
-                              "value": 80
-                            }
-                          ]
-                        }
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byFrameRefID",
-                      "options": "B"
-                    },
-                    "properties": [
-                      {
-                        "id": "displayName",
-                        "value": "Secondary Query"
-                      }
-                    ]
-                  },
-                  {
-                    "matcher": {
-                      "id": "byValue",
-                      "options": {
-                        "op": "gte",
-                        "reducer": "allIsNull",
-                        "value": 0
-                      }
-                    },
-                    "properties": [
-                      {
-                        "id": "custom.hidden",
-                        "value": true
-                      }
-                    ]
-                  }
-                ]
-              }
-            }
-          }
-        }
-      }
-    },
-    "layout": {
-      "kind": "GridLayout",
-      "spec": {
-        "items": [
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-1"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 0,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-2"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-3"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 12,
-              "y": 8,
-              "width": 12,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-4"
-              }
-            }
-          },
-          {
-            "kind": "GridLayoutItem",
-            "spec": {
-              "x": 0,
-              "y": 16,
-              "width": 24,
-              "height": 8,
-              "element": {
-                "kind": "ElementReference",
-                "name": "panel-5"
-              }
-            }
-          }
-        ]
-      }
-    },
-    "links": [],
-    "liveNow": false,
-    "preload": false,
-    "tags": [
-      "value-mapping",
-      "overrides",
-      "test"
-    ],
-    "timeSettings": {
-      "timezone": "browser",
-      "from": "now-6h",
-      "to": "now",
-      "autoRefresh": "",
-      "autoRefreshIntervals": [
-        "5s",
-        "10s",
-        "30s",
-        "1m",
-        "5m",
-        "15m",
-        "30m",
-        "1h",
-        "2h",
-        "1d"
-      ],
-      "hideTimepicker": false,
-      "fiscalYearStartMonth": 0
-    },
-    "title": "Value Mapping and Overrides Test",
-    "variables": []
-  },
-  "status": {
-    "conversion": {
-      "failed": false,
-      "storedVersion": "v1beta1"
-    }
-  }
-}
@@ -501,9 +501,11 @@ func convertToRowsLayout(ctx context.Context, panels []interface{}, dsIndexProvi

 			if currentRow != nil {
 				// If currentRow is a hidden-header row (panels before first explicit row),
-				// it should not be collapsed because it will disappear and be visible only in edit mode
+				// set its collapse to match the first explicit row's collapsed value
+				// This matches frontend behavior: collapse: panel.collapsed
 				if currentRow.Spec.HideHeader != nil && *currentRow.Spec.HideHeader {
-					currentRow.Spec.Collapse = &[]bool{false}[0]
+					rowCollapsed := getBoolField(panelMap, "collapsed", false)
+					currentRow.Spec.Collapse = &rowCollapsed
 				}
 				// Flush current row to layout
 				rows = append(rows, *currentRow)
@@ -2020,9 +2022,6 @@ func transformPanelQueries(ctx context.Context, panelMap map[string]interface{},

 func transformSingleQuery(ctx context.Context, targetMap map[string]interface{}, panelDatasource *dashv2alpha1.DashboardDataSourceRef, dsIndexProvider schemaversion.DataSourceIndexProvider) dashv2alpha1.DashboardPanelQueryKind {
 	refId := schemaversion.GetStringValue(targetMap, "refId", "A")
-	if refId == "" {
-		refId = "A"
-	}
 	hidden := getBoolField(targetMap, "hide", false)

 	// Extract datasource from query or use panel datasource
@@ -2519,15 +2518,22 @@ func buildRegexMap(mappingMap map[string]interface{}) *dashv2alpha1.DashboardReg
 	regexMap := &dashv2alpha1.DashboardRegexMap{}
 	regexMap.Type = dashv2alpha1.DashboardMappingTypeRegex

-	optMap, ok := mappingMap["options"].(map[string]interface{})
+	opts, ok := mappingMap["options"].([]interface{})
+	if !ok || len(opts) == 0 {
+		return nil
+	}
+
+	optMap, ok := opts[0].(map[string]interface{})
 	if !ok {
 		return nil
 	}

 	r := dashv2alpha1.DashboardV2alpha1RegexMapOptions{}
-	if pattern, ok := optMap["pattern"].(string); ok {
+	if pattern, ok := optMap["regex"].(string); ok {
 		r.Pattern = pattern
 	}
+
+	// Result is a DashboardValueMappingResult
 	if resMap, ok := optMap["result"].(map[string]interface{}); ok {
 		r.Result = buildValueMappingResult(resMap)
 	}
@@ -5,11 +5,12 @@ import (
 	"sync"
 	"time"

-	"github.com/hashicorp/golang-lru/v2/expirable"
-	"k8s.io/apiserver/pkg/endpoints/request"
-
 	"github.com/grafana/authlib/types"
-	"github.com/grafana/grafana-app-sdk/logging"
+	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/hashicorp/golang-lru/v2/expirable"
+	k8srequest "k8s.io/apiserver/pkg/endpoints/request"
+
+	"github.com/grafana/grafana/pkg/services/apiserver/endpoints/request"
 )

 const defaultCacheSize = 1000
@@ -31,15 +32,17 @@ type cachedProvider[T any] struct {
 	fetch    func(context.Context) T
 	cache    *expirable.LRU[string, T] // LRU cache: namespace to cache entry
 	inFlight sync.Map                  // map[string]*sync.Mutex - per-namespace fetch locks
+	logger   log.Logger
 }

 // newCachedProvider creates a new cachedProvider.
 // The fetch function should be able to handle context with different namespaces.
 // A non-positive size turns LRU mechanism off (cache of unlimited size).
 // A non-positive cacheTTL disables TTL expiration.
-func newCachedProvider[T any](fetch func(context.Context) T, size int, cacheTTL time.Duration) *cachedProvider[T] {
+func newCachedProvider[T any](fetch func(context.Context) T, size int, cacheTTL time.Duration, logger log.Logger) *cachedProvider[T] {
 	cacheProvider := &cachedProvider[T]{
-		fetch: fetch,
+		fetch:  fetch,
+		logger: logger,
 	}
 	cacheProvider.cache = expirable.NewLRU(size, func(key string, value T) {
 		cacheProvider.inFlight.Delete(key)
@@ -50,13 +53,14 @@ func newCachedProvider[T any](fetch func(context.Context) T, size int, cacheTTL
 // Get returns the cached value if it's still valid, otherwise calls fetch and caches the result.
 func (p *cachedProvider[T]) Get(ctx context.Context) T {
 	// Get namespace info from ctx
-	namespace, ok := request.NamespaceFrom(ctx)
-	if !ok {
+	nsInfo, err := request.NamespaceInfoFrom(ctx, true)
+	if err != nil {
 		// No namespace, fall back to direct fetch call without caching
-		logging.FromContext(ctx).Warn("Unable to get namespace info from context, skipping cache")
+		p.logger.Warn("Unable to get namespace info from context, skipping cache", "error", err)
 		return p.fetch(ctx)
 	}

+	namespace := nsInfo.Value
 	// Fast path: check if cache is still valid
 	if entry, ok := p.cache.Get(namespace); ok {
 		return entry
@@ -77,7 +81,7 @@ func (p *cachedProvider[T]) Get(ctx context.Context) T {
 	}

 	// Fetch outside the main lock - only this namespace is blocked
-	logging.FromContext(ctx).Debug("cache miss or expired, fetching new value", "namespace", namespace)
+	p.logger.Debug("cache miss or expired, fetching new value", "namespace", namespace)
 	value := p.fetch(ctx)

 	// Update the cache for this namespace
@@ -89,12 +93,12 @@ func (p *cachedProvider[T]) Get(ctx context.Context) T {
 // Preload loads data into the cache for the given namespaces.
 func (p *cachedProvider[T]) Preload(ctx context.Context, nsInfos []types.NamespaceInfo) {
 	// Build the cache using a context with the namespace
-	logging.FromContext(ctx).Info("preloading cache", "nsInfos", len(nsInfos))
+	p.logger.Info("preloading cache", "nsInfos", len(nsInfos))
 	startedAt := time.Now()
 	defer func() {
-		logging.FromContext(ctx).Info("finished preloading cache", "nsInfos", len(nsInfos), "elapsed", time.Since(startedAt))
+		p.logger.Info("finished preloading cache", "nsInfos", len(nsInfos), "elapsed", time.Since(startedAt))
 	}()
 	for _, nsInfo := range nsInfos {
-		p.cache.Add(nsInfo.Value, p.fetch(request.WithNamespace(ctx, nsInfo.Value)))
+		p.cache.Add(nsInfo.Value, p.fetch(k8srequest.WithNamespace(ctx, nsInfo.Value)))
 	}
 }
@@ -8,11 +8,11 @@ import (
 	"testing"
 	"time"

+	authlib "github.com/grafana/authlib/types"
+	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"k8s.io/apiserver/pkg/endpoints/request"
-
-	authlib "github.com/grafana/authlib/types"
 )

 // testProvider tracks how many times get() is called
@@ -44,7 +44,7 @@ func TestCachedProvider_CacheHit(t *testing.T) {

 	underlying := newTestProvider(datasources)
 	// Test newCachedProvider directly instead of the wrapper
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Use "default" namespace (org 1) - this is the standard Grafana namespace format
 	ctx := request.WithNamespace(context.Background(), "default")
@@ -69,7 +69,7 @@ func TestCachedProvider_NamespaceIsolation(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Use "default" (org 1) and "org-2" (org 2) - standard Grafana namespace formats
 	ctx1 := request.WithNamespace(context.Background(), "default")
@@ -102,7 +102,7 @@ func TestCachedProvider_NoNamespaceFallback(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Context without namespace - should fall back to direct provider call
 	ctx := context.Background()
@@ -123,7 +123,7 @@ func TestCachedProvider_ConcurrentAccess(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	// Use "default" namespace (org 1)
 	ctx := request.WithNamespace(context.Background(), "default")
@@ -155,7 +155,7 @@ func TestCachedProvider_ConcurrentNamespaces(t *testing.T) {
 	}

 	underlying := newTestProvider(datasources)
-	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, time.Minute, log.New("test"))

 	var wg sync.WaitGroup
 	numOrgs := 10
@@ -198,7 +198,7 @@ func TestCachedProvider_CorrectDataPerNamespace(t *testing.T) {
 			"org-2":   {{UID: "org2-ds", Type: "loki", Name: "Org2 DS", Default: true}},
 		},
 	}
-	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute, log.New("test"))

 	// Use valid namespace formats
 	ctx1 := request.WithNamespace(context.Background(), "default")
@@ -228,7 +228,7 @@ func TestCachedProvider_PreloadMultipleNamespaces(t *testing.T) {
 			"org-3":   {{UID: "org3-ds", Type: "tempo", Name: "Org3 DS", Default: true}},
 		},
 	}
-	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(underlying.Index, defaultCacheSize, time.Minute, log.New("test"))

 	// Preload multiple namespaces
 	nsInfos := []authlib.NamespaceInfo{
@@ -346,7 +346,7 @@ func TestCachedProvider_TTLExpiration(t *testing.T) {
 	underlying := newTestProvider(datasources)
 	// Use a very short TTL for testing
 	shortTTL := 50 * time.Millisecond
-	cached := newCachedProvider(underlying.get, defaultCacheSize, shortTTL)
+	cached := newCachedProvider(underlying.get, defaultCacheSize, shortTTL, log.New("test"))

 	ctx := request.WithNamespace(context.Background(), "default")

@@ -379,7 +379,7 @@ func TestCachedProvider_ParallelNamespacesFetch(t *testing.T) {
 			{UID: "ds1", Type: "prometheus", Name: "Prometheus", Default: true},
 		},
 	}
-	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute, log.New("test"))

 	numNamespaces := 5
 	var wg sync.WaitGroup
@@ -421,7 +421,7 @@ func TestCachedProvider_SameNamespaceSerialFetch(t *testing.T) {
 			{UID: "ds1", Type: "prometheus", Name: "Prometheus", Default: true},
 		},
 	}
-	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute)
+	cached := newCachedProvider(provider.get, defaultCacheSize, time.Minute, log.New("test"))

 	numGoroutines := 10
 	var wg sync.WaitGroup
@@ -3,6 +3,8 @@ package schemaversion
 import (
 	"context"
 	"time"
+
+	"github.com/grafana/grafana/pkg/infra/log"
 )

 // Shared utility functions for datasource migrations across different schema versions.
@@ -34,7 +36,7 @@ func WrapIndexProviderWithCache(provider DataSourceIndexProvider, cacheTTL time.
 		return provider
 	}
 	return &cachedIndexProvider{
-		newCachedProvider[*DatasourceIndex](provider.Index, defaultCacheSize, cacheTTL),
+		newCachedProvider[*DatasourceIndex](provider.Index, defaultCacheSize, cacheTTL, log.New("schemaversion.dsindexprovider")),
 	}
 }

@@ -44,7 +46,7 @@ func WrapLibraryElementProviderWithCache(provider LibraryElementIndexProvider, c
 		return provider
 	}
 	return &cachedLibraryElementProvider{
-		newCachedProvider[[]LibraryElementInfo](provider.GetLibraryElementInfo, defaultCacheSize, cacheTTL),
+		newCachedProvider[[]LibraryElementInfo](provider.GetLibraryElementInfo, defaultCacheSize, cacheTTL, log.New("schemaversion.leindexprovider")),
 	}
 }

@@ -75,9 +75,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -154,9 +154,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -233,9 +233,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -312,9 +312,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -391,9 +391,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -470,9 +470,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": false,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -549,9 +549,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": false,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -641,9 +641,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -720,9 +720,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -799,9 +799,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -878,9 +878,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -974,9 +974,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1053,9 +1053,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1132,9 +1132,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1211,9 +1211,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1290,9 +1290,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1386,9 +1386,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1469,9 +1469,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1552,9 +1552,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1603,6 +1603,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1643,9 +1644,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1670,6 +1671,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 98,
          "min": 5,
          "noise": 22,
@@ -1687,6 +1689,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1727,9 +1730,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1754,6 +1757,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 98,
          "min": 5,
          "noise": 22,
@@ -1784,6 +1788,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1825,9 +1830,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1852,6 +1857,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 8,
          "min": 1,
          "noise": 2,
@@ -1869,6 +1875,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1910,9 +1917,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1937,6 +1944,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 12,
          "min": 1,
          "noise": 2,
@@ -1954,6 +1962,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1994,9 +2003,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -2021,6 +2030,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 100,
          "min": 10,
          "noise": 22,
@@ -2038,6 +2048,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -2078,9 +2089,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -2105,6 +2116,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 100,
          "min": 10,
          "noise": 22,
@@ -2117,151 +2129,6 @@
      ],
      "title": "Backend",
      "type": "radialbar"
-    },
-    {
-      "collapsed": false,
-      "gridPos": {
-        "h": 1,
-        "w": 24,
-        "x": 0,
-        "y": 66
-      },
-      "id": 35,
-      "panels": [],
-      "title": "Empty data",
-      "type": "row"
-    },
-    {
-      "datasource": {
-        "type": "grafana-testdata-datasource"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": 0
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          }
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 6,
-        "x": 0,
-        "y": 67
-      },
-      "id": 36,
-      "options": {
-        "barWidthFactor": 0.5,
-        "effects": {
-          "barGlow": false,
-          "centerGlow": false,
-          "gradient": true,
-          "rounded": false,
-          "spotlight": false
-        },
-        "orientation": "auto",
-        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ],
-          "fields": "",
-          "values": false
-        },
-        "segmentCount": 1,
-        "segmentSpacing": 0.3,
-        "shape": "gauge",
-        "showThresholdLabels": false,
-        "showThresholdMarkers": true,
-        "sparkline": true
-      },
-      "pluginVersion": "13.0.0-pre",
-      "targets": [
-        {
-          "refId": "A",
-          "scenarioId": "random_walk",
-          "seriesCount": 0
-        }
-      ],
-      "title": "Numeric, no series",
-      "type": "gauge"
-    },
-    {
-      "datasource": {
-        "type": "grafana-testdata-datasource"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "thresholds"
-          },
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": 0
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          }
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 6,
-        "x": 6,
-        "y": 67
-      },
-      "id": 37,
-      "options": {
-        "barWidthFactor": 0.5,
-        "effects": {
-          "barGlow": false,
-          "centerGlow": false,
-          "gradient": true,
-          "rounded": false,
-          "spotlight": false
-        },
-        "orientation": "auto",
-        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ],
-          "fields": "",
-          "values": false
-        },
-        "segmentCount": 1,
-        "segmentSpacing": 0.3,
-        "shape": "gauge",
-        "showThresholdLabels": false,
-        "showThresholdMarkers": true,
-        "sparkline": true
-      },
-      "pluginVersion": "13.0.0-pre",
-      "targets": [
-        {
-          "refId": "A",
-          "scenarioId": "logs"
-        }
-      ],
-      "title": "Non-numeric",
-      "type": "gauge"
    }
  ],
  "preload": false,
@@ -2279,4 +2146,4 @@
  "title": "Panel tests - Gauge (new)",
  "uid": "panel-tests-gauge-new",
  "weekStart": ""
-}
+}
@@ -955,9 +955,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1162,4 +1162,4 @@
  "title": "Panel tests - Old gauge to new",
  "uid": "panel-tests-old-gauge-to-new",
  "weekStart": ""
-}
+}
@@ -221,7 +221,7 @@ require (
 	github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
 	github.com/googleapis/gax-go/v2 v2.15.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // indirect
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // indirect
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // indirect
 	github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 // indirect
 	github.com/grafana/dataplane/sdata v0.0.9 // indirect
@@ -817,8 +817,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
@@ -22,40 +22,13 @@ v0alpha1: {
 		serviceaccountv0alpha1,
 		externalGroupMappingv0alpha1
 	]
-
 	routes: {
 		namespaced: {
-			"/searchUsers": {
-				"GET": {
-					request: {
-						query: {
-							query?: string
-							limit?:  int64 | 10
-							offset?: int64 | 0
-							page?:   int64 | 1
-						}
-					}
-					response: {
-						offset: int64
-						totalHits: int64
-						hits: [...#UserHit]
-						queryCost: float64
-						maxScore: float64
-					}
-					responseMetadata: {
-						typeMeta: false
-						objectMeta: false
-					}
-				}
-			}
 			"/searchTeams": {
 				"GET": {
 					request: {
 						query: { 
 							query?: string
-							limit?:  int64 | 50
-							offset?: int64 | 0
-							page?:   int64 | 1
 						}
 					}
 					response: {
@@ -78,15 +51,3 @@ v0alpha1: {
 		}
 	}
 }
-
-#UserHit: {
-	name: string
-	title: string
-	login: string
-	email: string
-	role: string
-	lastSeenAt: int64
-	lastSeenAtAge: string
-	provisioned: bool
-	score: float64
-}
@@ -29,9 +29,6 @@ userv0alpha1: userKind & {
 	// }
 	schema: {
 		spec: v0alpha1.UserSpec
-		status: {
-			lastSeenAt: int64 | 0
-		}
 	}
 	// TODO: Uncomment when the custom routes implementation is done
 	// routes: {
@@ -3,10 +3,7 @@
 package v0alpha1

 type GetSearchTeamsRequestParams struct {
-	Query  *string `json:"query,omitempty"`
-	Limit  int64   `json:"limit,omitempty"`
-	Offset int64   `json:"offset,omitempty"`
-	Page   int64   `json:"page,omitempty"`
+	Query *string `json:"query,omitempty"`
 }

 // NewGetSearchTeamsRequestParams creates a new GetSearchTeamsRequestParams object.
@@ -1,33 +0,0 @@
-// Code generated - EDITING IS FUTILE. DO NOT EDIT.
-
-package v0alpha1
-
-import (
-	"github.com/grafana/grafana-app-sdk/resource"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime"
-)
-
-type GetSearchUsersRequestParamsObject struct {
-	metav1.TypeMeta             `json:",inline"`
-	GetSearchUsersRequestParams `json:",inline"`
-}
-
-func NewGetSearchUsersRequestParamsObject() *GetSearchUsersRequestParamsObject {
-	return &GetSearchUsersRequestParamsObject{}
-}
-
-func (o *GetSearchUsersRequestParamsObject) DeepCopyObject() runtime.Object {
-	dst := NewGetSearchUsersRequestParamsObject()
-	o.DeepCopyInto(dst)
-	return dst
-}
-
-func (o *GetSearchUsersRequestParamsObject) DeepCopyInto(dst *GetSearchUsersRequestParamsObject) {
-	dst.TypeMeta.APIVersion = o.TypeMeta.APIVersion
-	dst.TypeMeta.Kind = o.TypeMeta.Kind
-	dstGetSearchUsersRequestParams := GetSearchUsersRequestParams{}
-	_ = resource.CopyObjectInto(&dstGetSearchUsersRequestParams, &o.GetSearchUsersRequestParams)
-}
-
-var _ runtime.Object = NewGetSearchUsersRequestParamsObject()
@@ -1,15 +0,0 @@
-// Code generated - EDITING IS FUTILE. DO NOT EDIT.
-
-package v0alpha1
-
-type GetSearchUsersRequestParams struct {
-	Query  *string `json:"query,omitempty"`
-	Limit  int64   `json:"limit,omitempty"`
-	Offset int64   `json:"offset,omitempty"`
-	Page   int64   `json:"page,omitempty"`
-}
-
-// NewGetSearchUsersRequestParams creates a new GetSearchUsersRequestParams object.
-func NewGetSearchUsersRequestParams() *GetSearchUsersRequestParams {
-	return &GetSearchUsersRequestParams{}
-}
@@ -1,37 +0,0 @@
-// Code generated - EDITING IS FUTILE. DO NOT EDIT.
-
-package v0alpha1
-
-// +k8s:openapi-gen=true
-type UserHit struct {
-	Name          string  `json:"name"`
-	Title         string  `json:"title"`
-	Login         string  `json:"login"`
-	Email         string  `json:"email"`
-	Role          string  `json:"role"`
-	LastSeenAt    int64   `json:"lastSeenAt"`
-	LastSeenAtAge string  `json:"lastSeenAtAge"`
-	Provisioned   bool    `json:"provisioned"`
-	Score         float64 `json:"score"`
-}
-
-// NewUserHit creates a new UserHit object.
-func NewUserHit() *UserHit {
-	return &UserHit{}
-}
-
-// +k8s:openapi-gen=true
-type GetSearchUsers struct {
-	Offset    int64     `json:"offset"`
-	TotalHits int64     `json:"totalHits"`
-	Hits      []UserHit `json:"hits"`
-	QueryCost float64   `json:"queryCost"`
-	MaxScore  float64   `json:"maxScore"`
-}
-
-// NewGetSearchUsers creates a new GetSearchUsers object.
-func NewGetSearchUsers() *GetSearchUsers {
-	return &GetSearchUsers{
-		Hits: []UserHit{},
-	}
-}
@@ -4,7 +4,6 @@ import (
 	"context"

 	"github.com/grafana/grafana-app-sdk/resource"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

 type UserClient struct {
@@ -76,24 +75,6 @@ func (c *UserClient) Patch(ctx context.Context, identifier resource.Identifier,
 	return c.client.Patch(ctx, identifier, req, opts)
 }

-func (c *UserClient) UpdateStatus(ctx context.Context, identifier resource.Identifier, newStatus UserStatus, opts resource.UpdateOptions) (*User, error) {
-	return c.client.Update(ctx, &User{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       UserKind().Kind(),
-			APIVersion: GroupVersion.Identifier(),
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			ResourceVersion: opts.ResourceVersion,
-			Namespace:       identifier.Namespace,
-			Name:            identifier.Name,
-		},
-		Status: newStatus,
-	}, resource.UpdateOptions{
-		Subresource:     "status",
-		ResourceVersion: opts.ResourceVersion,
-	})
-}
-
 func (c *UserClient) Delete(ctx context.Context, identifier resource.Identifier, opts resource.DeleteOptions) error {
 	return c.client.Delete(ctx, identifier, opts)
 }
@@ -21,14 +21,11 @@ type User struct {

 	// Spec is the spec of the User
 	Spec UserSpec `json:"spec" yaml:"spec"`
-
-	Status UserStatus `json:"status" yaml:"status"`
 }

 func NewUser() *User {
 	return &User{
-		Spec:   *NewUserSpec(),
-		Status: *NewUserStatus(),
+		Spec: *NewUserSpec(),
 	}
 }

@@ -46,15 +43,11 @@ func (o *User) SetSpec(spec any) error {
 }

 func (o *User) GetSubresources() map[string]any {
-	return map[string]any{
-		"status": o.Status,
-	}
+	return map[string]any{}
 }

 func (o *User) GetSubresource(name string) (any, bool) {
 	switch name {
-	case "status":
-		return o.Status, true
 	default:
 		return nil, false
 	}
@@ -62,13 +55,6 @@ func (o *User) GetSubresource(name string) (any, bool) {

 func (o *User) SetSubresource(name string, value any) error {
 	switch name {
-	case "status":
-		cast, ok := value.(UserStatus)
-		if !ok {
-			return fmt.Errorf("cannot set status type %#v, not of type UserStatus", value)
-		}
-		o.Status = cast
-		return nil
 	default:
 		return fmt.Errorf("subresource '%s' does not exist", name)
 	}
@@ -240,7 +226,6 @@ func (o *User) DeepCopyInto(dst *User) {
 	dst.TypeMeta.Kind = o.TypeMeta.Kind
 	o.ObjectMeta.DeepCopyInto(&dst.ObjectMeta)
 	o.Spec.DeepCopyInto(&dst.Spec)
-	o.Status.DeepCopyInto(&dst.Status)
 }

 // Interface compliance compile-time check
@@ -312,15 +297,3 @@ func (s *UserSpec) DeepCopy() *UserSpec {
 func (s *UserSpec) DeepCopyInto(dst *UserSpec) {
 	resource.CopyObjectInto(dst, s)
 }
-
-// DeepCopy creates a full deep copy of UserStatus
-func (s *UserStatus) DeepCopy() *UserStatus {
-	cpy := &UserStatus{}
-	s.DeepCopyInto(cpy)
-	return cpy
-}
-
-// DeepCopyInto deep copies UserStatus into another UserStatus object
-func (s *UserStatus) DeepCopyInto(dst *UserStatus) {
-	resource.CopyObjectInto(dst, s)
-}
@@ -2,12 +2,43 @@

 package v0alpha1

+// +k8s:openapi-gen=true
+type UserstatusOperatorState struct {
+	// lastEvaluation is the ResourceVersion last evaluated
+	LastEvaluation string `json:"lastEvaluation"`
+	// state describes the state of the lastEvaluation.
+	// It is limited to three possible states for machine evaluation.
+	State UserStatusOperatorStateState `json:"state"`
+	// descriptiveState is an optional more descriptive state field which has no requirements on format
+	DescriptiveState *string `json:"descriptiveState,omitempty"`
+	// details contains any extra information that is operator-specific
+	Details map[string]interface{} `json:"details,omitempty"`
+}
+
+// NewUserstatusOperatorState creates a new UserstatusOperatorState object.
+func NewUserstatusOperatorState() *UserstatusOperatorState {
+	return &UserstatusOperatorState{}
+}
+
 // +k8s:openapi-gen=true
 type UserStatus struct {
-	LastSeenAt int64 `json:"lastSeenAt"`
+	// operatorStates is a map of operator ID to operator state evaluations.
+	// Any operator which consumes this kind SHOULD add its state evaluation information to this field.
+	OperatorStates map[string]UserstatusOperatorState `json:"operatorStates,omitempty"`
+	// additionalFields is reserved for future use
+	AdditionalFields map[string]interface{} `json:"additionalFields,omitempty"`
 }

 // NewUserStatus creates a new UserStatus object.
 func NewUserStatus() *UserStatus {
 	return &UserStatus{}
 }
+
+// +k8s:openapi-gen=true
+type UserStatusOperatorStateState string
+
+const (
+	UserStatusOperatorStateStateSuccess    UserStatusOperatorStateState = "success"
+	UserStatusOperatorStateStateInProgress UserStatusOperatorStateState = "in_progress"
+	UserStatusOperatorStateStateFailed     UserStatusOperatorStateState = "failed"
+)
@@ -21,7 +21,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GetGroupsBody":                                                     schema_pkg_apis_iam_v0alpha1_GetGroupsBody(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GetSearchTeams":                                                    schema_pkg_apis_iam_v0alpha1_GetSearchTeams(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GetSearchTeamsBody":                                                schema_pkg_apis_iam_v0alpha1_GetSearchTeamsBody(ref),
-		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GetSearchUsers":                                                    schema_pkg_apis_iam_v0alpha1_GetSearchUsers(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GlobalRole":                                                        schema_pkg_apis_iam_v0alpha1_GlobalRole(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GlobalRoleBinding":                                                 schema_pkg_apis_iam_v0alpha1_GlobalRoleBinding(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.GlobalRoleBindingList":                                             schema_pkg_apis_iam_v0alpha1_GlobalRoleBindingList(ref),
@@ -73,10 +72,10 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.TeamStatus":                                                        schema_pkg_apis_iam_v0alpha1_TeamStatus(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.TeamstatusOperatorState":                                           schema_pkg_apis_iam_v0alpha1_TeamstatusOperatorState(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.User":                                                              schema_pkg_apis_iam_v0alpha1_User(ref),
-		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserHit":                                                           schema_pkg_apis_iam_v0alpha1_UserHit(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserList":                                                          schema_pkg_apis_iam_v0alpha1_UserList(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserSpec":                                                          schema_pkg_apis_iam_v0alpha1_UserSpec(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserStatus":                                                        schema_pkg_apis_iam_v0alpha1_UserStatus(ref),
+		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserstatusOperatorState":                                           schema_pkg_apis_iam_v0alpha1_UserstatusOperatorState(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.VersionsV0alpha1Kinds7RoutesGroupsGETResponseExternalGroupMapping": schema_pkg_apis_iam_v0alpha1_VersionsV0alpha1Kinds7RoutesGroupsGETResponseExternalGroupMapping(ref),
 		"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.VersionsV0alpha1RoutesNamespacedSearchTeamsGETResponseTeamHit":     schema_pkg_apis_iam_v0alpha1_VersionsV0alpha1RoutesNamespacedSearchTeamsGETResponseTeamHit(ref),
 	}
@@ -689,62 +688,6 @@ func schema_pkg_apis_iam_v0alpha1_GetSearchTeamsBody(ref common.ReferenceCallbac
 	}
 }

-func schema_pkg_apis_iam_v0alpha1_GetSearchUsers(ref common.ReferenceCallback) common.OpenAPIDefinition {
-	return common.OpenAPIDefinition{
-		Schema: spec.Schema{
-			SchemaProps: spec.SchemaProps{
-				Type: []string{"object"},
-				Properties: map[string]spec.Schema{
-					"offset": {
-						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"integer"},
-							Format:  "int64",
-						},
-					},
-					"totalHits": {
-						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"integer"},
-							Format:  "int64",
-						},
-					},
-					"hits": {
-						SchemaProps: spec.SchemaProps{
-							Type: []string{"array"},
-							Items: &spec.SchemaOrArray{
-								Schema: &spec.Schema{
-									SchemaProps: spec.SchemaProps{
-										Default: map[string]interface{}{},
-										Ref:     ref("github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserHit"),
-									},
-								},
-							},
-						},
-					},
-					"queryCost": {
-						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"number"},
-							Format:  "double",
-						},
-					},
-					"maxScore": {
-						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"number"},
-							Format:  "double",
-						},
-					},
-				},
-				Required: []string{"offset", "totalHits", "hits", "queryCost", "maxScore"},
-			},
-		},
-		Dependencies: []string{
-			"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserHit"},
-	}
-}
-
 func schema_pkg_apis_iam_v0alpha1_GlobalRole(ref common.ReferenceCallback) common.OpenAPIDefinition {
 	return common.OpenAPIDefinition{
 		Schema: spec.Schema{
@@ -2890,94 +2833,12 @@ func schema_pkg_apis_iam_v0alpha1_User(ref common.ReferenceCallback) common.Open
 							Ref:         ref("github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserSpec"),
 						},
 					},
-					"status": {
-						SchemaProps: spec.SchemaProps{
-							Default: map[string]interface{}{},
-							Ref:     ref("github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserStatus"),
-						},
-					},
 				},
-				Required: []string{"metadata", "spec", "status"},
+				Required: []string{"metadata", "spec"},
 			},
 		},
 		Dependencies: []string{
-			"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserSpec", "github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
-	}
-}
-
-func schema_pkg_apis_iam_v0alpha1_UserHit(ref common.ReferenceCallback) common.OpenAPIDefinition {
-	return common.OpenAPIDefinition{
-		Schema: spec.Schema{
-			SchemaProps: spec.SchemaProps{
-				Type: []string{"object"},
-				Properties: map[string]spec.Schema{
-					"name": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"title": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"login": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"email": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"role": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"lastSeenAt": {
-						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"integer"},
-							Format:  "int64",
-						},
-					},
-					"lastSeenAtAge": {
-						SchemaProps: spec.SchemaProps{
-							Default: "",
-							Type:    []string{"string"},
-							Format:  "",
-						},
-					},
-					"provisioned": {
-						SchemaProps: spec.SchemaProps{
-							Default: false,
-							Type:    []string{"boolean"},
-							Format:  "",
-						},
-					},
-					"score": {
-						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"number"},
-							Format:  "double",
-						},
-					},
-				},
-				Required: []string{"name", "title", "login", "email", "role", "lastSeenAt", "lastSeenAtAge", "provisioned", "score"},
-			},
-		},
+			"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
 	}
 }

@@ -3104,15 +2965,90 @@ func schema_pkg_apis_iam_v0alpha1_UserStatus(ref common.ReferenceCallback) commo
 			SchemaProps: spec.SchemaProps{
 				Type: []string{"object"},
 				Properties: map[string]spec.Schema{
-					"lastSeenAt": {
+					"operatorStates": {
 						SchemaProps: spec.SchemaProps{
-							Default: 0,
-							Type:    []string{"integer"},
-							Format:  "int64",
+							Description: "operatorStates is a map of operator ID to operator state evaluations. Any operator which consumes this kind SHOULD add its state evaluation information to this field.",
+							Type:        []string{"object"},
+							AdditionalProperties: &spec.SchemaOrBool{
+								Allows: true,
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Default: map[string]interface{}{},
+										Ref:     ref("github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserstatusOperatorState"),
+									},
+								},
+							},
+						},
+					},
+					"additionalFields": {
+						SchemaProps: spec.SchemaProps{
+							Description: "additionalFields is reserved for future use",
+							Type:        []string{"object"},
+							AdditionalProperties: &spec.SchemaOrBool{
+								Allows: true,
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Type:   []string{"object"},
+										Format: "",
+									},
+								},
+							},
 						},
 					},
 				},
-				Required: []string{"lastSeenAt"},
+			},
+		},
+		Dependencies: []string{
+			"github.com/grafana/grafana/apps/iam/pkg/apis/iam/v0alpha1.UserstatusOperatorState"},
+	}
+}
+
+func schema_pkg_apis_iam_v0alpha1_UserstatusOperatorState(ref common.ReferenceCallback) common.OpenAPIDefinition {
+	return common.OpenAPIDefinition{
+		Schema: spec.Schema{
+			SchemaProps: spec.SchemaProps{
+				Type: []string{"object"},
+				Properties: map[string]spec.Schema{
+					"lastEvaluation": {
+						SchemaProps: spec.SchemaProps{
+							Description: "lastEvaluation is the ResourceVersion last evaluated",
+							Default:     "",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
+					"state": {
+						SchemaProps: spec.SchemaProps{
+							Description: "state describes the state of the lastEvaluation. It is limited to three possible states for machine evaluation.",
+							Default:     "",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
+					"descriptiveState": {
+						SchemaProps: spec.SchemaProps{
+							Description: "descriptiveState is an optional more descriptive state field which has no requirements on format",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
+					"details": {
+						SchemaProps: spec.SchemaProps{
+							Description: "details contains any extra information that is operator-specific",
+							Type:        []string{"object"},
+							AdditionalProperties: &spec.SchemaOrBool{
+								Allows: true,
+								Schema: &spec.Schema{
+									SchemaProps: spec.SchemaProps{
+										Type:   []string{"object"},
+										Format: "",
+									},
+								},
+							},
+						},
+					},
+				},
+				Required: []string{"lastEvaluation", "state"},
 			},
 		},
 	}
@@ -173,36 +173,6 @@ var appManifestData = app.ManifestData{

 								Parameters: []*spec3.Parameter{

-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "limit",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{},
-											},
-										},
-									},
-
-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "offset",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{},
-											},
-										},
-									},
-
-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "page",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{},
-											},
-										},
-									},
-
 									{
 										ParameterProps: spec3.ParameterProps{
 											Name: "query",
@@ -291,118 +261,6 @@ var appManifestData = app.ManifestData{
 							},
 						},
 					},
-					"/searchUsers": {
-						Get: &spec3.Operation{
-							OperationProps: spec3.OperationProps{
-
-								OperationId: "getSearchUsers",
-
-								Parameters: []*spec3.Parameter{
-
-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "limit",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{},
-											},
-										},
-									},
-
-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "offset",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{},
-											},
-										},
-									},
-
-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "page",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{},
-											},
-										},
-									},
-
-									{
-										ParameterProps: spec3.ParameterProps{
-											Name: "query",
-											In:   "query",
-											Schema: &spec.Schema{
-												SchemaProps: spec.SchemaProps{
-													Type: []string{"string"},
-												},
-											},
-										},
-									},
-								},
-
-								Responses: &spec3.Responses{
-									ResponsesProps: spec3.ResponsesProps{
-										Default: &spec3.Response{
-											ResponseProps: spec3.ResponseProps{
-												Description: "Default OK response",
-												Content: map[string]*spec3.MediaType{
-													"application/json": {
-														MediaTypeProps: spec3.MediaTypeProps{
-															Schema: &spec.Schema{
-																SchemaProps: spec.SchemaProps{
-																	Type: []string{"object"},
-																	Properties: map[string]spec.Schema{
-																		"hits": {
-																			SchemaProps: spec.SchemaProps{
-																				Type: []string{"array"},
-																				Items: &spec.SchemaOrArray{
-																					Schema: &spec.Schema{
-																						SchemaProps: spec.SchemaProps{
-
-																							Ref: spec.MustCreateRef("#/components/schemas/getSearchUsersUserHit"),
-																						}},
-																				},
-																			},
-																		},
-																		"maxScore": {
-																			SchemaProps: spec.SchemaProps{
-																				Type: []string{"number"},
-																			},
-																		},
-																		"offset": {
-																			SchemaProps: spec.SchemaProps{
-																				Type: []string{"integer"},
-																			},
-																		},
-																		"queryCost": {
-																			SchemaProps: spec.SchemaProps{
-																				Type: []string{"number"},
-																			},
-																		},
-																		"totalHits": {
-																			SchemaProps: spec.SchemaProps{
-																				Type: []string{"integer"},
-																			},
-																		},
-																	},
-																	Required: []string{
-																		"offset",
-																		"totalHits",
-																		"hits",
-																		"queryCost",
-																		"maxScore",
-																	},
-																}},
-														}},
-												},
-											},
-										},
-									}},
-							},
-						},
-					},
 				},
 				Cluster: map[string]spec3.PathProps{},
 				Schemas: map[string]spec.Schema{
@@ -445,69 +303,6 @@ var appManifestData = app.ManifestData{
 							},
 						},
 					},
-					"getSearchUsersUserHit": {
-						SchemaProps: spec.SchemaProps{
-							Type: []string{"object"},
-							Properties: map[string]spec.Schema{
-								"email": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"string"},
-									},
-								},
-								"lastSeenAt": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"integer"},
-									},
-								},
-								"lastSeenAtAge": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"string"},
-									},
-								},
-								"login": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"string"},
-									},
-								},
-								"name": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"string"},
-									},
-								},
-								"provisioned": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"boolean"},
-									},
-								},
-								"role": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"string"},
-									},
-								},
-								"score": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"number"},
-									},
-								},
-								"title": {
-									SchemaProps: spec.SchemaProps{
-										Type: []string{"string"},
-									},
-								},
-							},
-							Required: []string{
-								"name",
-								"title",
-								"login",
-								"email",
-								"role",
-								"lastSeenAt",
-								"lastSeenAtAge",
-								"provisioned",
-								"score",
-							},
-						},
-					},
 				},
 			},
 		},
@@ -547,7 +342,6 @@ var customRouteToGoResponseType = map[string]any{
 	"v0alpha1|Team|groups|GET": v0alpha1.GetGroups{},

 	"v0alpha1||<namespace>/searchTeams|GET": v0alpha1.GetSearchTeams{},
-	"v0alpha1||<namespace>/searchUsers|GET": v0alpha1.GetSearchUsers{},
 }

 // ManifestCustomRouteResponsesAssociator returns the associated response go type for a given kind, version, custom route path, and method, if one exists.
@@ -24,6 +24,7 @@ require (
 require (
 	cel.dev/expr v0.24.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
+	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/apache/arrow-go/v18 v18.4.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
@@ -35,16 +36,21 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.38.5 // indirect
 	github.com/aws/smithy-go v1.23.1 // indirect
+	github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
+	github.com/bluele/gcache v0.0.2 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
 	github.com/bwmarrin/snowflake v0.3.0 // indirect
 	github.com/cenkalti/backoff/v5 v5.0.3 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cheekybits/genny v1.0.0 // indirect
+	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/diegoholiveira/jsonlogic/v3 v3.7.4 // indirect
 	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -74,7 +80,7 @@ require (
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 // indirect
+	github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba // indirect
 	github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f // indirect
 	github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 // indirect
 	github.com/grafana/dataplane/sdata v0.0.9 // indirect
@@ -132,11 +138,15 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect
+	github.com/nikunjy/rules v1.5.0 // indirect
 	github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037 // indirect
 	github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/open-feature/go-sdk v1.16.0 // indirect
+	github.com/open-feature/go-sdk-contrib/providers/go-feature-flag v0.2.6 // indirect
+	github.com/open-feature/go-sdk-contrib/providers/ofrep v0.1.6 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
@@ -155,6 +165,7 @@ require (
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/stoewer/go-strcase v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/thomaspoignant/go-feature-flag v1.42.0 // indirect
 	github.com/tjhop/slog-gokit v0.1.5 // indirect
 	github.com/woodsbury/decimal128 v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
@@ -176,6 +187,8 @@ require (
 	go.opentelemetry.io/otel/sdk v1.38.0 // indirect
 	go.opentelemetry.io/otel/trace v1.38.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
+	go.uber.org/atomic v1.11.0 // indirect
+	go.uber.org/mock v0.6.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
@@ -4,9 +4,13 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
+github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
+github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
+github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -38,12 +42,18 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.38.5 h1:+LVB0xBqEgjQoqr9bGZbRzvg212B
 github.com/aws/aws-sdk-go-v2/service/sts v1.38.5/go.mod h1:xoaxeqnnUaZjPjaICgIy5B+MHCSb/ZSOn4MvkFNOUA0=
 github.com/aws/smithy-go v1.23.1 h1:sLvcH6dfAFwGkHLZ7dGiYF7aK6mg4CgKA/iDKjLDt9M=
 github.com/aws/smithy-go v1.23.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
+github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df h1:GSoSVRLoBaFpOOds6QyY1L8AX7uoY+Ln3BHc22W40X0=
+github.com/barkimedes/go-deepcopy v0.0.0-20220514131651-17c30cfc62df/go.mod h1:hiVxq5OP2bUGBRNS3Z/bt/reCLFNbdcST6gISi1fiOM=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
+github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/bluele/gcache v0.0.2 h1:WcbfdXICg7G/DGBh1PFfcirkWOQV+v077yF1pSy3DGw=
+github.com/bluele/gcache v0.0.2/go.mod h1:m15KV+ECjptwSPxKhOhQoAFQVtUFjTVkc3H8o0t/fp0=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 h1:N7oVaKyGp8bttX0bfZGmcGkjz7DLQXhAn3DNd3T0ous=
 github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw=
@@ -60,6 +70,8 @@ github.com/cheekybits/genny v1.0.0/go.mod h1:+tQajlRqAUrPI7DOSpB0XAqZYtQakVtB7wX
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
+github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=
 github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec=
 github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
@@ -69,6 +81,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/diegoholiveira/jsonlogic/v3 v3.7.4 h1:92HSmB9bwM/o0ZvrCpcvTP2EsPXSkKtAniIr2W/dcIM=
+github.com/diegoholiveira/jsonlogic/v3 v3.7.4/go.mod h1:OYRb6FSTVmMM+MNQ7ElmMsczyNSepw+OU4Z8emDSi4w=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes=
@@ -174,8 +188,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
 github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7 h1:ZzG/gCclEit9w0QUfQt9GURcOycAIGcsQAhY1u0AEX0=
-github.com/grafana/alerting v0.0.0-20251212143239-491433b332b7/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba h1:psKWNETD5nGxmFAlqnWsXoRyUwSa2GHNEMSEDKGKfQ4=
+github.com/grafana/alerting v0.0.0-20251204145817-de8c2bbf9eba/go.mod h1:l7v67cgP7x72ajB9UPZlumdrHqNztpKoqQ52cU8T3LU=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f h1:Cbm6OKkOcJ+7CSZsGsEJzktC/SIa5bxVeYKQLuYK86o=
 github.com/grafana/authlib v0.0.0-20250930082137-a40e2c2b094f/go.mod h1:axY0cdOg3q0TZHwpHnIz5x16xZ8ZBxJHShsSHHXcHQg=
 github.com/grafana/authlib/types v0.0.0-20251119142549-be091cf2f4d4 h1:Muoy+FMGrHj3GdFbvsMzUT7eusgii9PKf9L1ZaXDDbY=
@@ -341,6 +355,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nikunjy/rules v1.5.0 h1:KJDSLOsFhwt7kcXUyZqwkgrQg5YoUwj+TVu6ItCQShw=
+github.com/nikunjy/rules v1.5.0/go.mod h1:TlZtZdBChrkqi8Lr2AXocme8Z7EsbxtFdDoKeI6neBQ=
 github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037 h1:G7ERwszslrBzRxj//JalHPu/3yz+De2J+4aLtSRlHiY=
 github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037/go.mod h1:2bpvgLBZEtENV5scfDFEtB/5+1M4hkQhDQrccEJ/qGw=
 github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90 h1:bQx3WeLcUWy+RletIKwUIt4x3t8n2SxavmoclizMb8c=
@@ -355,6 +371,12 @@ github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU
 github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk=
 github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8=
 github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY=
+github.com/open-feature/go-sdk v1.16.0 h1:5NCHYv5slvNBIZhYXAzAufo0OI59OACZ5tczVqSE+Tg=
+github.com/open-feature/go-sdk v1.16.0/go.mod h1:EIF40QcoYT1VbQkMPy2ZJH4kvZeY+qGUXAorzSWgKSo=
+github.com/open-feature/go-sdk-contrib/providers/go-feature-flag v0.2.6 h1:megzzlQGjsRVWDX8oJnLaa5eEcsAHekiL4Uvl3jSAcY=
+github.com/open-feature/go-sdk-contrib/providers/go-feature-flag v0.2.6/go.mod h1:K1gDKvt76CGFLSUMHUydd5ba2V5Cv69gQZsdbnXhAm8=
+github.com/open-feature/go-sdk-contrib/providers/ofrep v0.1.6 h1:WinefYxeVx5rV0uQmuWbxQf8iACu/JiRubo5w0saToc=
+github.com/open-feature/go-sdk-contrib/providers/ofrep v0.1.6/go.mod h1:Dwcaoma6lZVqYwyfVlY7eB6RXbG+Ju3b9cnpTlUN+Hc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@@ -440,6 +462,10 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/thejerf/slogassert v0.3.4 h1:VoTsXixRbXMrRSSxDjYTiEDCM4VWbsYPW5rB/hX24kM=
+github.com/thejerf/slogassert v0.3.4/go.mod h1:0zn9ISLVKo1aPMTqcGfG1o6dWwt+Rk574GlUxHD4rs8=
+github.com/thomaspoignant/go-feature-flag v1.42.0 h1:C7embmOTzaLyRki+OoU2RvtVjJE9IrvgBA2C1mRN1lc=
+github.com/thomaspoignant/go-feature-flag v1.42.0/go.mod h1:y0QiWH7chHWhGATb/+XqwAwErORmPSH2MUsQlCmmWlM=
 github.com/tjhop/slog-gokit v0.1.5 h1:ayloIUi5EK2QYB8eY4DOPO95/mRtMW42lUkp3quJohc=
 github.com/tjhop/slog-gokit v0.1.5/go.mod h1:yA48zAHvV+Sg4z4VRyeFyFUNNXd3JY5Zg84u3USICq0=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
@@ -507,8 +533,12 @@ go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJr
 go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
 go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
 go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
+go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
+go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
+go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
@@ -5,7 +5,24 @@ metaV0Alpha1: {
 	scope: "Namespaced"
 	schema: {
 		spec: {
-			pluginJSON: #JSONData,
+			pluginJson: #JSONData
+			module?: {
+				path:             string
+				hash?:            string
+				loadingStrategy?: "fetch" | "script"
+			}
+			baseURL?: string
+			signature?: {
+				status: "internal" | "valid" | "invalid" | "modified" | "unsigned"
+				type?:  "grafana" | "commercial" | "community" | "private" | "private-glob"
+				org?:   string
+			}
+			angular?: {
+				detected: bool
+			}
+			translations?: [string]: string
+			// +listType=atomic
+			children?: [...string]
 		}
 	}
 }
@@ -208,13 +208,20 @@ func NewMetaExtensions() *MetaExtensions {

 // +k8s:openapi-gen=true
 type MetaSpec struct {
-	PluginJSON MetaJSONData `json:"pluginJSON"`
+	PluginJson   MetaJSONData               `json:"pluginJson"`
+	Module       *MetaV0alpha1SpecModule    `json:"module,omitempty"`
+	BaseURL      *string                    `json:"baseURL,omitempty"`
+	Signature    *MetaV0alpha1SpecSignature `json:"signature,omitempty"`
+	Angular      *MetaV0alpha1SpecAngular   `json:"angular,omitempty"`
+	Translations map[string]string          `json:"translations,omitempty"`
+	// +listType=atomic
+	Children []string `json:"children,omitempty"`
 }

 // NewMetaSpec creates a new MetaSpec object.
 func NewMetaSpec() *MetaSpec {
 	return &MetaSpec{
-		PluginJSON: *NewMetaJSONData(),
+		PluginJson: *NewMetaJSONData(),
 	}
 }

@@ -412,6 +419,40 @@ func NewMetaV0alpha1ExtensionsExtensionPoints() *MetaV0alpha1ExtensionsExtension
 	return &MetaV0alpha1ExtensionsExtensionPoints{}
 }

+// +k8s:openapi-gen=true
+type MetaV0alpha1SpecModule struct {
+	Path            string                                 `json:"path"`
+	Hash            *string                                `json:"hash,omitempty"`
+	LoadingStrategy *MetaV0alpha1SpecModuleLoadingStrategy `json:"loadingStrategy,omitempty"`
+}
+
+// NewMetaV0alpha1SpecModule creates a new MetaV0alpha1SpecModule object.
+func NewMetaV0alpha1SpecModule() *MetaV0alpha1SpecModule {
+	return &MetaV0alpha1SpecModule{}
+}
+
+// +k8s:openapi-gen=true
+type MetaV0alpha1SpecSignature struct {
+	Status MetaV0alpha1SpecSignatureStatus `json:"status"`
+	Type   *MetaV0alpha1SpecSignatureType  `json:"type,omitempty"`
+	Org    *string                         `json:"org,omitempty"`
+}
+
+// NewMetaV0alpha1SpecSignature creates a new MetaV0alpha1SpecSignature object.
+func NewMetaV0alpha1SpecSignature() *MetaV0alpha1SpecSignature {
+	return &MetaV0alpha1SpecSignature{}
+}
+
+// +k8s:openapi-gen=true
+type MetaV0alpha1SpecAngular struct {
+	Detected bool `json:"detected"`
+}
+
+// NewMetaV0alpha1SpecAngular creates a new MetaV0alpha1SpecAngular object.
+func NewMetaV0alpha1SpecAngular() *MetaV0alpha1SpecAngular {
+	return &MetaV0alpha1SpecAngular{}
+}
+
 // +k8s:openapi-gen=true
 type MetaJSONDataType string

@@ -472,3 +513,33 @@ const (
 	MetaV0alpha1DependenciesPluginsTypeDatasource MetaV0alpha1DependenciesPluginsType = "datasource"
 	MetaV0alpha1DependenciesPluginsTypePanel      MetaV0alpha1DependenciesPluginsType = "panel"
 )
+
+// +k8s:openapi-gen=true
+type MetaV0alpha1SpecModuleLoadingStrategy string
+
+const (
+	MetaV0alpha1SpecModuleLoadingStrategyFetch  MetaV0alpha1SpecModuleLoadingStrategy = "fetch"
+	MetaV0alpha1SpecModuleLoadingStrategyScript MetaV0alpha1SpecModuleLoadingStrategy = "script"
+)
+
+// +k8s:openapi-gen=true
+type MetaV0alpha1SpecSignatureStatus string
+
+const (
+	MetaV0alpha1SpecSignatureStatusInternal MetaV0alpha1SpecSignatureStatus = "internal"
+	MetaV0alpha1SpecSignatureStatusValid    MetaV0alpha1SpecSignatureStatus = "valid"
+	MetaV0alpha1SpecSignatureStatusInvalid  MetaV0alpha1SpecSignatureStatus = "invalid"
+	MetaV0alpha1SpecSignatureStatusModified MetaV0alpha1SpecSignatureStatus = "modified"
+	MetaV0alpha1SpecSignatureStatusUnsigned MetaV0alpha1SpecSignatureStatus = "unsigned"
+)
+
+// +k8s:openapi-gen=true
+type MetaV0alpha1SpecSignatureType string
+
+const (
+	MetaV0alpha1SpecSignatureTypeGrafana     MetaV0alpha1SpecSignatureType = "grafana"
+	MetaV0alpha1SpecSignatureTypeCommercial  MetaV0alpha1SpecSignatureType = "commercial"
+	MetaV0alpha1SpecSignatureTypeCommunity   MetaV0alpha1SpecSignatureType = "community"
+	MetaV0alpha1SpecSignatureTypePrivate     MetaV0alpha1SpecSignatureType = "private"
+	MetaV0alpha1SpecSignatureTypePrivateGlob MetaV0alpha1SpecSignatureType = "private-glob"
+)
@@ -10,8 +10,6 @@ import (
 	"time"

 	"github.com/grafana/grafana-app-sdk/logging"
-
-	pluginsv0alpha1 "github.com/grafana/grafana/apps/plugins/pkg/apis/plugins/v0alpha1"
 )

 const (
@@ -87,45 +85,9 @@ func (p *CatalogProvider) GetMeta(ctx context.Context, pluginID, version string)
 		return nil, fmt.Errorf("failed to decode response: %w", err)
 	}

+	metaSpec := grafanaComPluginVersionMetaToMetaSpec(gcomMeta)
 	return &Result{
-		Meta: gcomMeta.JSON,
+		Meta: metaSpec,
 		TTL:  p.ttl,
 	}, nil
 }
-
-// grafanaComPluginVersionMeta represents the response from grafana.com API
-// GET /api/plugins/{pluginId}/versions/{version}
-type grafanaComPluginVersionMeta struct {
-	PluginID        string                       `json:"pluginSlug"`
-	Version         string                       `json:"version"`
-	URL             string                       `json:"url"`
-	Commit          string                       `json:"commit"`
-	Description     string                       `json:"description"`
-	Keywords        []string                     `json:"keywords"`
-	CreatedAt       time.Time                    `json:"createdAt"`
-	UpdatedAt       time.Time                    `json:"updatedAt"`
-	JSON            pluginsv0alpha1.MetaJSONData `json:"json"`
-	Readme          string                       `json:"readme"`
-	Downloads       int                          `json:"downloads"`
-	Verified        bool                         `json:"verified"`
-	Status          string                       `json:"status"`
-	StatusContext   string                       `json:"statusContext"`
-	DownloadSlug    string                       `json:"downloadSlug"`
-	SignatureType   string                       `json:"signatureType"`
-	SignedByOrg     string                       `json:"signedByOrg"`
-	SignedByOrgName string                       `json:"signedByOrgName"`
-	Packages        struct {
-		Any struct {
-			Md5         string `json:"md5"`
-			Sha256      string `json:"sha256"`
-			PackageName string `json:"packageName"`
-			DownloadURL string `json:"downloadUrl"`
-		} `json:"any"`
-	} `json:"packages"`
-	Links []struct {
-		Rel  string `json:"rel"`
-		Href string `json:"href"`
-	} `json:"links"`
-	AngularDetected bool     `json:"angularDetected"`
-	Scopes          []string `json:"scopes"`
-}
@@ -49,7 +49,7 @@ func TestCatalogProvider_GetMeta(t *testing.T) {

 		require.NoError(t, err)
 		require.NotNil(t, result)
-		assert.Equal(t, expectedMeta, result.Meta)
+		assert.Equal(t, expectedMeta, result.Meta.PluginJson)
 		assert.Equal(t, defaultCatalogTTL, result.TTL)
 	})

@@ -0,0 +1,725 @@
+package meta
+
+import (
+	"encoding/json"
+	"time"
+
+	pluginsv0alpha1 "github.com/grafana/grafana/apps/plugins/pkg/apis/plugins/v0alpha1"
+	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
+)
+
+// jsonDataToMetaJSONData converts a plugins.JSONData to a pluginsv0alpha1.MetaJSONData.
+// nolint:gocyclo
+func jsonDataToMetaJSONData(jsonData plugins.JSONData) pluginsv0alpha1.MetaJSONData {
+	meta := pluginsv0alpha1.MetaJSONData{
+		Id:   jsonData.ID,
+		Name: jsonData.Name,
+	}
+
+	// Map plugin type
+	switch jsonData.Type {
+	case plugins.TypeApp:
+		meta.Type = pluginsv0alpha1.MetaJSONDataTypeApp
+	case plugins.TypeDataSource:
+		meta.Type = pluginsv0alpha1.MetaJSONDataTypeDatasource
+	case plugins.TypePanel:
+		meta.Type = pluginsv0alpha1.MetaJSONDataTypePanel
+	case plugins.TypeRenderer:
+		meta.Type = pluginsv0alpha1.MetaJSONDataTypeRenderer
+	}
+
+	// Map Info
+	meta.Info = pluginsv0alpha1.MetaInfo{
+		Keywords: jsonData.Info.Keywords,
+		Logos: pluginsv0alpha1.MetaV0alpha1InfoLogos{
+			Small: jsonData.Info.Logos.Small,
+			Large: jsonData.Info.Logos.Large,
+		},
+		Updated: jsonData.Info.Updated,
+		Version: jsonData.Info.Version,
+	}
+
+	if jsonData.Info.Description != "" {
+		meta.Info.Description = &jsonData.Info.Description
+	}
+
+	if jsonData.Info.Author.Name != "" || jsonData.Info.Author.URL != "" {
+		author := &pluginsv0alpha1.MetaV0alpha1InfoAuthor{}
+		if jsonData.Info.Author.Name != "" {
+			author.Name = &jsonData.Info.Author.Name
+		}
+		if jsonData.Info.Author.URL != "" {
+			author.Url = &jsonData.Info.Author.URL
+		}
+		meta.Info.Author = author
+	}
+
+	if len(jsonData.Info.Links) > 0 {
+		meta.Info.Links = make([]pluginsv0alpha1.MetaV0alpha1InfoLinks, 0, len(jsonData.Info.Links))
+		for _, link := range jsonData.Info.Links {
+			v0Link := pluginsv0alpha1.MetaV0alpha1InfoLinks{}
+			if link.Name != "" {
+				v0Link.Name = &link.Name
+			}
+			if link.URL != "" {
+				v0Link.Url = &link.URL
+			}
+			meta.Info.Links = append(meta.Info.Links, v0Link)
+		}
+	}
+
+	if len(jsonData.Info.Screenshots) > 0 {
+		meta.Info.Screenshots = make([]pluginsv0alpha1.MetaV0alpha1InfoScreenshots, 0, len(jsonData.Info.Screenshots))
+		for _, screenshot := range jsonData.Info.Screenshots {
+			v0Screenshot := pluginsv0alpha1.MetaV0alpha1InfoScreenshots{}
+			if screenshot.Name != "" {
+				v0Screenshot.Name = &screenshot.Name
+			}
+			if screenshot.Path != "" {
+				v0Screenshot.Path = &screenshot.Path
+			}
+			meta.Info.Screenshots = append(meta.Info.Screenshots, v0Screenshot)
+		}
+	}
+
+	// Map Dependencies
+	meta.Dependencies = pluginsv0alpha1.MetaDependencies{
+		GrafanaDependency: jsonData.Dependencies.GrafanaDependency,
+	}
+
+	if jsonData.Dependencies.GrafanaVersion != "" {
+		meta.Dependencies.GrafanaVersion = &jsonData.Dependencies.GrafanaVersion
+	}
+
+	if len(jsonData.Dependencies.Plugins) > 0 {
+		meta.Dependencies.Plugins = make([]pluginsv0alpha1.MetaV0alpha1DependenciesPlugins, 0, len(jsonData.Dependencies.Plugins))
+		for _, dep := range jsonData.Dependencies.Plugins {
+			var depType pluginsv0alpha1.MetaV0alpha1DependenciesPluginsType
+			switch dep.Type {
+			case "app":
+				depType = pluginsv0alpha1.MetaV0alpha1DependenciesPluginsTypeApp
+			case "datasource":
+				depType = pluginsv0alpha1.MetaV0alpha1DependenciesPluginsTypeDatasource
+			case "panel":
+				depType = pluginsv0alpha1.MetaV0alpha1DependenciesPluginsTypePanel
+			}
+			meta.Dependencies.Plugins = append(meta.Dependencies.Plugins, pluginsv0alpha1.MetaV0alpha1DependenciesPlugins{
+				Id:   dep.ID,
+				Type: depType,
+				Name: dep.Name,
+			})
+		}
+	}
+
+	if len(jsonData.Dependencies.Extensions.ExposedComponents) > 0 {
+		meta.Dependencies.Extensions = &pluginsv0alpha1.MetaV0alpha1DependenciesExtensions{
+			ExposedComponents: jsonData.Dependencies.Extensions.ExposedComponents,
+		}
+	}
+
+	// Map optional boolean fields
+	if jsonData.Alerting {
+		meta.Alerting = &jsonData.Alerting
+	}
+	if jsonData.Annotations {
+		meta.Annotations = &jsonData.Annotations
+	}
+	if jsonData.AutoEnabled {
+		meta.AutoEnabled = &jsonData.AutoEnabled
+	}
+	if jsonData.Backend {
+		meta.Backend = &jsonData.Backend
+	}
+	if jsonData.BuiltIn {
+		meta.BuiltIn = &jsonData.BuiltIn
+	}
+	if jsonData.HideFromList {
+		meta.HideFromList = &jsonData.HideFromList
+	}
+	if jsonData.Logs {
+		meta.Logs = &jsonData.Logs
+	}
+	if jsonData.Metrics {
+		meta.Metrics = &jsonData.Metrics
+	}
+	if jsonData.MultiValueFilterOperators {
+		meta.MultiValueFilterOperators = &jsonData.MultiValueFilterOperators
+	}
+	if jsonData.Preload {
+		meta.Preload = &jsonData.Preload
+	}
+	if jsonData.SkipDataQuery {
+		meta.SkipDataQuery = &jsonData.SkipDataQuery
+	}
+	if jsonData.Streaming {
+		meta.Streaming = &jsonData.Streaming
+	}
+	if jsonData.Tracing {
+		meta.Tracing = &jsonData.Tracing
+	}
+
+	// Map category
+	if jsonData.Category != "" {
+		var category pluginsv0alpha1.MetaJSONDataCategory
+		switch jsonData.Category {
+		case "tsdb":
+			category = pluginsv0alpha1.MetaJSONDataCategoryTsdb
+		case "logging":
+			category = pluginsv0alpha1.MetaJSONDataCategoryLogging
+		case "cloud":
+			category = pluginsv0alpha1.MetaJSONDataCategoryCloud
+		case "tracing":
+			category = pluginsv0alpha1.MetaJSONDataCategoryTracing
+		case "profiling":
+			category = pluginsv0alpha1.MetaJSONDataCategoryProfiling
+		case "sql":
+			category = pluginsv0alpha1.MetaJSONDataCategorySql
+		case "enterprise":
+			category = pluginsv0alpha1.MetaJSONDataCategoryEnterprise
+		case "iot":
+			category = pluginsv0alpha1.MetaJSONDataCategoryIot
+		case "other":
+			category = pluginsv0alpha1.MetaJSONDataCategoryOther
+		default:
+			category = pluginsv0alpha1.MetaJSONDataCategoryOther
+		}
+		meta.Category = &category
+	}
+
+	// Map state
+	if jsonData.State != "" {
+		var state pluginsv0alpha1.MetaJSONDataState
+		switch jsonData.State {
+		case plugins.ReleaseStateAlpha:
+			state = pluginsv0alpha1.MetaJSONDataStateAlpha
+		case plugins.ReleaseStateBeta:
+			state = pluginsv0alpha1.MetaJSONDataStateBeta
+		default:
+		}
+		if state != "" {
+			meta.State = &state
+		}
+	}
+
+	// Map executable
+	if jsonData.Executable != "" {
+		meta.Executable = &jsonData.Executable
+	}
+
+	// Map QueryOptions
+	if len(jsonData.QueryOptions) > 0 {
+		queryOptions := &pluginsv0alpha1.MetaQueryOptions{}
+		if val, ok := jsonData.QueryOptions["maxDataPoints"]; ok {
+			queryOptions.MaxDataPoints = &val
+		}
+		if val, ok := jsonData.QueryOptions["minInterval"]; ok {
+			queryOptions.MinInterval = &val
+		}
+		if val, ok := jsonData.QueryOptions["cacheTimeout"]; ok {
+			queryOptions.CacheTimeout = &val
+		}
+		meta.QueryOptions = queryOptions
+	}
+
+	// Map Includes
+	if len(jsonData.Includes) > 0 {
+		meta.Includes = make([]pluginsv0alpha1.MetaInclude, 0, len(jsonData.Includes))
+		for _, include := range jsonData.Includes {
+			v0Include := pluginsv0alpha1.MetaInclude{}
+			if include.UID != "" {
+				v0Include.Uid = &include.UID
+			}
+			if include.Type != "" {
+				var includeType pluginsv0alpha1.MetaIncludeType
+				switch include.Type {
+				case "dashboard":
+					includeType = pluginsv0alpha1.MetaIncludeTypeDashboard
+				case "page":
+					includeType = pluginsv0alpha1.MetaIncludeTypePage
+				case "panel":
+					includeType = pluginsv0alpha1.MetaIncludeTypePanel
+				case "datasource":
+					includeType = pluginsv0alpha1.MetaIncludeTypeDatasource
+				}
+				v0Include.Type = &includeType
+			}
+			if include.Name != "" {
+				v0Include.Name = &include.Name
+			}
+			if include.Component != "" {
+				v0Include.Component = &include.Component
+			}
+			if include.Role != "" {
+				var role pluginsv0alpha1.MetaIncludeRole
+				switch include.Role {
+				case "Admin":
+					role = pluginsv0alpha1.MetaIncludeRoleAdmin
+				case "Editor":
+					role = pluginsv0alpha1.MetaIncludeRoleEditor
+				case "Viewer":
+					role = pluginsv0alpha1.MetaIncludeRoleViewer
+				}
+				v0Include.Role = &role
+			}
+			if include.Action != "" {
+				v0Include.Action = &include.Action
+			}
+			if include.Path != "" {
+				v0Include.Path = &include.Path
+			}
+			if include.AddToNav {
+				v0Include.AddToNav = &include.AddToNav
+			}
+			if include.DefaultNav {
+				v0Include.DefaultNav = &include.DefaultNav
+			}
+			if include.Icon != "" {
+				v0Include.Icon = &include.Icon
+			}
+			meta.Includes = append(meta.Includes, v0Include)
+		}
+	}
+
+	// Map Routes
+	if len(jsonData.Routes) > 0 {
+		meta.Routes = make([]pluginsv0alpha1.MetaRoute, 0, len(jsonData.Routes))
+		for _, route := range jsonData.Routes {
+			v0Route := pluginsv0alpha1.MetaRoute{}
+			if route.Path != "" {
+				v0Route.Path = &route.Path
+			}
+			if route.Method != "" {
+				v0Route.Method = &route.Method
+			}
+			if route.URL != "" {
+				v0Route.Url = &route.URL
+			}
+			if route.ReqRole != "" {
+				reqRole := string(route.ReqRole)
+				v0Route.ReqRole = &reqRole
+			}
+			if route.ReqAction != "" {
+				v0Route.ReqAction = &route.ReqAction
+			}
+			if len(route.Headers) > 0 {
+				headers := make([]string, 0, len(route.Headers))
+				for _, header := range route.Headers {
+					headers = append(headers, header.Name+": "+header.Content)
+				}
+				v0Route.Headers = headers
+			}
+			if len(route.URLParams) > 0 {
+				v0Route.UrlParams = make([]pluginsv0alpha1.MetaV0alpha1RouteUrlParams, 0, len(route.URLParams))
+				for _, param := range route.URLParams {
+					v0Param := pluginsv0alpha1.MetaV0alpha1RouteUrlParams{}
+					if param.Name != "" {
+						v0Param.Name = &param.Name
+					}
+					if param.Content != "" {
+						v0Param.Content = &param.Content
+					}
+					v0Route.UrlParams = append(v0Route.UrlParams, v0Param)
+				}
+			}
+			if route.TokenAuth != nil {
+				v0Route.TokenAuth = &pluginsv0alpha1.MetaV0alpha1RouteTokenAuth{}
+				if route.TokenAuth.Url != "" {
+					v0Route.TokenAuth.Url = &route.TokenAuth.Url
+				}
+				if len(route.TokenAuth.Scopes) > 0 {
+					v0Route.TokenAuth.Scopes = route.TokenAuth.Scopes
+				}
+				if len(route.TokenAuth.Params) > 0 {
+					v0Route.TokenAuth.Params = make(map[string]interface{})
+					for k, v := range route.TokenAuth.Params {
+						v0Route.TokenAuth.Params[k] = v
+					}
+				}
+			}
+			if route.JwtTokenAuth != nil {
+				v0Route.JwtTokenAuth = &pluginsv0alpha1.MetaV0alpha1RouteJwtTokenAuth{}
+				if route.JwtTokenAuth.Url != "" {
+					v0Route.JwtTokenAuth.Url = &route.JwtTokenAuth.Url
+				}
+				if len(route.JwtTokenAuth.Scopes) > 0 {
+					v0Route.JwtTokenAuth.Scopes = route.JwtTokenAuth.Scopes
+				}
+				if len(route.JwtTokenAuth.Params) > 0 {
+					v0Route.JwtTokenAuth.Params = make(map[string]interface{})
+					for k, v := range route.JwtTokenAuth.Params {
+						v0Route.JwtTokenAuth.Params[k] = v
+					}
+				}
+			}
+			if len(route.Body) > 0 {
+				var bodyMap map[string]interface{}
+				if err := json.Unmarshal(route.Body, &bodyMap); err == nil {
+					v0Route.Body = bodyMap
+				}
+			}
+			meta.Routes = append(meta.Routes, v0Route)
+		}
+	}
+
+	// Map Extensions
+	if len(jsonData.Extensions.AddedLinks) > 0 || len(jsonData.Extensions.AddedComponents) > 0 ||
+		len(jsonData.Extensions.ExposedComponents) > 0 || len(jsonData.Extensions.ExtensionPoints) > 0 {
+		extensions := &pluginsv0alpha1.MetaExtensions{}
+
+		if len(jsonData.Extensions.AddedLinks) > 0 {
+			extensions.AddedLinks = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsAddedLinks, 0, len(jsonData.Extensions.AddedLinks))
+			for _, link := range jsonData.Extensions.AddedLinks {
+				v0Link := pluginsv0alpha1.MetaV0alpha1ExtensionsAddedLinks{
+					Targets: link.Targets,
+					Title:   link.Title,
+				}
+				if link.Description != "" {
+					v0Link.Description = &link.Description
+				}
+				extensions.AddedLinks = append(extensions.AddedLinks, v0Link)
+			}
+		}
+
+		if len(jsonData.Extensions.AddedComponents) > 0 {
+			extensions.AddedComponents = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsAddedComponents, 0, len(jsonData.Extensions.AddedComponents))
+			for _, comp := range jsonData.Extensions.AddedComponents {
+				v0Comp := pluginsv0alpha1.MetaV0alpha1ExtensionsAddedComponents{
+					Targets: comp.Targets,
+					Title:   comp.Title,
+				}
+				if comp.Description != "" {
+					v0Comp.Description = &comp.Description
+				}
+				extensions.AddedComponents = append(extensions.AddedComponents, v0Comp)
+			}
+		}
+
+		if len(jsonData.Extensions.ExposedComponents) > 0 {
+			extensions.ExposedComponents = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsExposedComponents, 0, len(jsonData.Extensions.ExposedComponents))
+			for _, comp := range jsonData.Extensions.ExposedComponents {
+				v0Comp := pluginsv0alpha1.MetaV0alpha1ExtensionsExposedComponents{
+					Id: comp.Id,
+				}
+				if comp.Title != "" {
+					v0Comp.Title = &comp.Title
+				}
+				if comp.Description != "" {
+					v0Comp.Description = &comp.Description
+				}
+				extensions.ExposedComponents = append(extensions.ExposedComponents, v0Comp)
+			}
+		}
+
+		if len(jsonData.Extensions.ExtensionPoints) > 0 {
+			extensions.ExtensionPoints = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsExtensionPoints, 0, len(jsonData.Extensions.ExtensionPoints))
+			for _, point := range jsonData.Extensions.ExtensionPoints {
+				v0Point := pluginsv0alpha1.MetaV0alpha1ExtensionsExtensionPoints{
+					Id: point.Id,
+				}
+				if point.Title != "" {
+					v0Point.Title = &point.Title
+				}
+				if point.Description != "" {
+					v0Point.Description = &point.Description
+				}
+				extensions.ExtensionPoints = append(extensions.ExtensionPoints, v0Point)
+			}
+		}
+
+		meta.Extensions = extensions
+	}
+
+	// Map Roles
+	if len(jsonData.Roles) > 0 {
+		meta.Roles = make([]pluginsv0alpha1.MetaRole, 0, len(jsonData.Roles))
+		for _, role := range jsonData.Roles {
+			v0Role := pluginsv0alpha1.MetaRole{
+				Grants: role.Grants,
+			}
+			if role.Role.Name != "" || role.Role.Description != "" || len(role.Role.Permissions) > 0 {
+				v0RoleRole := &pluginsv0alpha1.MetaV0alpha1RoleRole{}
+				if role.Role.Name != "" {
+					v0RoleRole.Name = &role.Role.Name
+				}
+				if role.Role.Description != "" {
+					v0RoleRole.Description = &role.Role.Description
+				}
+				if len(role.Role.Permissions) > 0 {
+					v0RoleRole.Permissions = make([]pluginsv0alpha1.MetaV0alpha1RoleRolePermissions, 0, len(role.Role.Permissions))
+					for _, perm := range role.Role.Permissions {
+						v0Perm := pluginsv0alpha1.MetaV0alpha1RoleRolePermissions{}
+						if perm.Action != "" {
+							v0Perm.Action = &perm.Action
+						}
+						if perm.Scope != "" {
+							v0Perm.Scope = &perm.Scope
+						}
+						v0RoleRole.Permissions = append(v0RoleRole.Permissions, v0Perm)
+					}
+				}
+				v0Role.Role = v0RoleRole
+			}
+			meta.Roles = append(meta.Roles, v0Role)
+		}
+	}
+
+	// Map IAM
+	if jsonData.IAM != nil && len(jsonData.IAM.Permissions) > 0 {
+		iam := &pluginsv0alpha1.MetaIAM{
+			Permissions: make([]pluginsv0alpha1.MetaV0alpha1IAMPermissions, 0, len(jsonData.IAM.Permissions)),
+		}
+		for _, perm := range jsonData.IAM.Permissions {
+			v0Perm := pluginsv0alpha1.MetaV0alpha1IAMPermissions{}
+			if perm.Action != "" {
+				v0Perm.Action = &perm.Action
+			}
+			if perm.Scope != "" {
+				v0Perm.Scope = &perm.Scope
+			}
+			iam.Permissions = append(iam.Permissions, v0Perm)
+		}
+		meta.Iam = iam
+	}
+
+	return meta
+}
+
+// pluginStorePluginToMeta converts a pluginstore.Plugin to a pluginsv0alpha1.MetaSpec.
+// This is similar to pluginToPluginMetaSpec but works with the plugin store DTO.
+// loadingStrategy and moduleHash are optional calculated values that can be provided.
+func pluginStorePluginToMeta(plugin pluginstore.Plugin, loadingStrategy plugins.LoadingStrategy, moduleHash string) pluginsv0alpha1.MetaSpec {
+	metaSpec := pluginsv0alpha1.MetaSpec{
+		PluginJson: jsonDataToMetaJSONData(plugin.JSONData),
+	}
+
+	if plugin.Module != "" {
+		module := &pluginsv0alpha1.MetaV0alpha1SpecModule{
+			Path: plugin.Module,
+		}
+		if moduleHash != "" {
+			module.Hash = &moduleHash
+		}
+		if loadingStrategy != "" {
+			var ls pluginsv0alpha1.MetaV0alpha1SpecModuleLoadingStrategy
+			switch loadingStrategy {
+			case plugins.LoadingStrategyFetch:
+				ls = pluginsv0alpha1.MetaV0alpha1SpecModuleLoadingStrategyFetch
+			case plugins.LoadingStrategyScript:
+				ls = pluginsv0alpha1.MetaV0alpha1SpecModuleLoadingStrategyScript
+			}
+			module.LoadingStrategy = &ls
+		}
+		metaSpec.Module = module
+	}
+
+	if plugin.BaseURL != "" {
+		metaSpec.BaseURL = &plugin.BaseURL
+	}
+
+	if plugin.Signature != "" {
+		signature := &pluginsv0alpha1.MetaV0alpha1SpecSignature{
+			Status: convertSignatureStatus(plugin.Signature),
+		}
+
+		if plugin.SignatureType != "" {
+			sigType := convertSignatureType(plugin.SignatureType)
+			signature.Type = &sigType
+		}
+
+		if plugin.SignatureOrg != "" {
+			signature.Org = &plugin.SignatureOrg
+		}
+
+		metaSpec.Signature = signature
+	}
+
+	if len(plugin.Children) > 0 {
+		metaSpec.Children = plugin.Children
+	}
+
+	metaSpec.Angular = &pluginsv0alpha1.MetaV0alpha1SpecAngular{
+		Detected: plugin.Angular.Detected,
+	}
+
+	if len(plugin.Translations) > 0 {
+		metaSpec.Translations = plugin.Translations
+	}
+
+	return metaSpec
+}
+
+// convertSignatureStatus converts plugins.SignatureStatus to pluginsv0alpha1.MetaV0alpha1SpecSignatureStatus.
+func convertSignatureStatus(status plugins.SignatureStatus) pluginsv0alpha1.MetaV0alpha1SpecSignatureStatus {
+	switch status {
+	case plugins.SignatureStatusInternal:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusInternal
+	case plugins.SignatureStatusValid:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusValid
+	case plugins.SignatureStatusInvalid:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusInvalid
+	case plugins.SignatureStatusModified:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusModified
+	case plugins.SignatureStatusUnsigned:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusUnsigned
+	default:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusUnsigned
+	}
+}
+
+// convertSignatureType converts plugins.SignatureType to pluginsv0alpha1.MetaV0alpha1SpecSignatureType.
+func convertSignatureType(sigType plugins.SignatureType) pluginsv0alpha1.MetaV0alpha1SpecSignatureType {
+	switch sigType {
+	case plugins.SignatureTypeGrafana:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeGrafana
+	case plugins.SignatureTypeCommercial:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeCommercial
+	case plugins.SignatureTypeCommunity:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeCommunity
+	case plugins.SignatureTypePrivate:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureTypePrivate
+	case plugins.SignatureTypePrivateGlob:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureTypePrivateGlob
+	default:
+		return pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeGrafana
+	}
+}
+
+// pluginToMetaSpec converts a fully loaded *plugins.Plugin to a pluginsv0alpha1.MetaSpec.
+func pluginToMetaSpec(plugin *plugins.Plugin) pluginsv0alpha1.MetaSpec {
+	metaSpec := pluginsv0alpha1.MetaSpec{
+		PluginJson: jsonDataToMetaJSONData(plugin.JSONData),
+	}
+
+	// Set module information
+	if plugin.Module != "" {
+		module := &pluginsv0alpha1.MetaV0alpha1SpecModule{
+			Path: plugin.Module,
+		}
+
+		loadingStrategy := pluginsv0alpha1.MetaV0alpha1SpecModuleLoadingStrategyScript
+		module.LoadingStrategy = &loadingStrategy
+
+		metaSpec.Module = module
+	}
+
+	// Set BaseURL
+	if plugin.BaseURL != "" {
+		metaSpec.BaseURL = &plugin.BaseURL
+	}
+
+	// Set signature information
+	signature := &pluginsv0alpha1.MetaV0alpha1SpecSignature{
+		Status: convertSignatureStatus(plugin.Signature),
+	}
+
+	if plugin.SignatureType != "" {
+		sigType := convertSignatureType(plugin.SignatureType)
+		signature.Type = &sigType
+	}
+
+	if plugin.SignatureOrg != "" {
+		signature.Org = &plugin.SignatureOrg
+	}
+
+	metaSpec.Signature = signature
+
+	if len(plugin.Children) > 0 {
+		children := make([]string, 0, len(plugin.Children))
+		for _, child := range plugin.Children {
+			children = append(children, child.ID)
+		}
+		metaSpec.Children = children
+	}
+
+	metaSpec.Angular = &pluginsv0alpha1.MetaV0alpha1SpecAngular{
+		Detected: plugin.Angular.Detected,
+	}
+
+	if len(plugin.Translations) > 0 {
+		metaSpec.Translations = plugin.Translations
+	}
+
+	return metaSpec
+}
+
+// grafanaComPluginVersionMeta represents the response from grafana.com API
+// GET /api/plugins/{pluginId}/versions/{version}
+type grafanaComPluginVersionMeta struct {
+	PluginID        string                       `json:"pluginSlug"`
+	Version         string                       `json:"version"`
+	URL             string                       `json:"url"`
+	Commit          string                       `json:"commit"`
+	Description     string                       `json:"description"`
+	Keywords        []string                     `json:"keywords"`
+	CreatedAt       time.Time                    `json:"createdAt"`
+	UpdatedAt       time.Time                    `json:"updatedAt"`
+	JSON            pluginsv0alpha1.MetaJSONData `json:"json"`
+	Readme          string                       `json:"readme"`
+	Downloads       int                          `json:"downloads"`
+	Verified        bool                         `json:"verified"`
+	Status          string                       `json:"status"`
+	StatusContext   string                       `json:"statusContext"`
+	DownloadSlug    string                       `json:"downloadSlug"`
+	SignatureType   string                       `json:"signatureType"`
+	SignedByOrg     string                       `json:"signedByOrg"`
+	SignedByOrgName string                       `json:"signedByOrgName"`
+	Packages        struct {
+		Any struct {
+			Md5         string `json:"md5"`
+			Sha256      string `json:"sha256"`
+			PackageName string `json:"packageName"`
+			DownloadURL string `json:"downloadUrl"`
+		} `json:"any"`
+	} `json:"packages"`
+	Links []struct {
+		Rel  string `json:"rel"`
+		Href string `json:"href"`
+	} `json:"links"`
+	AngularDetected bool     `json:"angularDetected"`
+	Scopes          []string `json:"scopes"`
+}
+
+// grafanaComPluginVersionMetaToMetaSpec converts a grafanaComPluginVersionMeta to a pluginsv0alpha1.MetaSpec.
+func grafanaComPluginVersionMetaToMetaSpec(gcomMeta grafanaComPluginVersionMeta) pluginsv0alpha1.MetaSpec {
+	metaSpec := pluginsv0alpha1.MetaSpec{
+		PluginJson: gcomMeta.JSON,
+	}
+
+	if gcomMeta.SignatureType != "" {
+		signature := &pluginsv0alpha1.MetaV0alpha1SpecSignature{
+			Status: pluginsv0alpha1.MetaV0alpha1SpecSignatureStatusValid,
+		}
+
+		switch gcomMeta.SignatureType {
+		case "grafana":
+			sigType := pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeGrafana
+			signature.Type = &sigType
+		case "commercial":
+			sigType := pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeCommercial
+			signature.Type = &sigType
+		case "community":
+			sigType := pluginsv0alpha1.MetaV0alpha1SpecSignatureTypeCommunity
+			signature.Type = &sigType
+		case "private":
+			sigType := pluginsv0alpha1.MetaV0alpha1SpecSignatureTypePrivate
+			signature.Type = &sigType
+		case "private-glob":
+			sigType := pluginsv0alpha1.MetaV0alpha1SpecSignatureTypePrivateGlob
+			signature.Type = &sigType
+		}
+
+		if gcomMeta.SignedByOrg != "" {
+			signature.Org = &gcomMeta.SignedByOrg
+		}
+
+		metaSpec.Signature = signature
+	}
+
+	// Set angular info
+	metaSpec.Angular = &pluginsv0alpha1.MetaV0alpha1SpecAngular{
+		Detected: gcomMeta.AngularDetected,
+	}
+
+	return metaSpec
+}
@@ -2,7 +2,6 @@ package meta

 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"os"
 	"path/filepath"
@@ -13,7 +12,15 @@ import (

 	pluginsv0alpha1 "github.com/grafana/grafana/apps/plugins/pkg/apis/plugins/v0alpha1"
 	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/plugins/config"
+	pluginsLoader "github.com/grafana/grafana/pkg/plugins/manager/loader"
+	"github.com/grafana/grafana/pkg/plugins/manager/pipeline/bootstrap"
+	"github.com/grafana/grafana/pkg/plugins/manager/pipeline/discovery"
+	"github.com/grafana/grafana/pkg/plugins/manager/pipeline/initialization"
+	"github.com/grafana/grafana/pkg/plugins/manager/pipeline/termination"
+	"github.com/grafana/grafana/pkg/plugins/manager/pipeline/validation"
 	"github.com/grafana/grafana/pkg/plugins/manager/sources"
+	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginerrs"
 )

 const (
@@ -23,9 +30,10 @@ const (
 // CoreProvider retrieves plugin metadata for core plugins.
 type CoreProvider struct {
 	mu            sync.RWMutex
-	loadedPlugins map[string]pluginsv0alpha1.MetaJSONData
+	loadedPlugins map[string]pluginsv0alpha1.MetaSpec
 	initialized   bool
 	ttl           time.Duration
+	loader        pluginsLoader.Service
 }

 // NewCoreProvider creates a new CoreProvider for core plugins.
@@ -35,9 +43,13 @@ func NewCoreProvider() *CoreProvider {

 // NewCoreProviderWithTTL creates a new CoreProvider with a custom TTL.
 func NewCoreProviderWithTTL(ttl time.Duration) *CoreProvider {
+	cfg := &config.PluginManagementCfg{
+		Features: config.Features{},
+	}
 	return &CoreProvider{
-		loadedPlugins: make(map[string]pluginsv0alpha1.MetaJSONData),
+		loadedPlugins: make(map[string]pluginsv0alpha1.MetaSpec),
 		ttl:           ttl,
+		loader:        createLoader(cfg),
 	}
 }

@@ -76,9 +88,9 @@ func (p *CoreProvider) GetMeta(ctx context.Context, pluginID, _ string) (*Result
 		p.initialized = true
 	}

-	if meta, found := p.loadedPlugins[pluginID]; found {
+	if spec, found := p.loadedPlugins[pluginID]; found {
 		return &Result{
-			Meta: meta,
+			Meta: spec,
 			TTL:  p.ttl,
 		}, nil
 	}
@@ -86,8 +98,8 @@ func (p *CoreProvider) GetMeta(ctx context.Context, pluginID, _ string) (*Result
 	return nil, ErrMetaNotFound
 }

-// loadPlugins discovers and caches all core plugins.
-// Returns an error if the static root path cannot be found or if plugin discovery fails.
+// loadPlugins discovers and caches all core plugins by fully loading them.
+// Returns an error if the static root path cannot be found or if plugin loading fails.
 // This error will be handled gracefully by GetMeta, which will return ErrMetaNotFound
 // to allow other providers to handle the request.
 func (p *CoreProvider) loadPlugins(ctx context.Context) error {
@@ -108,496 +120,51 @@ func (p *CoreProvider) loadPlugins(ctx context.Context) error {
 	panelPath := filepath.Join(staticRootPath, "app", "plugins", "panel")

 	src := sources.NewLocalSource(plugins.ClassCore, []string{datasourcePath, panelPath})
-	ps, err := src.Discover(ctx)
+	loadedPlugins, err := p.loader.Load(ctx, src)
 	if err != nil {
 		return err
 	}

-	if len(ps) == 0 {
-		logging.DefaultLogger.Warn("CoreProvider: no core plugins found during discovery")
+	if len(loadedPlugins) == 0 {
+		logging.DefaultLogger.Warn("CoreProvider: no core plugins found during loading")
 		return nil
 	}

-	for _, bundle := range ps {
-		meta := jsonDataToMetaJSONData(bundle.Primary.JSONData)
-		p.loadedPlugins[bundle.Primary.JSONData.ID] = meta
+	for _, plugin := range loadedPlugins {
+		metaSpec := pluginToMetaSpec(plugin)
+		p.loadedPlugins[plugin.ID] = metaSpec
 	}

 	return nil
 }

-// jsonDataToMetaJSONData converts a plugins.JSONData to a pluginsv0alpha1.MetaJSONData.
-// nolint:gocyclo
-func jsonDataToMetaJSONData(jsonData plugins.JSONData) pluginsv0alpha1.MetaJSONData {
-	meta := pluginsv0alpha1.MetaJSONData{
-		Id:   jsonData.ID,
-		Name: jsonData.Name,
-	}
-
-	// Map plugin type
-	switch jsonData.Type {
-	case plugins.TypeApp:
-		meta.Type = pluginsv0alpha1.MetaJSONDataTypeApp
-	case plugins.TypeDataSource:
-		meta.Type = pluginsv0alpha1.MetaJSONDataTypeDatasource
-	case plugins.TypePanel:
-		meta.Type = pluginsv0alpha1.MetaJSONDataTypePanel
-	case plugins.TypeRenderer:
-		meta.Type = pluginsv0alpha1.MetaJSONDataTypeRenderer
-	}
-
-	// Map Info
-	meta.Info = pluginsv0alpha1.MetaInfo{
-		Keywords: jsonData.Info.Keywords,
-		Logos: pluginsv0alpha1.MetaV0alpha1InfoLogos{
-			Small: jsonData.Info.Logos.Small,
-			Large: jsonData.Info.Logos.Large,
+// createLoader creates a loader service configured for core plugins.
+func createLoader(cfg *config.PluginManagementCfg) pluginsLoader.Service {
+	d := discovery.New(cfg, discovery.Opts{
+		FilterFuncs: []discovery.FilterFunc{
+			// Allow all plugin types for core plugins
 		},
-		Updated: jsonData.Info.Updated,
-		Version: jsonData.Info.Version,
-	}
+	})
+	b := bootstrap.New(cfg, bootstrap.Opts{
+		DecorateFuncs: []bootstrap.DecorateFunc{}, // no decoration required for metadata
+	})
+	v := validation.New(cfg, validation.Opts{
+		ValidateFuncs: []validation.ValidateFunc{
+			// Skip validation for core plugins - they're trusted
+		},
+	})
+	i := initialization.New(cfg, initialization.Opts{
+		InitializeFuncs: []initialization.InitializeFunc{
+			// Skip initialization - we only need metadata, not running plugins
+		},
+	})
+	t, _ := termination.New(cfg, termination.Opts{
+		TerminateFuncs: []termination.TerminateFunc{
+			// No termination needed for metadata-only loading
+		},
+	})

-	if jsonData.Info.Description != "" {
-		meta.Info.Description = &jsonData.Info.Description
-	}
+	et := pluginerrs.ProvideErrorTracker()

-	if jsonData.Info.Author.Name != "" || jsonData.Info.Author.URL != "" {
-		author := &pluginsv0alpha1.MetaV0alpha1InfoAuthor{}
-		if jsonData.Info.Author.Name != "" {
-			author.Name = &jsonData.Info.Author.Name
-		}
-		if jsonData.Info.Author.URL != "" {
-			author.Url = &jsonData.Info.Author.URL
-		}
-		meta.Info.Author = author
-	}
-
-	if len(jsonData.Info.Links) > 0 {
-		meta.Info.Links = make([]pluginsv0alpha1.MetaV0alpha1InfoLinks, 0, len(jsonData.Info.Links))
-		for _, link := range jsonData.Info.Links {
-			v0Link := pluginsv0alpha1.MetaV0alpha1InfoLinks{}
-			if link.Name != "" {
-				v0Link.Name = &link.Name
-			}
-			if link.URL != "" {
-				v0Link.Url = &link.URL
-			}
-			meta.Info.Links = append(meta.Info.Links, v0Link)
-		}
-	}
-
-	if len(jsonData.Info.Screenshots) > 0 {
-		meta.Info.Screenshots = make([]pluginsv0alpha1.MetaV0alpha1InfoScreenshots, 0, len(jsonData.Info.Screenshots))
-		for _, screenshot := range jsonData.Info.Screenshots {
-			v0Screenshot := pluginsv0alpha1.MetaV0alpha1InfoScreenshots{}
-			if screenshot.Name != "" {
-				v0Screenshot.Name = &screenshot.Name
-			}
-			if screenshot.Path != "" {
-				v0Screenshot.Path = &screenshot.Path
-			}
-			meta.Info.Screenshots = append(meta.Info.Screenshots, v0Screenshot)
-		}
-	}
-
-	// Map Dependencies
-	meta.Dependencies = pluginsv0alpha1.MetaDependencies{
-		GrafanaDependency: jsonData.Dependencies.GrafanaDependency,
-	}
-
-	if jsonData.Dependencies.GrafanaVersion != "" {
-		meta.Dependencies.GrafanaVersion = &jsonData.Dependencies.GrafanaVersion
-	}
-
-	if len(jsonData.Dependencies.Plugins) > 0 {
-		meta.Dependencies.Plugins = make([]pluginsv0alpha1.MetaV0alpha1DependenciesPlugins, 0, len(jsonData.Dependencies.Plugins))
-		for _, dep := range jsonData.Dependencies.Plugins {
-			var depType pluginsv0alpha1.MetaV0alpha1DependenciesPluginsType
-			switch dep.Type {
-			case "app":
-				depType = pluginsv0alpha1.MetaV0alpha1DependenciesPluginsTypeApp
-			case "datasource":
-				depType = pluginsv0alpha1.MetaV0alpha1DependenciesPluginsTypeDatasource
-			case "panel":
-				depType = pluginsv0alpha1.MetaV0alpha1DependenciesPluginsTypePanel
-			}
-			meta.Dependencies.Plugins = append(meta.Dependencies.Plugins, pluginsv0alpha1.MetaV0alpha1DependenciesPlugins{
-				Id:   dep.ID,
-				Type: depType,
-				Name: dep.Name,
-			})
-		}
-	}
-
-	if len(jsonData.Dependencies.Extensions.ExposedComponents) > 0 {
-		meta.Dependencies.Extensions = &pluginsv0alpha1.MetaV0alpha1DependenciesExtensions{
-			ExposedComponents: jsonData.Dependencies.Extensions.ExposedComponents,
-		}
-	}
-
-	// Map optional boolean fields
-	if jsonData.Alerting {
-		meta.Alerting = &jsonData.Alerting
-	}
-	if jsonData.Annotations {
-		meta.Annotations = &jsonData.Annotations
-	}
-	if jsonData.AutoEnabled {
-		meta.AutoEnabled = &jsonData.AutoEnabled
-	}
-	if jsonData.Backend {
-		meta.Backend = &jsonData.Backend
-	}
-	if jsonData.BuiltIn {
-		meta.BuiltIn = &jsonData.BuiltIn
-	}
-	if jsonData.HideFromList {
-		meta.HideFromList = &jsonData.HideFromList
-	}
-	if jsonData.Logs {
-		meta.Logs = &jsonData.Logs
-	}
-	if jsonData.Metrics {
-		meta.Metrics = &jsonData.Metrics
-	}
-	if jsonData.MultiValueFilterOperators {
-		meta.MultiValueFilterOperators = &jsonData.MultiValueFilterOperators
-	}
-	if jsonData.Preload {
-		meta.Preload = &jsonData.Preload
-	}
-	if jsonData.SkipDataQuery {
-		meta.SkipDataQuery = &jsonData.SkipDataQuery
-	}
-	if jsonData.Streaming {
-		meta.Streaming = &jsonData.Streaming
-	}
-	if jsonData.Tracing {
-		meta.Tracing = &jsonData.Tracing
-	}
-
-	// Map category
-	if jsonData.Category != "" {
-		var category pluginsv0alpha1.MetaJSONDataCategory
-		switch jsonData.Category {
-		case "tsdb":
-			category = pluginsv0alpha1.MetaJSONDataCategoryTsdb
-		case "logging":
-			category = pluginsv0alpha1.MetaJSONDataCategoryLogging
-		case "cloud":
-			category = pluginsv0alpha1.MetaJSONDataCategoryCloud
-		case "tracing":
-			category = pluginsv0alpha1.MetaJSONDataCategoryTracing
-		case "profiling":
-			category = pluginsv0alpha1.MetaJSONDataCategoryProfiling
-		case "sql":
-			category = pluginsv0alpha1.MetaJSONDataCategorySql
-		case "enterprise":
-			category = pluginsv0alpha1.MetaJSONDataCategoryEnterprise
-		case "iot":
-			category = pluginsv0alpha1.MetaJSONDataCategoryIot
-		case "other":
-			category = pluginsv0alpha1.MetaJSONDataCategoryOther
-		default:
-			category = pluginsv0alpha1.MetaJSONDataCategoryOther
-		}
-		meta.Category = &category
-	}
-
-	// Map state
-	if jsonData.State != "" {
-		var state pluginsv0alpha1.MetaJSONDataState
-		switch jsonData.State {
-		case plugins.ReleaseStateAlpha:
-			state = pluginsv0alpha1.MetaJSONDataStateAlpha
-		case plugins.ReleaseStateBeta:
-			state = pluginsv0alpha1.MetaJSONDataStateBeta
-		default:
-		}
-		if state != "" {
-			meta.State = &state
-		}
-	}
-
-	// Map executable
-	if jsonData.Executable != "" {
-		meta.Executable = &jsonData.Executable
-	}
-
-	// Map QueryOptions
-	if len(jsonData.QueryOptions) > 0 {
-		queryOptions := &pluginsv0alpha1.MetaQueryOptions{}
-		if val, ok := jsonData.QueryOptions["maxDataPoints"]; ok {
-			queryOptions.MaxDataPoints = &val
-		}
-		if val, ok := jsonData.QueryOptions["minInterval"]; ok {
-			queryOptions.MinInterval = &val
-		}
-		if val, ok := jsonData.QueryOptions["cacheTimeout"]; ok {
-			queryOptions.CacheTimeout = &val
-		}
-		meta.QueryOptions = queryOptions
-	}
-
-	// Map Includes
-	if len(jsonData.Includes) > 0 {
-		meta.Includes = make([]pluginsv0alpha1.MetaInclude, 0, len(jsonData.Includes))
-		for _, include := range jsonData.Includes {
-			v0Include := pluginsv0alpha1.MetaInclude{}
-			if include.UID != "" {
-				v0Include.Uid = &include.UID
-			}
-			if include.Type != "" {
-				var includeType pluginsv0alpha1.MetaIncludeType
-				switch include.Type {
-				case "dashboard":
-					includeType = pluginsv0alpha1.MetaIncludeTypeDashboard
-				case "page":
-					includeType = pluginsv0alpha1.MetaIncludeTypePage
-				case "panel":
-					includeType = pluginsv0alpha1.MetaIncludeTypePanel
-				case "datasource":
-					includeType = pluginsv0alpha1.MetaIncludeTypeDatasource
-				}
-				v0Include.Type = &includeType
-			}
-			if include.Name != "" {
-				v0Include.Name = &include.Name
-			}
-			if include.Component != "" {
-				v0Include.Component = &include.Component
-			}
-			if include.Role != "" {
-				var role pluginsv0alpha1.MetaIncludeRole
-				switch include.Role {
-				case "Admin":
-					role = pluginsv0alpha1.MetaIncludeRoleAdmin
-				case "Editor":
-					role = pluginsv0alpha1.MetaIncludeRoleEditor
-				case "Viewer":
-					role = pluginsv0alpha1.MetaIncludeRoleViewer
-				}
-				v0Include.Role = &role
-			}
-			if include.Action != "" {
-				v0Include.Action = &include.Action
-			}
-			if include.Path != "" {
-				v0Include.Path = &include.Path
-			}
-			if include.AddToNav {
-				v0Include.AddToNav = &include.AddToNav
-			}
-			if include.DefaultNav {
-				v0Include.DefaultNav = &include.DefaultNav
-			}
-			if include.Icon != "" {
-				v0Include.Icon = &include.Icon
-			}
-			meta.Includes = append(meta.Includes, v0Include)
-		}
-	}
-
-	// Map Routes
-	if len(jsonData.Routes) > 0 {
-		meta.Routes = make([]pluginsv0alpha1.MetaRoute, 0, len(jsonData.Routes))
-		for _, route := range jsonData.Routes {
-			v0Route := pluginsv0alpha1.MetaRoute{}
-			if route.Path != "" {
-				v0Route.Path = &route.Path
-			}
-			if route.Method != "" {
-				v0Route.Method = &route.Method
-			}
-			if route.URL != "" {
-				v0Route.Url = &route.URL
-			}
-			if route.ReqRole != "" {
-				reqRole := string(route.ReqRole)
-				v0Route.ReqRole = &reqRole
-			}
-			if route.ReqAction != "" {
-				v0Route.ReqAction = &route.ReqAction
-			}
-			if len(route.Headers) > 0 {
-				headers := make([]string, 0, len(route.Headers))
-				for _, header := range route.Headers {
-					headers = append(headers, header.Name+": "+header.Content)
-				}
-				v0Route.Headers = headers
-			}
-			if len(route.URLParams) > 0 {
-				v0Route.UrlParams = make([]pluginsv0alpha1.MetaV0alpha1RouteUrlParams, 0, len(route.URLParams))
-				for _, param := range route.URLParams {
-					v0Param := pluginsv0alpha1.MetaV0alpha1RouteUrlParams{}
-					if param.Name != "" {
-						v0Param.Name = &param.Name
-					}
-					if param.Content != "" {
-						v0Param.Content = &param.Content
-					}
-					v0Route.UrlParams = append(v0Route.UrlParams, v0Param)
-				}
-			}
-			if route.TokenAuth != nil {
-				v0Route.TokenAuth = &pluginsv0alpha1.MetaV0alpha1RouteTokenAuth{}
-				if route.TokenAuth.Url != "" {
-					v0Route.TokenAuth.Url = &route.TokenAuth.Url
-				}
-				if len(route.TokenAuth.Scopes) > 0 {
-					v0Route.TokenAuth.Scopes = route.TokenAuth.Scopes
-				}
-				if len(route.TokenAuth.Params) > 0 {
-					v0Route.TokenAuth.Params = make(map[string]interface{})
-					for k, v := range route.TokenAuth.Params {
-						v0Route.TokenAuth.Params[k] = v
-					}
-				}
-			}
-			if route.JwtTokenAuth != nil {
-				v0Route.JwtTokenAuth = &pluginsv0alpha1.MetaV0alpha1RouteJwtTokenAuth{}
-				if route.JwtTokenAuth.Url != "" {
-					v0Route.JwtTokenAuth.Url = &route.JwtTokenAuth.Url
-				}
-				if len(route.JwtTokenAuth.Scopes) > 0 {
-					v0Route.JwtTokenAuth.Scopes = route.JwtTokenAuth.Scopes
-				}
-				if len(route.JwtTokenAuth.Params) > 0 {
-					v0Route.JwtTokenAuth.Params = make(map[string]interface{})
-					for k, v := range route.JwtTokenAuth.Params {
-						v0Route.JwtTokenAuth.Params[k] = v
-					}
-				}
-			}
-			if len(route.Body) > 0 {
-				var bodyMap map[string]interface{}
-				if err := json.Unmarshal(route.Body, &bodyMap); err == nil {
-					v0Route.Body = bodyMap
-				}
-			}
-			meta.Routes = append(meta.Routes, v0Route)
-		}
-	}
-
-	// Map Extensions
-	if len(jsonData.Extensions.AddedLinks) > 0 || len(jsonData.Extensions.AddedComponents) > 0 ||
-		len(jsonData.Extensions.ExposedComponents) > 0 || len(jsonData.Extensions.ExtensionPoints) > 0 {
-		extensions := &pluginsv0alpha1.MetaExtensions{}
-
-		if len(jsonData.Extensions.AddedLinks) > 0 {
-			extensions.AddedLinks = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsAddedLinks, 0, len(jsonData.Extensions.AddedLinks))
-			for _, link := range jsonData.Extensions.AddedLinks {
-				v0Link := pluginsv0alpha1.MetaV0alpha1ExtensionsAddedLinks{
-					Targets: link.Targets,
-					Title:   link.Title,
-				}
-				if link.Description != "" {
-					v0Link.Description = &link.Description
-				}
-				extensions.AddedLinks = append(extensions.AddedLinks, v0Link)
-			}
-		}
-
-		if len(jsonData.Extensions.AddedComponents) > 0 {
-			extensions.AddedComponents = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsAddedComponents, 0, len(jsonData.Extensions.AddedComponents))
-			for _, comp := range jsonData.Extensions.AddedComponents {
-				v0Comp := pluginsv0alpha1.MetaV0alpha1ExtensionsAddedComponents{
-					Targets: comp.Targets,
-					Title:   comp.Title,
-				}
-				if comp.Description != "" {
-					v0Comp.Description = &comp.Description
-				}
-				extensions.AddedComponents = append(extensions.AddedComponents, v0Comp)
-			}
-		}
-
-		if len(jsonData.Extensions.ExposedComponents) > 0 {
-			extensions.ExposedComponents = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsExposedComponents, 0, len(jsonData.Extensions.ExposedComponents))
-			for _, comp := range jsonData.Extensions.ExposedComponents {
-				v0Comp := pluginsv0alpha1.MetaV0alpha1ExtensionsExposedComponents{
-					Id: comp.Id,
-				}
-				if comp.Title != "" {
-					v0Comp.Title = &comp.Title
-				}
-				if comp.Description != "" {
-					v0Comp.Description = &comp.Description
-				}
-				extensions.ExposedComponents = append(extensions.ExposedComponents, v0Comp)
-			}
-		}
-
-		if len(jsonData.Extensions.ExtensionPoints) > 0 {
-			extensions.ExtensionPoints = make([]pluginsv0alpha1.MetaV0alpha1ExtensionsExtensionPoints, 0, len(jsonData.Extensions.ExtensionPoints))
-			for _, point := range jsonData.Extensions.ExtensionPoints {
-				v0Point := pluginsv0alpha1.MetaV0alpha1ExtensionsExtensionPoints{
-					Id: point.Id,
-				}
-				if point.Title != "" {
-					v0Point.Title = &point.Title
-				}
-				if point.Description != "" {
-					v0Point.Description = &point.Description
-				}
-				extensions.ExtensionPoints = append(extensions.ExtensionPoints, v0Point)
-			}
-		}
-
-		meta.Extensions = extensions
-	}
-
-	// Map Roles
-	if len(jsonData.Roles) > 0 {
-		meta.Roles = make([]pluginsv0alpha1.MetaRole, 0, len(jsonData.Roles))
-		for _, role := range jsonData.Roles {
-			v0Role := pluginsv0alpha1.MetaRole{
-				Grants: role.Grants,
-			}
-			if role.Role.Name != "" || role.Role.Description != "" || len(role.Role.Permissions) > 0 {
-				v0RoleRole := &pluginsv0alpha1.MetaV0alpha1RoleRole{}
-				if role.Role.Name != "" {
-					v0RoleRole.Name = &role.Role.Name
-				}
-				if role.Role.Description != "" {
-					v0RoleRole.Description = &role.Role.Description
-				}
-				if len(role.Role.Permissions) > 0 {
-					v0RoleRole.Permissions = make([]pluginsv0alpha1.MetaV0alpha1RoleRolePermissions, 0, len(role.Role.Permissions))
-					for _, perm := range role.Role.Permissions {
-						v0Perm := pluginsv0alpha1.MetaV0alpha1RoleRolePermissions{}
-						if perm.Action != "" {
-							v0Perm.Action = &perm.Action
-						}
-						if perm.Scope != "" {
-							v0Perm.Scope = &perm.Scope
-						}
-						v0RoleRole.Permissions = append(v0RoleRole.Permissions, v0Perm)
-					}
-				}
-				v0Role.Role = v0RoleRole
-			}
-			meta.Roles = append(meta.Roles, v0Role)
-		}
-	}
-
-	// Map IAM
-	if jsonData.IAM != nil && len(jsonData.IAM.Permissions) > 0 {
-		iam := &pluginsv0alpha1.MetaIAM{
-			Permissions: make([]pluginsv0alpha1.MetaV0alpha1IAMPermissions, 0, len(jsonData.IAM.Permissions)),
-		}
-		for _, perm := range jsonData.IAM.Permissions {
-			v0Perm := pluginsv0alpha1.MetaV0alpha1IAMPermissions{}
-			if perm.Action != "" {
-				v0Perm.Action = &perm.Action
-			}
-			if perm.Scope != "" {
-				v0Perm.Scope = &perm.Scope
-			}
-			iam.Permissions = append(iam.Permissions, v0Perm)
-		}
-		meta.Iam = iam
-	}
-
-	return meta
+	return pluginsLoader.New(cfg, d, b, v, i, t, et)
 }
@@ -22,10 +22,12 @@ func TestCoreProvider_GetMeta(t *testing.T) {
 	t.Run("returns cached plugin when available", func(t *testing.T) {
 		provider := NewCoreProvider()

-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		provider.mu.Lock()
@@ -58,10 +60,12 @@ func TestCoreProvider_GetMeta(t *testing.T) {
 	t.Run("ignores version parameter", func(t *testing.T) {
 		provider := NewCoreProvider()

-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		provider.mu.Lock()
@@ -81,10 +85,12 @@ func TestCoreProvider_GetMeta(t *testing.T) {
 		customTTL := 2 * time.Hour
 		provider := NewCoreProviderWithTTL(customTTL)

-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		provider.mu.Lock()
@@ -226,8 +232,8 @@ func TestCoreProvider_loadPlugins(t *testing.T) {
 		if loaded {
 			result, err := provider.GetMeta(ctx, "test-datasource", "1.0.0")
 			require.NoError(t, err)
-			assert.Equal(t, "test-datasource", result.Meta.Id)
-			assert.Equal(t, "Test Datasource", result.Meta.Name)
+			assert.Equal(t, "test-datasource", result.Meta.PluginJson.Id)
+			assert.Equal(t, "Test Datasource", result.Meta.PluginJson.Name)
 		}
 	})
 }
@@ -0,0 +1,53 @@
+package meta
+
+import (
+	"context"
+	"time"
+
+	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
+)
+
+const (
+	defaultLocalTTL = 1 * time.Hour
+)
+
+// PluginAssetsCalculator is an interface for calculating plugin asset information.
+// LocalProvider requires this to calculate loading strategy and module hash.
+type PluginAssetsCalculator interface {
+	LoadingStrategy(ctx context.Context, p pluginstore.Plugin) plugins.LoadingStrategy
+	ModuleHash(ctx context.Context, p pluginstore.Plugin) string
+}
+
+// LocalProvider retrieves plugin metadata for locally installed plugins.
+// It uses the plugin store to access plugins that have already been loaded.
+type LocalProvider struct {
+	store        pluginstore.Store
+	pluginAssets PluginAssetsCalculator
+}
+
+// NewLocalProvider creates a new LocalProvider for locally installed plugins.
+// pluginAssets is required for calculating loading strategy and module hash.
+func NewLocalProvider(pluginStore pluginstore.Store, pluginAssets PluginAssetsCalculator) *LocalProvider {
+	return &LocalProvider{
+		store:        pluginStore,
+		pluginAssets: pluginAssets,
+	}
+}
+
+// GetMeta retrieves plugin metadata for locally installed plugins.
+func (p *LocalProvider) GetMeta(ctx context.Context, pluginID, version string) (*Result, error) {
+	plugin, exists := p.store.Plugin(ctx, pluginID)
+	if !exists {
+		return nil, ErrMetaNotFound
+	}
+
+	loadingStrategy := p.pluginAssets.LoadingStrategy(ctx, plugin)
+	moduleHash := p.pluginAssets.ModuleHash(ctx, plugin)
+
+	spec := pluginStorePluginToMeta(plugin, loadingStrategy, moduleHash)
+	return &Result{
+		Meta: spec,
+		TTL:  defaultLocalTTL,
+	}, nil
+}
@@ -16,7 +16,7 @@ const (

 // cachedMeta represents a cached metadata entry with expiration time
 type cachedMeta struct {
-	meta      pluginsv0alpha1.MetaJSONData
+	meta      pluginsv0alpha1.MetaSpec
 	ttl       time.Duration
 	expiresAt time.Time
 }
@@ -84,7 +84,7 @@ func (pm *ProviderManager) GetMeta(ctx context.Context, pluginID, version string
 		if err == nil {
 			// Don't cache results with a zero TTL
 			if result.TTL == 0 {
-				continue
+				return result, nil
 			}

 			pm.cacheMu.Lock()
@@ -35,10 +35,12 @@ func TestProviderManager_GetMeta(t *testing.T) {
 	ctx := context.Background()

 	t.Run("returns cached result when available and not expired", func(t *testing.T) {
-		cachedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		cachedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		provider := &mockProvider{
@@ -60,8 +62,10 @@ func TestProviderManager_GetMeta(t *testing.T) {

 		provider.getMetaFunc = func(ctx context.Context, pluginID, version string) (*Result, error) {
 			return &Result{
-				Meta: pluginsv0alpha1.MetaJSONData{Id: "different"},
-				TTL:  time.Hour,
+				Meta: pluginsv0alpha1.MetaSpec{
+					PluginJson: pluginsv0alpha1.MetaJSONData{Id: "different"},
+				},
+				TTL: time.Hour,
 			}, nil
 		}

@@ -73,10 +77,12 @@ func TestProviderManager_GetMeta(t *testing.T) {
 	})

 	t.Run("fetches from provider when not cached", func(t *testing.T) {
-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}
 		expectedTTL := 2 * time.Hour

@@ -107,19 +113,16 @@ func TestProviderManager_GetMeta(t *testing.T) {
 		assert.Equal(t, expectedTTL, cached.ttl)
 	})

-	t.Run("does not cache result with zero TTL and tries next provider", func(t *testing.T) {
-		zeroTTLMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Zero TTL Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
-		}
-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+	t.Run("does not cache result with zero TTL", func(t *testing.T) {
+		zeroTTLMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Zero TTL Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

-		provider1 := &mockProvider{
+		provider := &mockProvider{
 			getMetaFunc: func(ctx context.Context, pluginID, version string) (*Result, error) {
 				return &Result{
 					Meta: zeroTTLMeta,
@@ -127,37 +130,30 @@ func TestProviderManager_GetMeta(t *testing.T) {
 				}, nil
 			},
 		}
-		provider2 := &mockProvider{
-			getMetaFunc: func(ctx context.Context, pluginID, version string) (*Result, error) {
-				return &Result{
-					Meta: expectedMeta,
-					TTL:  time.Hour,
-				}, nil
-			},
-		}

-		pm := NewProviderManager(provider1, provider2)
+		pm := NewProviderManager(provider)

 		result, err := pm.GetMeta(ctx, "test-plugin", "1.0.0")

 		require.NoError(t, err)
 		require.NotNil(t, result)
-		assert.Equal(t, expectedMeta, result.Meta)
+		assert.Equal(t, zeroTTLMeta, result.Meta)
+		assert.Equal(t, time.Duration(0), result.TTL)

 		pm.cacheMu.RLock()
-		cached, exists := pm.cache["test-plugin:1.0.0"]
+		_, exists := pm.cache["test-plugin:1.0.0"]
 		pm.cacheMu.RUnlock()

-		assert.True(t, exists)
-		assert.Equal(t, expectedMeta, cached.meta)
-		assert.Equal(t, time.Hour, cached.ttl)
+		assert.False(t, exists, "zero TTL results should not be cached")
 	})

 	t.Run("tries next provider when first returns ErrMetaNotFound", func(t *testing.T) {
-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		provider1 := &mockProvider{
@@ -229,15 +225,19 @@ func TestProviderManager_GetMeta(t *testing.T) {
 	})

 	t.Run("skips expired cache entries", func(t *testing.T) {
-		expiredMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Expired Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expiredMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Expired Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}
-		expectedMeta := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Test Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Test Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		callCount := 0
@@ -272,15 +272,19 @@ func TestProviderManager_GetMeta(t *testing.T) {
 	})

 	t.Run("uses first successful provider", func(t *testing.T) {
-		expectedMeta1 := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Provider 1 Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta1 := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Provider 1 Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}
-		expectedMeta2 := pluginsv0alpha1.MetaJSONData{
-			Id:   "test-plugin",
-			Name: "Provider 2 Plugin",
-			Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+		expectedMeta2 := pluginsv0alpha1.MetaSpec{
+			PluginJson: pluginsv0alpha1.MetaJSONData{
+				Id:   "test-plugin",
+				Name: "Provider 2 Plugin",
+				Type: pluginsv0alpha1.MetaJSONDataTypeDatasource,
+			},
 		}

 		provider1 := &mockProvider{
@@ -331,9 +335,9 @@ func TestProviderManager_Run(t *testing.T) {

 func TestProviderManager_cleanupExpired(t *testing.T) {
 	t.Run("removes expired entries", func(t *testing.T) {
-		validMeta := pluginsv0alpha1.MetaJSONData{Id: "valid"}
-		expiredMeta1 := pluginsv0alpha1.MetaJSONData{Id: "expired1"}
-		expiredMeta2 := pluginsv0alpha1.MetaJSONData{Id: "expired2"}
+		validMeta := pluginsv0alpha1.MetaSpec{PluginJson: pluginsv0alpha1.MetaJSONData{Id: "valid"}}
+		expiredMeta1 := pluginsv0alpha1.MetaSpec{PluginJson: pluginsv0alpha1.MetaJSONData{Id: "expired1"}}
+		expiredMeta2 := pluginsv0alpha1.MetaSpec{PluginJson: pluginsv0alpha1.MetaJSONData{Id: "expired2"}}

 		provider := &mockProvider{
 			getMetaFunc: func(ctx context.Context, pluginID, version string) (*Result, error) {
@@ -14,7 +14,7 @@ var (

 // Result contains plugin metadata along with its recommended TTL.
 type Result struct {
-	Meta pluginsv0alpha1.MetaJSONData
+	Meta pluginsv0alpha1.MetaSpec
 	TTL  time.Duration
 }

@@ -121,8 +121,19 @@ func (s *MetaStorage) List(ctx context.Context, options *internalversion.ListOpt
 			continue
 		}

-		pluginMeta := createMetaFromMetaJSONData(result.Meta, plugin.Name, plugin.Namespace)
-		metaItems = append(metaItems, *pluginMeta)
+		pluginMeta := pluginsv0alpha1.Meta{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      plugin.Name,
+				Namespace: plugin.Namespace,
+			},
+			Spec: result.Meta,
+		}
+		pluginMeta.SetGroupVersionKind(schema.GroupVersionKind{
+			Group:   pluginsv0alpha1.APIGroup,
+			Version: pluginsv0alpha1.APIVersion,
+			Kind:    pluginsv0alpha1.MetaKind().Kind(),
+		})
+		metaItems = append(metaItems, pluginMeta)
 	}

 	list := &pluginsv0alpha1.MetaList{
@@ -169,27 +180,18 @@ func (s *MetaStorage) Get(ctx context.Context, name string, options *metav1.GetO
 		return nil, apierrors.NewInternalError(fmt.Errorf("failed to fetch plugin metadata: %w", err))
 	}

-	return createMetaFromMetaJSONData(result.Meta, name, ns.Value), nil
-}
-
-// createMetaFromMetaJSONData creates a Meta k8s object from MetaJSONData and plugin metadata.
-func createMetaFromMetaJSONData(pluginJSON pluginsv0alpha1.MetaJSONData, name, namespace string) *pluginsv0alpha1.Meta {
 	pluginMeta := &pluginsv0alpha1.Meta{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      name,
-			Namespace: namespace,
-		},
-		Spec: pluginsv0alpha1.MetaSpec{
-			PluginJSON: pluginJSON,
+			Name:      plugin.Name,
+			Namespace: plugin.Namespace,
 		},
+		Spec: result.Meta,
 	}
-
-	// Set the GroupVersionKind
 	pluginMeta.SetGroupVersionKind(schema.GroupVersionKind{
 		Group:   pluginsv0alpha1.APIGroup,
 		Version: pluginsv0alpha1.APIVersion,
 		Kind:    pluginsv0alpha1.MetaKind().Kind(),
 	})

-	return pluginMeta
+	return pluginMeta, nil
 }
@@ -0,0 +1,249 @@
+package app
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"slices"
+	"strings"
+	"testing"
+
+	"github.com/grafana/grafana-app-sdk/resource"
+	"github.com/stretchr/testify/require"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apiserver/pkg/endpoints/request"
+
+	pluginsv0alpha1 "github.com/grafana/grafana/apps/plugins/pkg/apis/plugins/v0alpha1"
+	"github.com/grafana/grafana/apps/plugins/pkg/app/meta"
+	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginstore"
+)
+
+func TestMetaStorageListPreload(t *testing.T) {
+	ctx := request.WithNamespace(context.Background(), "default")
+
+	preloadPlugin := pluginstore.Plugin{
+		JSONData: plugins.JSONData{
+			ID:      "test-plugin",
+			Name:    "Test Plugin",
+			Type:    plugins.TypeDataSource,
+			Info:    plugins.Info{Version: "1.0.0"},
+			Preload: true,
+		},
+	}
+	nonPreloadPlugin := pluginstore.Plugin{
+		JSONData: plugins.JSONData{
+			ID:      "test-plugin-2",
+			Name:    "Test Plugin 2",
+			Type:    plugins.TypeDataSource,
+			Info:    plugins.Info{Version: "1.0.0"},
+			Preload: false,
+		},
+	}
+
+	store := &mockPluginStore{plugins: map[string]pluginstore.Plugin{
+		"test-plugin": preloadPlugin,
+	}}
+	store2 := &mockPluginStore{plugins: map[string]pluginstore.Plugin{
+		"test-plugin-2": nonPreloadPlugin,
+	}}
+	catalogServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodGet, r.Method)
+		require.Equal(t, "application/json", r.Header.Get("Accept"))
+		require.Equal(t, "grafana-plugins-app", r.Header.Get("User-Agent"))
+
+		segments := strings.Split(strings.Trim(r.URL.Path, "/"), "/")
+		require.Len(t, segments, 5)
+		require.Equal(t, "api", segments[0])
+		require.Equal(t, "plugins", segments[1])
+		require.Equal(t, "versions", segments[3])
+
+		preload := true
+		response := struct {
+			PluginID string                       `json:"pluginSlug"`
+			Version  string                       `json:"version"`
+			JSON     pluginsv0alpha1.MetaJSONData `json:"json"`
+		}{
+			PluginID: segments[2],
+			Version:  segments[4],
+			JSON: pluginsv0alpha1.MetaJSONData{
+				Id:      segments[2],
+				Name:    segments[2],
+				Type:    pluginsv0alpha1.MetaJSONDataTypeDatasource,
+				Preload: &preload,
+			},
+		}
+
+		w.Header().Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		require.NoError(t, json.NewEncoder(w).Encode(response))
+	}))
+	defer catalogServer.Close()
+	provider := meta.NewLocalProvider(store, mockPluginAssets{})
+	provider2 := meta.NewLocalProvider(store2, mockPluginAssets{})
+	catalogProvider := meta.NewCatalogProvider(catalogServer.URL + "/api/plugins")
+	metaManager := meta.NewProviderManager(provider2, provider, catalogProvider)
+
+	pluginClient := pluginsv0alpha1.NewPluginClient(&mockResourceClient{
+		listFunc: func(ctx context.Context, namespace string, opts resource.ListOptions) (resource.ListObject, error) {
+			return newPluginList(), nil
+		},
+	})
+
+	storage := NewMetaStorage(metaManager, func(ctx context.Context) (*pluginsv0alpha1.PluginClient, error) {
+		return pluginClient, nil
+	})
+
+	obj, err := storage.List(ctx, nil)
+	require.NoError(t, err)
+
+	metaList, ok := obj.(*pluginsv0alpha1.MetaList)
+	require.True(t, ok)
+	require.Len(t, metaList.Items, 3)
+
+	require.NotNil(t, metaList.Items[0].Spec.PluginJson.Preload)
+	require.True(t, *metaList.Items[0].Spec.PluginJson.Preload)
+	require.NotNil(t, metaList.Items[1].Spec.PluginJson.Preload)
+	require.True(t, *metaList.Items[1].Spec.PluginJson.Preload)
+	require.Nil(t, metaList.Items[2].Spec.PluginJson.Preload)
+
+	obj, err = storage.List(ctx, nil)
+	require.NoError(t, err)
+	metaList, ok = obj.(*pluginsv0alpha1.MetaList)
+	require.True(t, ok)
+	require.Len(t, metaList.Items, 3)
+	require.NotNil(t, metaList.Items[0].Spec.PluginJson.Preload)
+	require.True(t, *metaList.Items[0].Spec.PluginJson.Preload)
+	require.NotNil(t, metaList.Items[1].Spec.PluginJson.Preload)
+	require.True(t, *metaList.Items[1].Spec.PluginJson.Preload)
+	require.Nil(t, metaList.Items[2].Spec.PluginJson.Preload)
+}
+
+type mockPluginAssets struct{}
+
+func (mockPluginAssets) LoadingStrategy(ctx context.Context, p pluginstore.Plugin) plugins.LoadingStrategy {
+	return plugins.LoadingStrategyFetch
+}
+
+func (mockPluginAssets) ModuleHash(ctx context.Context, p pluginstore.Plugin) string {
+	return "hash"
+}
+
+type mockPluginStore struct {
+	plugins map[string]pluginstore.Plugin
+}
+
+func (m *mockPluginStore) Plugin(ctx context.Context, pluginID string) (pluginstore.Plugin, bool) {
+	if m.plugins[pluginID].ID != pluginID {
+		return pluginstore.Plugin{}, false
+	}
+	return m.plugins[pluginID], true
+}
+
+func (m *mockPluginStore) Plugins(ctx context.Context, pluginTypes ...plugins.Type) []pluginstore.Plugin {
+	result := []pluginstore.Plugin{}
+	for _, plugin := range m.plugins {
+		if len(pluginTypes) == 0 || slices.Contains(pluginTypes, plugin.Type) {
+			result = append(result, plugin)
+		}
+	}
+	return result
+}
+
+func newPluginList() *pluginsv0alpha1.PluginList {
+	return &pluginsv0alpha1.PluginList{
+		Items: []pluginsv0alpha1.Plugin{
+			{
+				ObjectMeta: metav1.ObjectMeta{Name: "grafana-plugins-app", Namespace: "org-1"},
+				Spec:       pluginsv0alpha1.PluginSpec{Id: "grafana-plugins-app", Version: "1.0.0"},
+			},
+			{
+				ObjectMeta: metav1.ObjectMeta{Name: "test-plugin", Namespace: "org-1"},
+				Spec:       pluginsv0alpha1.PluginSpec{Id: "test-plugin", Version: "1.0.0"},
+			},
+			{
+				ObjectMeta: metav1.ObjectMeta{Name: "test-plugin-2", Namespace: "org-1"},
+				Spec:       pluginsv0alpha1.PluginSpec{Id: "test-plugin-2", Version: "1.0.0"},
+			},
+		},
+	}
+}
+
+type mockResourceClient struct {
+	listFunc func(ctx context.Context, namespace string, opts resource.ListOptions) (resource.ListObject, error)
+}
+
+func (m *mockResourceClient) List(ctx context.Context, namespace string, opts resource.ListOptions) (resource.ListObject, error) {
+	if m.listFunc != nil {
+		return m.listFunc(ctx, namespace, opts)
+	}
+	return &pluginsv0alpha1.PluginList{}, nil
+}
+
+func (m *mockResourceClient) ListInto(ctx context.Context, namespace string, opts resource.ListOptions, into resource.ListObject) error {
+	list, err := m.List(ctx, namespace, opts)
+	if err != nil {
+		return err
+	}
+	if src, ok := list.(*pluginsv0alpha1.PluginList); ok {
+		if dst, ok := into.(*pluginsv0alpha1.PluginList); ok {
+			*dst = *src
+		}
+	}
+	return nil
+}
+
+func (m *mockResourceClient) Get(ctx context.Context, identifier resource.Identifier) (resource.Object, error) {
+	return nil, nil
+}
+
+func (m *mockResourceClient) GetInto(ctx context.Context, identifier resource.Identifier, into resource.Object) error {
+	return nil
+}
+
+func (m *mockResourceClient) Create(ctx context.Context, identifier resource.Identifier, obj resource.Object, opts resource.CreateOptions) (resource.Object, error) {
+	return nil, nil
+}
+
+func (m *mockResourceClient) CreateInto(ctx context.Context, identifier resource.Identifier, obj resource.Object, opts resource.CreateOptions, into resource.Object) error {
+	return nil
+}
+
+func (m *mockResourceClient) Update(ctx context.Context, identifier resource.Identifier, obj resource.Object, opts resource.UpdateOptions) (resource.Object, error) {
+	return nil, nil
+}
+
+func (m *mockResourceClient) UpdateInto(ctx context.Context, identifier resource.Identifier, obj resource.Object, opts resource.UpdateOptions, into resource.Object) error {
+	return nil
+}
+
+func (m *mockResourceClient) Patch(ctx context.Context, identifier resource.Identifier, patch resource.PatchRequest, opts resource.PatchOptions) (resource.Object, error) {
+	return nil, nil
+}
+
+func (m *mockResourceClient) PatchInto(ctx context.Context, identifier resource.Identifier, patch resource.PatchRequest, opts resource.PatchOptions, into resource.Object) error {
+	return nil
+}
+
+func (m *mockResourceClient) Delete(ctx context.Context, identifier resource.Identifier, opts resource.DeleteOptions) error {
+	return nil
+}
+
+func (m *mockResourceClient) SubresourceRequest(ctx context.Context, identifier resource.Identifier, req resource.CustomRouteRequestOptions) ([]byte, error) {
+	return nil, nil
+}
+
+func (m *mockResourceClient) Watch(ctx context.Context, namespace string, opts resource.WatchOptions) (resource.WatchResponse, error) {
+	return &mockWatchResponse{}, nil
+}
+
+type mockWatchResponse struct{}
+
+func (m *mockWatchResponse) Stop() {}
+
+func (m *mockWatchResponse) WatchEvents() <-chan resource.WatchEvent {
+	ch := make(chan resource.WatchEvent)
+	close(ch)
+	return ch
+}
@@ -198,7 +198,6 @@ type JobStatus struct {
 	Finished int64    `json:"finished,omitempty"`
 	Message  string   `json:"message,omitempty"`
 	Errors   []string `json:"errors,omitempty"`
-	Warnings []string `json:"warnings,omitempty"`

 	// Optional value 0-100 that can be set while running
 	Progress float64 `json:"progress,omitempty"`
@@ -226,20 +225,18 @@ type JobResourceSummary struct {
 	Kind  string `json:"kind,omitempty"`
 	Total int64  `json:"total,omitempty"` // the count (if known)

-	Create  int64 `json:"create,omitempty"`
-	Update  int64 `json:"update,omitempty"`
-	Delete  int64 `json:"delete,omitempty"`
-	Write   int64 `json:"write,omitempty"`   // Create or update (export)
-	Error   int64 `json:"error,omitempty"`   // The error count
-	Warning int64 `json:"warning,omitempty"` // The warning count
+	Create int64 `json:"create,omitempty"`
+	Update int64 `json:"update,omitempty"`
+	Delete int64 `json:"delete,omitempty"`
+	Write  int64 `json:"write,omitempty"` // Create or update (export)
+	Error  int64 `json:"error,omitempty"` // The error count

 	// No action required (useful for sync)
 	Noop int64 `json:"noop,omitempty"`

-	// Report errors/warnings for this resource type
+	// Report errors for this resource type
 	// This may not be an exhaustive list and recommend looking at the logs for more info
-	Errors   []string `json:"errors,omitempty"`
-	Warnings []string `json:"warnings,omitempty"`
+	Errors []string `json:"errors,omitempty"`
 }

 // HistoricJob is an append only log, saving all jobs that have been processed.
@@ -401,11 +401,6 @@ func (in *JobResourceSummary) DeepCopyInto(out *JobResourceSummary) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.Warnings != nil {
-		in, out := &in.Warnings, &out.Warnings
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 	return
 }

@@ -473,11 +468,6 @@ func (in *JobStatus) DeepCopyInto(out *JobStatus) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.Warnings != nil {
-		in, out := &in.Warnings, &out.Warnings
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
 	if in.Summary != nil {
 		in, out := &in.Summary, &out.Summary
 		*out = make([]*JobResourceSummary, len(*in))
@@ -889,13 +889,6 @@ func schema_pkg_apis_provisioning_v0alpha1_JobResourceSummary(ref common.Referen
 							Format:      "int64",
 						},
 					},
-					"warning": {
-						SchemaProps: spec.SchemaProps{
-							Description: "The error count",
-							Type:        []string{"integer"},
-							Format:      "int64",
-						},
-					},
 					"noop": {
 						SchemaProps: spec.SchemaProps{
 							Description: "No action required (useful for sync)",
@@ -905,7 +898,7 @@ func schema_pkg_apis_provisioning_v0alpha1_JobResourceSummary(ref common.Referen
 					},
 					"errors": {
 						SchemaProps: spec.SchemaProps{
-							Description: "Report errors/warnings for this resource type This may not be an exhaustive list and recommend looking at the logs for more info",
+							Description: "Report errors for this resource type This may not be an exhaustive list and recommend looking at the logs for more info",
 							Type:        []string{"array"},
 							Items: &spec.SchemaOrArray{
 								Schema: &spec.Schema{
@@ -918,20 +911,6 @@ func schema_pkg_apis_provisioning_v0alpha1_JobResourceSummary(ref common.Referen
 							},
 						},
 					},
-					"warnings": {
-						SchemaProps: spec.SchemaProps{
-							Type: []string{"array"},
-							Items: &spec.SchemaOrArray{
-								Schema: &spec.Schema{
-									SchemaProps: spec.SchemaProps{
-										Default: "",
-										Type:    []string{"string"},
-										Format:  "",
-									},
-								},
-							},
-						},
-					},
 				},
 			},
 		},
@@ -1050,20 +1029,6 @@ func schema_pkg_apis_provisioning_v0alpha1_JobStatus(ref common.ReferenceCallbac
 							},
 						},
 					},
-					"warnings": {
-						SchemaProps: spec.SchemaProps{
-							Type: []string{"array"},
-							Items: &spec.SchemaOrArray{
-								Schema: &spec.Schema{
-									SchemaProps: spec.SchemaProps{
-										Default: "",
-										Type:    []string{"string"},
-										Format:  "",
-									},
-								},
-							},
-						},
-					},
 					"progress": {
 						SchemaProps: spec.SchemaProps{
 							Description: "Optional value 0-100 that can be set while running",
@@ -3,10 +3,8 @@ API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioni
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,FileList,Items
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,HistoryList,Items
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,JobResourceSummary,Errors
-API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,JobResourceSummary,Warnings
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,JobStatus,Errors
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,JobStatus,Summary
-API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,JobStatus,Warnings
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,ManagerStats,Stats
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,MoveJobOptions,Paths
 API rule violation: list_type_missing,github.com/grafana/grafana/apps/provisioning/pkg/apis/provisioning/v0alpha1,MoveJobOptions,Resources
@@ -7,18 +7,16 @@ package v0alpha1
 // JobResourceSummaryApplyConfiguration represents a declarative configuration of the JobResourceSummary type for use
 // with apply.
 type JobResourceSummaryApplyConfiguration struct {
-	Group    *string  `json:"group,omitempty"`
-	Kind     *string  `json:"kind,omitempty"`
-	Total    *int64   `json:"total,omitempty"`
-	Create   *int64   `json:"create,omitempty"`
-	Update   *int64   `json:"update,omitempty"`
-	Delete   *int64   `json:"delete,omitempty"`
-	Write    *int64   `json:"write,omitempty"`
-	Error    *int64   `json:"error,omitempty"`
-	Warning  *int64   `json:"warning,omitempty"`
-	Noop     *int64   `json:"noop,omitempty"`
-	Errors   []string `json:"errors,omitempty"`
-	Warnings []string `json:"warnings,omitempty"`
+	Group  *string  `json:"group,omitempty"`
+	Kind   *string  `json:"kind,omitempty"`
+	Total  *int64   `json:"total,omitempty"`
+	Create *int64   `json:"create,omitempty"`
+	Update *int64   `json:"update,omitempty"`
+	Delete *int64   `json:"delete,omitempty"`
+	Write  *int64   `json:"write,omitempty"`
+	Error  *int64   `json:"error,omitempty"`
+	Noop   *int64   `json:"noop,omitempty"`
+	Errors []string `json:"errors,omitempty"`
 }

 // JobResourceSummaryApplyConfiguration constructs a declarative configuration of the JobResourceSummary type for use with
@@ -91,14 +89,6 @@ func (b *JobResourceSummaryApplyConfiguration) WithError(value int64) *JobResour
 	return b
 }

-// WithWarning sets the Warning field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Warning field is set to the value of the last call.
-func (b *JobResourceSummaryApplyConfiguration) WithWarning(value int64) *JobResourceSummaryApplyConfiguration {
-	b.Warning = &value
-	return b
-}
-
 // WithNoop sets the Noop field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Noop field is set to the value of the last call.
@@ -116,13 +106,3 @@ func (b *JobResourceSummaryApplyConfiguration) WithErrors(values ...string) *Job
 	}
 	return b
 }
-
-// WithWarnings adds the given value to the Warnings field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Warnings field.
-func (b *JobResourceSummaryApplyConfiguration) WithWarnings(values ...string) *JobResourceSummaryApplyConfiguration {
-	for i := range values {
-		b.Warnings = append(b.Warnings, values[i])
-	}
-	return b
-}
@@ -16,7 +16,6 @@ type JobStatusApplyConfiguration struct {
 	Finished *int64                                     `json:"finished,omitempty"`
 	Message  *string                                    `json:"message,omitempty"`
 	Errors   []string                                   `json:"errors,omitempty"`
-	Warnings []string                                   `json:"warnings,omitempty"`
 	Progress *float64                                   `json:"progress,omitempty"`
 	Summary  []*provisioningv0alpha1.JobResourceSummary `json:"summary,omitempty"`
 	URLs     *RepositoryURLsApplyConfiguration          `json:"url,omitempty"`
@@ -70,16 +69,6 @@ func (b *JobStatusApplyConfiguration) WithErrors(values ...string) *JobStatusApp
 	return b
 }

-// WithWarnings adds the given value to the Warnings field in the declarative configuration
-// and returns the receiver, so that objects can be build by chaining "With" function invocations.
-// If called multiple times, values provided by each call will be appended to the Warnings field.
-func (b *JobStatusApplyConfiguration) WithWarnings(values ...string) *JobStatusApplyConfiguration {
-	for i := range values {
-		b.Warnings = append(b.Warnings, values[i])
-	}
-	return b
-}
-
 // WithProgress sets the Progress field in the declarative configuration to the given value
 // and returns the receiver, so that objects can be built by chaining "With" function invocations.
 // If called multiple times, the Progress field is set to the value of the last call.
@@ -211,12 +211,6 @@ type ScopeNavigationSpec struct {
 	Scope string `json:"scope"`
 	// Used to navigate to a sub-scope of the main scope. URL will not be used if this is set.
 	SubScope string `json:"subScope,omitempty"`
-	// Preload the subscope children, as soon as the ScopeNavigation is loaded.
-	PreLoadSubScopeChildren bool `json:"preLoadSubScopeChildren,omitempty"`
-	// Expands to display the subscope children when the ScopeNavigation is loaded.
-	ExpandOnLoad bool `json:"expandOnLoad,omitempty"`
-	// Makes the subscope not selectable, only serving as a way to build the tree.
-	DisableSubScopeSelection bool `json:"disableSubScopeSelection,omitempty"`
 }

 // Type of the item.
@@ -642,27 +642,6 @@ func schema_pkg_apis_scope_v0alpha1_ScopeNavigationSpec(ref common.ReferenceCall
 							Format:      "",
 						},
 					},
-					"preLoadSubScopeChildren": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Preload the subscope children, as soon as the ScopeNavigation is loaded.",
-							Type:        []string{"boolean"},
-							Format:      "",
-						},
-					},
-					"expandOnLoad": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Expands to display the subscope children when the ScopeNavigation is loaded.",
-							Type:        []string{"boolean"},
-							Format:      "",
-						},
-					},
-					"disableSubScopeSelection": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Makes the subscope not selectable, only serving as a way to build the tree.",
-							Type:        []string{"boolean"},
-							Format:      "",
-						},
-					},
 				},
 				Required: []string{"url", "scope"},
 			},
@@ -1327,10 +1327,6 @@ alertmanager_max_silences_count =
 # Maximum silence size in bytes. Default: 0 (no limit).
 alertmanager_max_silence_size_bytes =

-# Maximum size of the expanded template output in bytes. Default: 10485760 (0 - no limit).
-# The result of template expansion will be truncated to the limit.
-alertmanager_max_template_output_bytes =
-
 # Redis server address or addresses. It can be a single Redis address if using Redis standalone,
 # or a list of comma-separated addresses if using Redis Cluster/Sentinel.
 ha_redis_address =
@@ -75,9 +75,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -152,9 +152,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -229,9 +229,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -306,9 +306,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -383,9 +383,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -460,9 +460,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": false,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -537,9 +537,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": false,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -627,9 +627,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -704,9 +704,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -781,9 +781,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -858,9 +858,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": false,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -952,9 +952,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1029,9 +1029,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1106,9 +1106,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1183,9 +1183,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1260,9 +1260,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": false,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": false
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1354,9 +1354,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1435,9 +1435,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1516,9 +1516,9 @@
        "effects": {
          "barGlow": false,
          "centerGlow": false,
-          "gradient": true,
          "rounded": false,
-          "spotlight": false
+          "spotlight": false,
+          "gradient": true
        },
        "orientation": "auto",
        "reduceOptions": {
@@ -1565,6 +1565,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1605,9 +1606,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1630,6 +1631,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 98,
          "min": 5,
          "noise": 22,
@@ -1647,6 +1649,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1687,9 +1690,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1712,6 +1715,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 98,
          "min": 5,
          "noise": 22,
@@ -1742,6 +1746,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1783,9 +1788,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1808,6 +1813,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 8,
          "min": 1,
          "noise": 2,
@@ -1825,6 +1831,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1866,9 +1873,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1891,6 +1898,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 12,
          "min": 1,
          "noise": 2,
@@ -1908,6 +1916,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -1948,9 +1957,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -1973,6 +1982,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 100,
          "min": 10,
          "noise": 22,
@@ -1990,6 +2000,7 @@
      "datasource": {
        "type": "grafana-testdata-datasource"
      },
+      "description": "",
      "fieldConfig": {
        "defaults": {
          "color": {
@@ -2030,9 +2041,9 @@
        "effects": {
          "barGlow": true,
          "centerGlow": true,
-          "gradient": true,
          "rounded": true,
-          "spotlight": true
+          "spotlight": true,
+          "gradient": true
        },
        "glow": "both",
        "orientation": "auto",
@@ -2055,6 +2066,7 @@
          "datasource": {
            "type": "grafana-testdata-datasource"
          },
+          "hide": false,
          "max": 100,
          "min": 10,
          "noise": 22,
@@ -2067,147 +2079,6 @@
      ],
      "title": "Backend",
      "type": "radialbar"
-    },
-    {
-      "collapsed": false,
-      "gridPos": {
-        "h": 1,
-        "w": 24,
-        "x": 0,
-        "y": 66
-      },
-      "id": 35,
-      "panels": [],
-      "title": "Empty data",
-      "type": "row"
-    },
-    {
-      "datasource": {
-        "type": "grafana-testdata-datasource"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": 0
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          }
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 6,
-        "x": 0,
-        "y": 67
-      },
-      "id": 36,
-      "options": {
-        "barWidthFactor": 0.5,
-        "effects": {
-          "barGlow": false,
-          "centerGlow": false,
-          "gradient": true,
-          "rounded": false,
-          "spotlight": false
-        },
-        "orientation": "auto",
-        "reduceOptions": {
-          "calcs": ["lastNotNull"],
-          "fields": "",
-          "values": false
-        },
-        "segmentCount": 1,
-        "segmentSpacing": 0.3,
-        "shape": "gauge",
-        "showThresholdLabels": false,
-        "showThresholdMarkers": true,
-        "sparkline": true
-      },
-      "pluginVersion": "13.0.0-pre",
-      "targets": [
-        {
-          "refId": "A",
-          "scenarioId": "random_walk",
-          "seriesCount": 0
-        }
-      ],
-      "title": "Numeric, no series",
-      "type": "gauge"
-    },
-    {
-      "datasource": {
-        "type": "grafana-testdata-datasource"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "thresholds"
-          },
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": 0
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          }
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 6,
-        "x": 6,
-        "y": 67
-      },
-      "id": 37,
-      "options": {
-        "barWidthFactor": 0.5,
-        "effects": {
-          "barGlow": false,
-          "centerGlow": false,
-          "gradient": true,
-          "rounded": false,
-          "spotlight": false
-        },
-        "orientation": "auto",
-        "reduceOptions": {
-          "calcs": ["lastNotNull"],
-          "fields": "",
-          "values": false
-        },
-        "segmentCount": 1,
-        "segmentSpacing": 0.3,
-        "shape": "gauge",
-        "showThresholdLabels": false,
-        "showThresholdMarkers": true,
-        "sparkline": true
-      },
-      "pluginVersion": "13.0.0-pre",
-      "targets": [
-        {
-          "refId": "A",
-          "scenarioId": "logs"
-        }
-      ],
-      "title": "Non-numeric",
-      "type": "gauge"
    }
  ],
  "preload": false,
@@ -2224,5 +2095,5 @@
  "timezone": "browser",
  "title": "Panel tests - Gauge (new)",
  "uid": "panel-tests-gauge-new",
-  "version": 9
+  "version": 6
 }
@@ -210,7 +210,6 @@ navigationTree:
    url: /d/UTv--wqMk
    scope: shoe-org
    subScope: apparel
-    disableSubScopeSelection: true
    children:
      - name: apparel-product-overview
        title: Product Overview
@@ -77,24 +77,22 @@ type TreeNode struct {
 }

 type NavigationConfig struct {
-	URL                      string   `yaml:"url"`                      // URL path (e.g., /d/abc123 or /explore)
-	Scope                    string   `yaml:"scope"`                    // Required scope
-	SubScope                 string   `yaml:"subScope"`                 // Optional subScope for hierarchical navigation
-	Title                    string   `yaml:"title"`                    // Display title
-	Groups                   []string `yaml:"groups"`                   // Optional groups for categorization
-	DisableSubScopeSelection bool     `yaml:"disableSubScopeSelection"` // Makes the subscope not selectable
+	URL      string   `yaml:"url"`      // URL path (e.g., /d/abc123 or /explore)
+	Scope    string   `yaml:"scope"`    // Required scope
+	SubScope string   `yaml:"subScope"` // Optional subScope for hierarchical navigation
+	Title    string   `yaml:"title"`    // Display title
+	Groups   []string `yaml:"groups"`   // Optional groups for categorization
 }

 // NavigationTreeNode represents a node in the navigation tree structure
 type NavigationTreeNode struct {
-	Name                     string               `yaml:"name"`
-	Title                    string               `yaml:"title"`
-	URL                      string               `yaml:"url"`
-	Scope                    string               `yaml:"scope"`
-	SubScope                 string               `yaml:"subScope,omitempty"`
-	Groups                   []string             `yaml:"groups,omitempty"`
-	DisableSubScopeSelection bool                 `yaml:"disableSubScopeSelection,omitempty"`
-	Children                 []NavigationTreeNode `yaml:"children,omitempty"`
+	Name     string               `yaml:"name"`
+	Title    string               `yaml:"title"`
+	URL      string               `yaml:"url"`
+	Scope    string               `yaml:"scope"`
+	SubScope string               `yaml:"subScope,omitempty"`
+	Groups   []string             `yaml:"groups,omitempty"`
+	Children []NavigationTreeNode `yaml:"children,omitempty"`
 }

 // Helper function to convert ScopeFilterConfig to v0alpha1.ScopeFilter
@@ -315,9 +313,8 @@ func (c *Client) createScopeNavigation(name string, nav NavigationConfig) error
 	prefixedScope := prefix + "-" + nav.Scope

 	spec := v0alpha1.ScopeNavigationSpec{
-		URL:                      nav.URL,
-		Scope:                    prefixedScope,
-		DisableSubScopeSelection: nav.DisableSubScopeSelection,
+		URL:   nav.URL,
+		Scope: prefixedScope,
 	}

 	if nav.SubScope != "" {
@@ -407,10 +404,9 @@ func treeToNavigations(node NavigationTreeNode, parentPath []string, dashboardCo

 	// Create navigation for this node
 	nav := NavigationConfig{
-		URL:                      url,
-		Scope:                    node.Scope,
-		Title:                    node.Title,
-		DisableSubScopeSelection: node.DisableSubScopeSelection,
+		URL:   url,
+		Scope: node.Scope,
+		Title: node.Title,
 	}
 	if node.SubScope != "" {
 		nav.SubScope = node.SubScope
@@ -7,8 +7,8 @@ MAKEFLAGS += --no-builtin-rule

 include docs.mk

-.PHONY: sources/visualizations/panels-visualizations/query-transform-data/transform-data/index.md
-sources/visualizations/panels-visualizations/query-transform-data/transform-data/index.md: ## Generate the Transform Data page source.
+.PHONY: sources/panels-visualizations/query-transform-data/transform-data/index.md
+sources/panels-visualizations/query-transform-data/transform-data/index.md: ## Generate the Transform Data page source.
 	cd $(CURDIR)/.. && \
 	npx tsx ./scripts/docs/generate-transformations.ts && \
 	npx prettier -w $(CURDIR)/$@
@@ -21,28 +21,11 @@ weight: 120

 # Install a plugin

-{{< admonition type="note" >}}
-
-Installing plugins from the Grafana website into a Grafana Cloud instance will be removed in February 2026.
-
-If you're a Grafana Cloud user, follow [Install a plugin through the Grafana UI](#install-a-plugin-through-the-grafana-uiinstall-a-plugin-through-the-grafana-ui) instead.
-
-{{< /admonition >}}
-
-## Install a plugin through the Grafana UI
-
-The most common way to install a plugin is through the Grafana UI.
-
-1. In Grafana, click **Administration > Plugins and data > Plugins** in the side navigation menu to view all plugins.
-1. Browse and find a plugin.
-1. Click the plugin's logo.
-1. Click **Install**.
-
-You can use use the following alternative methods to install a plugin depending on your environment or setup.
+Besides the UI, you can use alternative methods to install a plugin depending on your environment or set-up.

 ## Install a plugin using Grafana CLI

-The Grafana CLI allows you to install, upgrade, and manage your Grafana plugins using a command line tool. For more information about Grafana CLI plugin commands, refer to [Plugin commands](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/cli/#plugins-commands).
+The Grafana CLI allows you to install, upgrade, and manage your Grafana plugins using a command line tool. For more information about Grafana CLI plugin commands, refer to [Plugin commands](/docs/grafana/<GRAFANA_VERSION>/cli/#plugins-commands).

 ## Install a plugin from a ZIP file

@@ -44,7 +44,7 @@ refs:
      destination: /docs/grafana-cloud/alerting-and-irm/oncall/user-and-team-management/#available-grafana-oncall-rbac-roles--granted-actions
 ---

-# Grafana RBAC role definitions
+# RBAC role definitions

 {{< admonition type="note" >}}
 Available in [Grafana Enterprise](/docs/grafana/<GRAFANA_VERSION>/introduction/grafana-enterprise/) and [Grafana Cloud](/docs/grafana-cloud).
@@ -59,7 +59,7 @@ The following tables list permissions associated with basic and fixed roles. Thi
 | Grafana Admin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | `basic_grafana_admin`                                                                                                                                    |
 | `fixed:authentication.config:writer`<br>`fixed:general.auth.config:writer`<br>`fixed:ldap:writer`<br>`fixed:licensing:writer`<br>`fixed:migrationassistant:migrator`<br>`fixed:org.users:writer`<br>`fixed:organization:maintainer`<br>`fixed:plugins:maintainer`<br>`fixed:provisioning:writer`<br>`fixed:roles:writer`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:stats:reader`<br>`fixed:support.bundles:writer`<br>`fixed:usagestats:reader`<br>`fixed:users:writer` | Default [Grafana server administrator](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators) assignments. |
 | Admin                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | `basic_admin`                                                                                                                                            | All roles assigned to Editor and `fixed:reports:writer` <br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:writer`<br>`fixed:dashboards.public:writer`<br>`fixed:folders:writer`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer`<br>`fixed:datasources.caching:writer`<br>`fixed:plugins:writer`<br>`fixed:library.panels:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments. |
-| Editor                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `basic_editor`                                                                                                                                           | All roles assigned to Viewer and `fixed:datasources:explorer` <br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:alerting:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.provenance:writer`                                                                                                                                                                                                                                                                        | Default [Editor](ref:rbac-basic-roles) assignments.                             |
+| Editor                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `basic_editor`                                                                                                                                           | All roles assigned to Viewer and `fixed:datasources:explorer` <br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:alerting:writer`<br>`fixed:library.panels:creator`<br>`fixed:library.panels:general.writer`<br>`fixed:alerting.provisioning.status:writer`                                                                                                                                                                                                                                                                            | Default [Editor](ref:rbac-basic-roles) assignments.                             |
 | Viewer                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | `basic_viewer`                                                                                                                                           | `fixed:datasources.id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`<br>`fixed:plugins.app:reader`<br>`fixed:dashboards.insights:reader`<br>`fixed:datasources.insights:reader`<br>`fixed:library.panels:general.reader`<br>`fixed:folders.general:reader`<br>`fixed:datasources.builtin:reader`                                                                                                                                                                                             | Default [Viewer](ref:rbac-basic-roles) assignments.                             |
 | No Basic Role                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | n/a                                                                                                                                                      |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | Default [No Basic Role](ref:rbac-basic-roles)                                   |

@@ -74,86 +74,86 @@ These UUIDs won't be available if your instance was created before Grafana v10.2
 To learn how to use the roles API to determine the role UUIDs, refer to [Manage RBAC roles](ref:rbac-manage-rbac-roles).
 {{< /admonition >}}

-| Fixed role                                      | UUID                                | Permissions                                                                                                                                                                                                                                                                 | Description                                                                                                                                                                                                                                                                           |
-| ----------------------------------------------- | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `fixed:alerting:reader`                         | `fixed_O2oP1_uBFozI2i93klAkcvEWR30` | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                           | Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules\*, alerts, contact points, and notification policies.[\*](#alerting-roles)                                                                                                                            |
-| `fixed:alerting:writer`                         | `fixed_-PAZgSJsDlRD8NUg-PFSeH_BkJY` | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer`                                                                                                                                           | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules\*, silences, contact points, templates, mute timings, and notification policies.[\*](#alerting-roles)                                                                                                    |
-| `fixed:alerting.instances:reader`               | `fixed_ut5fVS-Ulh_ejFoskFhJT_rYg0Y` | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                                | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences.[\*](#alerting-roles)                                                                                                                                              |
-| `fixed:alerting.instances:writer`               | `fixed_pKOBJE346uyqMLdgWbk1NsQfEl0` | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                                   | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki.[\*](#alerting-roles)                                                                                                                                                                 |
-| `fixed:alerting.notifications:reader`           | `fixed_hmBn0lX5h1RZXB9Vaot420EEdA0` | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                          | Read all Grafana and Alertmanager contact points, templates, and notification policies.[\*](#alerting-roles)                                                                                                                                                                          |
-| `fixed:alerting.notifications:writer`           | `fixed_XplK6HPNxf9AP5IGTdB5Iun4tJc` | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                        | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager.[\*](#alerting-roles)                                                                                                                              |
-| `fixed:alerting.provisioning:writer`            | `fixed_y7pFjdEkxpx5ETdcxPvp0AgRuUo` | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                    | Create, update and delete Grafana alert rules, notification policies, contact points, templates, etc via provisioning API. [\*](#alerting-roles)                                                                                                                                      |
-| `fixed:alerting.provisioning.secrets:reader`    | `fixed_9fmzXXZZG-Od0Amy2ofEG8Uk--c` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                             | Read-only permissions for Provisioning API and let export resources with decrypted secrets [\*](#alerting-roles)                                                                                                                                                                      |
-| `fixed:alerting.provisioning.provenance:writer` | `fixed_eAxlzfkTuobvKEgXHveFMBZrOj8` | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                       | Set provenance status to alert rules, notification policies, contact points, etc. Should be used together with regular writer roles. [\*](#alerting-roles)                                                                                                                            |
-| `fixed:alerting.rules:reader`                   | `fixed_fRGKL_vAqUsmUWq5EYKnOha9DcA` | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list`                                                          | Read all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and read rule-specific silences                                                                                                                                                                                 |
-| `fixed:alerting.rules:writer`                   | `fixed_YJJGwAalUwDZPrXSyFH8GfYBXAc` | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and manage rule-specific silences                                                                                                                                                         |
-| `fixed:annotations:reader`                      | `fixed_hpZnoizrfAJsrceNcNQqWYV-xNU` | `annotations:read` for scopes `annotations:type:*`                                                                                                                                                                                                                          | Read all annotations and annotation tags.                                                                                                                                                                                                                                             |
-| `fixed:annotations:writer`                      | `fixed_ZVW-Aa9Tzle6J4s2aUFcq1StKWE` | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*`                                                                                                                    | Read, create, update and delete all annotations and annotation tags.                                                                                                                                                                                                                  |
-| `fixed:annotations.dashboard:writer`            | `fixed_8A775xenXeKaJk4Cr7bchP9yXOA` | `annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:dashboard`                                                                                                                                                                | Create, update and delete dashboard annotations and annotation tags.                                                                                                                                                                                                                  |
-| `fixed:authentication.config:writer`            | `fixed_0rYhZ2Qnzs8AdB1nX7gexk3fHDw` | `settings:read` for scope `settings:auth.saml:*` <br> `settings:write` for scope `settings:auth.saml:*`                                                                                                                                                                     | Read and update authentication and SAML settings.                                                                                                                                                                                                                                     |
-| `fixed:general.auth.config:writer`              | `fixed_QFxIT_FGtBqbIVJIwx1bLgI5z6c` | `settings:read` for scope `settings:auth:oauth_allow_insecure_email_lookup` <br> `settings:write` for scope `settings:auth:oauth_allow_insecure_email_lookup`                                                                                                               | Read and update the Grafana instance's general authentication configuration settings.                                                                                                                                                                                                 |
-| `fixed:dashboards:creator`                      | `fixed_ZorKUcEPCM01A1fPakEzGBUyU64` | `dashboards:create`<br>`folders:read`                                                                                                                                                                                                                                       | Create dashboards.                                                                                                                                                                                                                                                                    |
-| `fixed:dashboards:reader`                       | `fixed_Sgr67JTOhjQGFlzYRahOe45TdWM` | `dashboards:read`                                                                                                                                                                                                                                                           | Read all dashboards.                                                                                                                                                                                                                                                                  |
-| `fixed:dashboards:writer`                       | `fixed_OK2YOQGIoI1G031hVzJB6rAJQAs` | All permissions from `fixed:dashboards:reader` and <br>`dashboards:write`<br>`dashboards:delete`<br>`dashboards:create`<br>`dashboards.permissions:read`<br>`dashboards.permissions:write`                                                                                  | Read, create, update, and delete all dashboards.                                                                                                                                                                                                                                      |
-| `fixed:dashboards.insights:reader`              | `fixed_JlBJ2_gizP8zhgaeGE2rjyZe2Rs` | `dashboards.insights:read`                                                                                                                                                                                                                                                  | Read dashboard insights data and see presence indicators.                                                                                                                                                                                                                             |
-| `fixed:dashboards.permissions:reader`           | `fixed_f17oxuXW_58LL8mYJsm4T_mCeIw` | `dashboards.permissions:read`                                                                                                                                                                                                                                               | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
-| `fixed:dashboards.permissions:writer`           | `fixed_CcznxhWX_Yqn8uWMXMQ-b5iFW9k` | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                           | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
-| `fixed:dashboards.public:writer`                | `fixed_f_GHHRBciaqESXfGz2oCcooqHxs` | `dashboards.public:write`                                                                                                                                                                                                                                                   | Create, update, delete or pause a shared dashboard.                                                                                                                                                                                                                                   |
-| `fixed:datasources:creator`                     | `fixed_XX8jHREgUt-wo1A-rPXIiFlX6Zw` | `datasources:create`                                                                                                                                                                                                                                                        | Create data sources.                                                                                                                                                                                                                                                                  |
-| `fixed:datasources:explorer`                    | `fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw` | `datasources:explore`                                                                                                                                                                                                                                                       | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
-| `fixed:datasources:reader`                      | `fixed_C2x8IxkiBc1KZVjyYH775T9jNMQ` | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                                   | Read and query data sources.                                                                                                                                                                                                                                                          |
-| `fixed:datasources:writer`                      | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | All permissions from `fixed:datasources:reader` and <br>`datasources:create`<br>`datasources:write`<br>`datasources:delete`                                                                                                                                                 | Read, query, create, delete, or update a data source.                                                                                                                                                                                                                                 |
-| `fixed:datasources.builtin:reader`              | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | `datasources:read` and `datasources:query` scoped to `datasources:uid:grafana`                                                                                                                                                                                              | An internal role used to grant Viewers access to the builtin example data source in Grafana.                                                                                                                                                                                          |
-| `fixed:datasources.caching:reader`              | `fixed_D2ddpGxJYlw0mbsTS1ek9fj0kj4` | `datasources.caching:read`                                                                                                                                                                                                                                                  | Read data source query caching settings.                                                                                                                                                                                                                                              |
-| `fixed:datasources.caching:writer`              | `fixed_JtFjHr7jd7hSqUYcktKvRvIOGRE` | `datasources.caching:read`<br>`datasources.caching:write`                                                                                                                                                                                                                   | Enable, disable, or update query caching settings.                                                                                                                                                                                                                                    |
-| `fixed:datasources.id:reader`                   | `fixed_entg--fHmDqWY2-69N0ocawK0Os` | `datasources.id:read`                                                                                                                                                                                                                                                       | Read the ID of a data source based on its name.                                                                                                                                                                                                                                       |
-| `fixed:datasources.insights:reader`             | `fixed_EBZ3NwlfecNPp2p0XcZRC1nfEYk` | `datasources.insights:read`                                                                                                                                                                                                                                                 | Read data source insights data.                                                                                                                                                                                                                                                       |
-| `fixed:datasources.permissions:reader`          | `fixed_ErYA-cTN3yn4h4GxaVPcawRhiOY` | `datasources.permissions:read`                                                                                                                                                                                                                                              | Read data source permissions.                                                                                                                                                                                                                                                         |
-| `fixed:datasources.permissions:writer`          | `fixed_aiQh9YDfLOKjQhYasF9_SFUjQiw` | All permissions from `fixed:datasources.permissions:reader` and <br>`datasources.permissions:write`                                                                                                                                                                         | Create, read, or delete permissions of a data source.                                                                                                                                                                                                                                 |
-| `fixed:folders:creator`                         | `fixed_gGLRbZGAGB6n9uECqSh_W382RlQ` | `folders:create`                                                                                                                                                                                                                                                            | Create folders in the root level.                                                                                                                                                                                                                                                     |
-| `fixed:folders:reader`                          | `fixed_yeW-5QPeo-i5PZUIUXMlAA97GnQ` | `folders:read`<br>`dashboards:read`                                                                                                                                                                                                                                         | Read all folders and dashboards.                                                                                                                                                                                                                                                      |
-| `fixed:folders:writer`                          | `fixed_wJXLoTzgE7jVuz90dryYoiogL0o` | All permissions from `fixed:dashboards:writer` and <br>`folders:read`<br>`folders:write`<br>`folders:create`<br>`folders:delete`<br>`folders.permissions:read`<br>`folders.permissions:write`                                                                               | Read, update, and delete all folders and dashboards. Create folders and subfolders.                                                                                                                                                                                                   |
-| `fixed:folders.general:reader`                  | `fixed_rSASbkg8DvpG_gTX5s41d7uxRvI` | `folders:read` scoped to `folders:uid:general`                                                                                                                                                                                                                              | An internal role used to correctly display access to the folder tree for Viewer role.                                                                                                                                                                                                 |
-| `fixed:folders.permissions:reader`              | `fixed_E06l4cx0JFm47EeLBE4nmv3pnSo` | `folders.permissions:read`                                                                                                                                                                                                                                                  | Read all folder permissions.                                                                                                                                                                                                                                                          |
-| `fixed:folders.permissions:writer`              | `fixed_3GAgpQ_hWG8o7-lwNb86_VB37eI` | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                                 | Read and update all folder permissions.                                                                                                                                                                                                                                               |
-| `fixed:ldap:reader`                             | `fixed_lMcOPwSkxKY-qCK8NMJc5k6izLE` | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                                      | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
-| `fixed:ldap:writer`                             | `fixed_p6AvnU4GCQyIh7-hbwI-bk3GYnU` | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                                   | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
-| `fixed:library.panels:creator`                  | `fixed_6eX6ItfegCIY5zLmPqTDW8ZV7KY` | `library.panels:create`<br>`folders:read`                                                                                                                                                                                                                                   | Create library panel at the root level.                                                                                                                                                                                                                                               |
-| `fixed:library.panels:general.reader`           | `fixed_ct0DghiBWR_2BiQm3EvNPDVmpio` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels at the root level.                                                                                                                                                                                                                                            |
-| `fixed:library.panels:general.writer`           | `fixed_DgprkmqfN_1EhZ2v1_d1fYG8LzI` | All permissions from `fixed:library.panels:general.reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                             | Create, read, write or delete all library panels and their permissions at the root level.                                                                                                                                                                                             |
-| `fixed:library.panels:reader`                   | `fixed_tvTr9CnZ6La5vvUO_U_X1LPnhUs` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels.                                                                                                                                                                                                                                                              |
-| `fixed:library.panels:writer`                   | `fixed_JTljAr21LWLTXCkgfBC4H0lhBC8` | All permissions from `fixed:library.panels:reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                                     | Create, read, write or delete all library panels and their permissions.                                                                                                                                                                                                               |
-| `fixed:licensing:reader`                        | `fixed_OADpuXvNEylO2Kelu3GIuBXEAYE` | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                                | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
-| `fixed:licensing:writer`                        | `fixed_gzbz3rJpQMdaKHt-E4q0PVaKMoE` | All permissions from `fixed:licensing:reader` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                               | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
-| `fixed:migrationassistant:migrator`             | `fixed_LLk2p7TRuBztOAksTQb1Klc8YTk` | `migrationassistant:migrate`                                                                                                                                                                                                                                                | Execute on-prem to cloud migrations through the Migration Assistant.                                                                                                                                                                                                                  |
-| `fixed:org.users:reader`                        | `fixed_oCqNwlVHLOpw7-jAlwp4HzYqwGY` | `org.users:read`                                                                                                                                                                                                                                                            | Read users within a single organization.                                                                                                                                                                                                                                              |
-| `fixed:org.users:writer`                        | `fixed_VERj5nayasjgf_Yh0sWqqCkxWlw` | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                            | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
-| `fixed:organization:maintainer`                 | `fixed_CMm-uuBaPUBf4r8XG3jIvxo55bg` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                             | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
-| `fixed:organization:reader`                     | `fixed_0SZPJlTHdNEe8zO91zv7Zwiwa2w` | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                           | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
-| `fixed:organization:writer`                     | `fixed_Y4jGqDd8w1yCrPwlik8z5Iu8-3M` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                               | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
-| `fixed:plugins:maintainer`                      | `fixed_yEOKidBcWgbm74x-nTa3lW5lOyY` | `plugins:install`                                                                                                                                                                                                                                                           | Install and uninstall plugins. Needs to be assigned globally.                                                                                                                                                                                                                         |
-| `fixed:plugins:writer`                          | `fixed_MRYpGk7kpNNwt2VoVOXFiPnQziE` | `plugins:write`                                                                                                                                                                                                                                                             | Enable and disable plugins and edit plugins' settings.                                                                                                                                                                                                                                |
-| `fixed:plugins.app:reader`                      | `fixed_AcZRiNYx7NueYkUqzw1o2OGGUAA` | `plugins.app:access`                                                                                                                                                                                                                                                        | Access application plugins (still enforcing the organization role).                                                                                                                                                                                                                   |
-| `fixed:provisioning:writer`                     | `fixed_bgk1FCyR6OEDwhgirZlQgu5LlCA` | `provisioning:reload`                                                                                                                                                                                                                                                       | Reload provisioning.                                                                                                                                                                                                                                                                  |
-| `fixed:reports:reader`                          | `fixed_72_8LU_0ukfm6BdblOw8Z9q-GQ8` | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                                 | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
-| `fixed:reports:writer`                          | `fixed_jBW3_7g1EWOjGVBYeVRwtFxhUNw` | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                                     | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
-| `fixed:roles:reader`                            | `fixed_GkfG-1NSwEGb4hpK3-E3qHyNltc` | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                        | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
-| `fixed:roles:resetter`                          | `fixed_WgPpC3qJRmVpVTJavFNwfS5RuzQ` | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                        | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
-| `fixed:roles:writer`                            | `fixed_W5aFaw8isAM27x_eWfElBhZ0iOc` | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                                 | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
-| `fixed:serviceaccounts:creator`                 | `fixed_Ikw60fckA0MyiiZ73BawSfOULy4` | `serviceaccounts:create`                                                                                                                                                                                                                                                    | Create Grafana service accounts.                                                                                                                                                                                                                                                      |
-| `fixed:serviceaccounts:reader`                  | `fixed_QFjJAZ88iawMLInYOxPA1DB1w6I` | `serviceaccounts:read`                                                                                                                                                                                                                                                      | Read Grafana service accounts.                                                                                                                                                                                                                                                        |
-| `fixed:serviceaccounts:writer`                  | `fixed_iBvUNUEZBZ7PUW0vdkN5iojc2sk` | `serviceaccounts:read`<br>`serviceaccounts:create`<br>`serviceaccounts:write`<br>`serviceaccounts:delete`<br>`serviceaccounts.permissions:read`<br>`serviceaccounts.permissions:write`                                                                                      | Create, update, read and delete all Grafana service accounts and manage service account permissions.                                                                                                                                                                                  |
-| `fixed:settings:reader`                         | `fixed_0LaUt1x6PP8hsZzEBhqPQZFUd8Q` | `settings:read`                                                                                                                                                                                                                                                             | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
-| `fixed:settings:writer`                         | `fixed_joIHDgMrGg790hMhUufVzcU4j44` | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                        | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
-| `fixed:stats:reader`                            | `fixed_OnRCXxZVINWpcKvTF5A1gecJ7pA` | `server.stats:read`                                                                                                                                                                                                                                                         | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |
-| `fixed:support.bundles:reader`                  | `fixed_gcPjI3PTUJwRx-GJZwDhNa7zbos` | `support.bundles:read`                                                                                                                                                                                                                                                      | List and download support bundles.                                                                                                                                                                                                                                                    |
-| `fixed:support.bundles:writer`                  | `fixed_dTgCv9Wxrp_WHAhwHYIgeboxKpE` | `support.bundles:read`<br>`support.bundles:create`<br>`support.bundles:delete`                                                                                                                                                                                              | Create, delete, list and download support bundles.                                                                                                                                                                                                                                    |
-| `fixed:teams:creator`                           | `fixed_nzVQoNSDSn0fg1MDgO6XnZX2RZI` | `teams:create`<br>`org.users:read`                                                                                                                                                                                                                                          | Create a team and list organization users (required to manage the created team).                                                                                                                                                                                                      |
-| `fixed:teams:read`                              | `fixed_Z8pB0GQlrqRt8IZBCJQxPWvJPgQ` | `teams:read`                                                                                                                                                                                                                                                                | List all teams.                                                                                                                                                                                                                                                                       |
-| `fixed:teams:writer`                            | `fixed_xw1T0579h620MOYi4L96GUs7fZY` | `teams:create`<br>`teams:delete`<br>`teams:read`<br>`teams:write`<br>`teams.permissions:read`<br>`teams.permissions:write`                                                                                                                                                  | Create, read, update and delete teams and manage team memberships.                                                                                                                                                                                                                    |
-| `fixed:usagestats:reader`                       | `fixed_eAM0azEvnWFCJAjNkUKnGL_1-bU` | `server.usagestats.report:read`                                                                                                                                                                                                                                             | View usage statistics report.                                                                                                                                                                                                                                                         |
-| `fixed:users:reader`                            | `fixed_buZastUG3reWyQpPemcWjGqPAd0` | `users:read`<br>`users.quotas:read`<br>`users.authtoken:read`                                                                                                                                                                                                               | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
-| `fixed:users:writer`                            | `fixed_wjzgHHo_Ux25DJuELn_oiAdB_yM` | All permissions from `fixed:users:reader` and <br>`users:write`<br>`users:create`<br>`users:delete`<br>`users:enable`<br>`users:disable`<br>`users.password:write`<br>`users.permissions:write`<br>`users:logout`<br>`users.authtoken:write`<br>`users.quotas:write`        | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |
+| Fixed role                                   | UUID                                | Permissions                                                                                                                                                                                                                                                                 | Description                                                                                                                                                                                                                                                                           |
+| -------------------------------------------- | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `fixed:alerting:reader`                      | `fixed_O2oP1_uBFozI2i93klAkcvEWR30` | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                           | Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules\*, alerts, contact points, and notification policies.[\*](#alerting-roles)                                                                                                                            |
+| `fixed:alerting:writer`                      | `fixed_-PAZgSJsDlRD8NUg-PFSeH_BkJY` | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer`                                                                                                                                           | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules\*, silences, contact points, templates, mute timings, and notification policies.[\*](#alerting-roles)                                                                                                    |
+| `fixed:alerting.instances:reader`            | `fixed_ut5fVS-Ulh_ejFoskFhJT_rYg0Y` | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                                | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences.[\*](#alerting-roles)                                                                                                                                              |
+| `fixed:alerting.instances:writer`            | `fixed_pKOBJE346uyqMLdgWbk1NsQfEl0` | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                                   | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki.[\*](#alerting-roles)                                                                                                                                                                 |
+| `fixed:alerting.notifications:reader`        | `fixed_hmBn0lX5h1RZXB9Vaot420EEdA0` | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                          | Read all Grafana and Alertmanager contact points, templates, and notification policies.[\*](#alerting-roles)                                                                                                                                                                          |
+| `fixed:alerting.notifications:writer`        | `fixed_XplK6HPNxf9AP5IGTdB5Iun4tJc` | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                        | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager.[\*](#alerting-roles)                                                                                                                              |
+| `fixed:alerting.provisioning:writer`         | `fixed_y7pFjdEkxpx5ETdcxPvp0AgRuUo` | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                    | Create, update and delete Grafana alert rules, notification policies, contact points, templates, etc via provisioning API. [\*](#alerting-roles)                                                                                                                                      |
+| `fixed:alerting.provisioning.secrets:reader` | `fixed_9fmzXXZZG-Od0Amy2ofEG8Uk--c` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                             | Read-only permissions for Provisioning API and let export resources with decrypted secrets [\*](#alerting-roles)                                                                                                                                                                      |
+| `fixed:alerting.provisioning.status:writer`  | `fixed_eAxlzfkTuobvKEgXHveFMBZrOj8` | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                       | Set provenance status to alert rules, notification policies, contact points, etc. Should be used together with regular writer roles. [\*](#alerting-roles)                                                                                                                            |
+| `fixed:alerting.rules:reader`                | `fixed_fRGKL_vAqUsmUWq5EYKnOha9DcA` | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list`                                                          | Read all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and read rule-specific silences                                                                                                                                                                                 |
+| `fixed:alerting.rules:writer`                | `fixed_YJJGwAalUwDZPrXSyFH8GfYBXAc` | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles) and manage rule-specific silences                                                                                                                                                         |
+| `fixed:annotations:reader`                   | `fixed_hpZnoizrfAJsrceNcNQqWYV-xNU` | `annotations:read` for scopes `annotations:type:*`                                                                                                                                                                                                                          | Read all annotations and annotation tags.                                                                                                                                                                                                                                             |
+| `fixed:annotations:writer`                   | `fixed_ZVW-Aa9Tzle6J4s2aUFcq1StKWE` | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*`                                                                                                                    | Read, create, update and delete all annotations and annotation tags.                                                                                                                                                                                                                  |
+| `fixed:annotations.dashboard:writer`         | `fixed_8A775xenXeKaJk4Cr7bchP9yXOA` | `annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:dashboard`                                                                                                                                                                | Create, update and delete dashboard annotations and annotation tags.                                                                                                                                                                                                                  |
+| `fixed:authentication.config:writer`         | `fixed_0rYhZ2Qnzs8AdB1nX7gexk3fHDw` | `settings:read` for scope `settings:auth.saml:*` <br> `settings:write` for scope `settings:auth.saml:*`                                                                                                                                                                     | Read and update authentication and SAML settings.                                                                                                                                                                                                                                     |
+| `fixed:general.auth.config:writer`           | `fixed_QFxIT_FGtBqbIVJIwx1bLgI5z6c` | `settings:read` for scope `settings:auth:oauth_allow_insecure_email_lookup` <br> `settings:write` for scope `settings:auth:oauth_allow_insecure_email_lookup`                                                                                                               | Read and update the Grafana instance's general authentication configuration settings.                                                                                                                                                                                                 |
+| `fixed:dashboards:creator`                   | `fixed_ZorKUcEPCM01A1fPakEzGBUyU64` | `dashboards:create`<br>`folders:read`                                                                                                                                                                                                                                       | Create dashboards.                                                                                                                                                                                                                                                                    |
+| `fixed:dashboards:reader`                    | `fixed_Sgr67JTOhjQGFlzYRahOe45TdWM` | `dashboards:read`                                                                                                                                                                                                                                                           | Read all dashboards.                                                                                                                                                                                                                                                                  |
+| `fixed:dashboards:writer`                    | `fixed_OK2YOQGIoI1G031hVzJB6rAJQAs` | All permissions from `fixed:dashboards:reader` and <br>`dashboards:write`<br>`dashboards:delete`<br>`dashboards:create`<br>`dashboards.permissions:read`<br>`dashboards.permissions:write`                                                                                  | Read, create, update, and delete all dashboards.                                                                                                                                                                                                                                      |
+| `fixed:dashboards.insights:reader`           | `fixed_JlBJ2_gizP8zhgaeGE2rjyZe2Rs` | `dashboards.insights:read`                                                                                                                                                                                                                                                  | Read dashboard insights data and see presence indicators.                                                                                                                                                                                                                             |
+| `fixed:dashboards.permissions:reader`        | `fixed_f17oxuXW_58LL8mYJsm4T_mCeIw` | `dashboards.permissions:read`                                                                                                                                                                                                                                               | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
+| `fixed:dashboards.permissions:writer`        | `fixed_CcznxhWX_Yqn8uWMXMQ-b5iFW9k` | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                           | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
+| `fixed:dashboards.public:writer`             | `fixed_f_GHHRBciaqESXfGz2oCcooqHxs` | `dashboards.public:write`                                                                                                                                                                                                                                                   | Create, update, delete or pause a shared dashboard.                                                                                                                                                                                                                                   |
+| `fixed:datasources:creator`                  | `fixed_XX8jHREgUt-wo1A-rPXIiFlX6Zw` | `datasources:create`                                                                                                                                                                                                                                                        | Create data sources.                                                                                                                                                                                                                                                                  |
+| `fixed:datasources:explorer`                 | `fixed_qDzW9mzx9yM91T5Bi8dHUM2muTw` | `datasources:explore`                                                                                                                                                                                                                                                       | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
+| `fixed:datasources:reader`                   | `fixed_C2x8IxkiBc1KZVjyYH775T9jNMQ` | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                                   | Read and query data sources.                                                                                                                                                                                                                                                          |
+| `fixed:datasources:writer`                   | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | All permissions from `fixed:datasources:reader` and <br>`datasources:create`<br>`datasources:write`<br>`datasources:delete`                                                                                                                                                 | Read, query, create, delete, or update a data source.                                                                                                                                                                                                                                 |
+| `fixed:datasources.builtin:reader`           | `fixed_q8HXq8kjjA5IlHHgBJlKlUyaNik` | `datasources:read` and `datasources:query` scoped to `datasources:uid:grafana`                                                                                                                                                                                              | An internal role used to grant Viewers access to the builtin example data source in Grafana.                                                                                                                                                                                          |
+| `fixed:datasources.caching:reader`           | `fixed_D2ddpGxJYlw0mbsTS1ek9fj0kj4` | `datasources.caching:read`                                                                                                                                                                                                                                                  | Read data source query caching settings.                                                                                                                                                                                                                                              |
+| `fixed:datasources.caching:writer`           | `fixed_JtFjHr7jd7hSqUYcktKvRvIOGRE` | `datasources.caching:read`<br>`datasources.caching:write`                                                                                                                                                                                                                   | Enable, disable, or update query caching settings.                                                                                                                                                                                                                                    |
+| `fixed:datasources.id:reader`                | `fixed_entg--fHmDqWY2-69N0ocawK0Os` | `datasources.id:read`                                                                                                                                                                                                                                                       | Read the ID of a data source based on its name.                                                                                                                                                                                                                                       |
+| `fixed:datasources.insights:reader`          | `fixed_EBZ3NwlfecNPp2p0XcZRC1nfEYk` | `datasources.insights:read`                                                                                                                                                                                                                                                 | Read data source insights data.                                                                                                                                                                                                                                                       |
+| `fixed:datasources.permissions:reader`       | `fixed_ErYA-cTN3yn4h4GxaVPcawRhiOY` | `datasources.permissions:read`                                                                                                                                                                                                                                              | Read data source permissions.                                                                                                                                                                                                                                                         |
+| `fixed:datasources.permissions:writer`       | `fixed_aiQh9YDfLOKjQhYasF9_SFUjQiw` | All permissions from `fixed:datasources.permissions:reader` and <br>`datasources.permissions:write`                                                                                                                                                                         | Create, read, or delete permissions of a data source.                                                                                                                                                                                                                                 |
+| `fixed:folders:creator`                      | `fixed_gGLRbZGAGB6n9uECqSh_W382RlQ` | `folders:create`                                                                                                                                                                                                                                                            | Create folders in the root level.                                                                                                                                                                                                                                                     |
+| `fixed:folders:reader`                       | `fixed_yeW-5QPeo-i5PZUIUXMlAA97GnQ` | `folders:read`<br>`dashboards:read`                                                                                                                                                                                                                                         | Read all folders and dashboards.                                                                                                                                                                                                                                                      |
+| `fixed:folders:writer`                       | `fixed_wJXLoTzgE7jVuz90dryYoiogL0o` | All permissions from `fixed:dashboards:writer` and <br>`folders:read`<br>`folders:write`<br>`folders:create`<br>`folders:delete`<br>`folders.permissions:read`<br>`folders.permissions:write`                                                                               | Read, update, and delete all folders and dashboards. Create folders and subfolders.                                                                                                                                                                                                   |
+| `fixed:folders.general:reader`               | `fixed_rSASbkg8DvpG_gTX5s41d7uxRvI` | `folders:read` scoped to `folders:uid:general`                                                                                                                                                                                                                              | An internal role used to correctly display access to the folder tree for Viewer role.                                                                                                                                                                                                 |
+| `fixed:folders.permissions:reader`           | `fixed_E06l4cx0JFm47EeLBE4nmv3pnSo` | `folders.permissions:read`                                                                                                                                                                                                                                                  | Read all folder permissions.                                                                                                                                                                                                                                                          |
+| `fixed:folders.permissions:writer`           | `fixed_3GAgpQ_hWG8o7-lwNb86_VB37eI` | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                                 | Read and update all folder permissions.                                                                                                                                                                                                                                               |
+| `fixed:ldap:reader`                          | `fixed_lMcOPwSkxKY-qCK8NMJc5k6izLE` | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                                      | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
+| `fixed:ldap:writer`                          | `fixed_p6AvnU4GCQyIh7-hbwI-bk3GYnU` | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                                   | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
+| `fixed:library.panels:creator`               | `fixed_6eX6ItfegCIY5zLmPqTDW8ZV7KY` | `library.panels:create`<br>`folders:read`                                                                                                                                                                                                                                   | Create library panel at the root level.                                                                                                                                                                                                                                               |
+| `fixed:library.panels:general.reader`        | `fixed_ct0DghiBWR_2BiQm3EvNPDVmpio` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels at the root level.                                                                                                                                                                                                                                            |
+| `fixed:library.panels:general.writer`        | `fixed_DgprkmqfN_1EhZ2v1_d1fYG8LzI` | All permissions from `fixed:library.panels:general.reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                             | Create, read, write or delete all library panels and their permissions at the root level.                                                                                                                                                                                             |
+| `fixed:library.panels:reader`                | `fixed_tvTr9CnZ6La5vvUO_U_X1LPnhUs` | `library.panels:read`                                                                                                                                                                                                                                                       | Read all library panels.                                                                                                                                                                                                                                                              |
+| `fixed:library.panels:writer`                | `fixed_JTljAr21LWLTXCkgfBC4H0lhBC8` | All permissions from `fixed:library.panels:reader` plus<br>`library.panels:create`<br>`library.panels:delete`<br>`library.panels:write`                                                                                                                                     | Create, read, write or delete all library panels and their permissions.                                                                                                                                                                                                               |
+| `fixed:licensing:reader`                     | `fixed_OADpuXvNEylO2Kelu3GIuBXEAYE` | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                                | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
+| `fixed:licensing:writer`                     | `fixed_gzbz3rJpQMdaKHt-E4q0PVaKMoE` | All permissions from `fixed:licensing:reader` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                               | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
+| `fixed:migrationassistant:migrator`          | `fixed_LLk2p7TRuBztOAksTQb1Klc8YTk` | `migrationassistant:migrate`                                                                                                                                                                                                                                                | Execute on-prem to cloud migrations through the Migration Assistant.                                                                                                                                                                                                                  |
+| `fixed:org.users:reader`                     | `fixed_oCqNwlVHLOpw7-jAlwp4HzYqwGY` | `org.users:read`                                                                                                                                                                                                                                                            | Read users within a single organization.                                                                                                                                                                                                                                              |
+| `fixed:org.users:writer`                     | `fixed_VERj5nayasjgf_Yh0sWqqCkxWlw` | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                            | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
+| `fixed:organization:maintainer`              | `fixed_CMm-uuBaPUBf4r8XG3jIvxo55bg` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                             | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
+| `fixed:organization:reader`                  | `fixed_0SZPJlTHdNEe8zO91zv7Zwiwa2w` | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                           | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
+| `fixed:organization:writer`                  | `fixed_Y4jGqDd8w1yCrPwlik8z5Iu8-3M` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                               | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
+| `fixed:plugins:maintainer`                   | `fixed_yEOKidBcWgbm74x-nTa3lW5lOyY` | `plugins:install`                                                                                                                                                                                                                                                           | Install and uninstall plugins. Needs to be assigned globally.                                                                                                                                                                                                                         |
+| `fixed:plugins:writer`                       | `fixed_MRYpGk7kpNNwt2VoVOXFiPnQziE` | `plugins:write`                                                                                                                                                                                                                                                             | Enable and disable plugins and edit plugins' settings.                                                                                                                                                                                                                                |
+| `fixed:plugins.app:reader`                   | `fixed_AcZRiNYx7NueYkUqzw1o2OGGUAA` | `plugins.app:access`                                                                                                                                                                                                                                                        | Access application plugins (still enforcing the organization role).                                                                                                                                                                                                                   |
+| `fixed:provisioning:writer`                  | `fixed_bgk1FCyR6OEDwhgirZlQgu5LlCA` | `provisioning:reload`                                                                                                                                                                                                                                                       | Reload provisioning.                                                                                                                                                                                                                                                                  |
+| `fixed:reports:reader`                       | `fixed_72_8LU_0ukfm6BdblOw8Z9q-GQ8` | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                                 | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
+| `fixed:reports:writer`                       | `fixed_jBW3_7g1EWOjGVBYeVRwtFxhUNw` | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                                     | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
+| `fixed:roles:reader`                         | `fixed_GkfG-1NSwEGb4hpK3-E3qHyNltc` | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                        | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
+| `fixed:roles:resetter`                       | `fixed_WgPpC3qJRmVpVTJavFNwfS5RuzQ` | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                        | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
+| `fixed:roles:writer`                         | `fixed_W5aFaw8isAM27x_eWfElBhZ0iOc` | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                                 | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
+| `fixed:serviceaccounts:creator`              | `fixed_Ikw60fckA0MyiiZ73BawSfOULy4` | `serviceaccounts:create`                                                                                                                                                                                                                                                    | Create Grafana service accounts.                                                                                                                                                                                                                                                      |
+| `fixed:serviceaccounts:reader`               | `fixed_QFjJAZ88iawMLInYOxPA1DB1w6I` | `serviceaccounts:read`                                                                                                                                                                                                                                                      | Read Grafana service accounts.                                                                                                                                                                                                                                                        |
+| `fixed:serviceaccounts:writer`               | `fixed_iBvUNUEZBZ7PUW0vdkN5iojc2sk` | `serviceaccounts:read`<br>`serviceaccounts:create`<br>`serviceaccounts:write`<br>`serviceaccounts:delete`<br>`serviceaccounts.permissions:read`<br>`serviceaccounts.permissions:write`                                                                                      | Create, update, read and delete all Grafana service accounts and manage service account permissions.                                                                                                                                                                                  |
+| `fixed:settings:reader`                      | `fixed_0LaUt1x6PP8hsZzEBhqPQZFUd8Q` | `settings:read`                                                                                                                                                                                                                                                             | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
+| `fixed:settings:writer`                      | `fixed_joIHDgMrGg790hMhUufVzcU4j44` | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                        | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
+| `fixed:stats:reader`                         | `fixed_OnRCXxZVINWpcKvTF5A1gecJ7pA` | `server.stats:read`                                                                                                                                                                                                                                                         | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |
+| `fixed:support.bundles:reader`               | `fixed_gcPjI3PTUJwRx-GJZwDhNa7zbos` | `support.bundles:read`                                                                                                                                                                                                                                                      | List and download support bundles.                                                                                                                                                                                                                                                    |
+| `fixed:support.bundles:writer`               | `fixed_dTgCv9Wxrp_WHAhwHYIgeboxKpE` | `support.bundles:read`<br>`support.bundles:create`<br>`support.bundles:delete`                                                                                                                                                                                              | Create, delete, list and download support bundles.                                                                                                                                                                                                                                    |
+| `fixed:teams:creator`                        | `fixed_nzVQoNSDSn0fg1MDgO6XnZX2RZI` | `teams:create`<br>`org.users:read`                                                                                                                                                                                                                                          | Create a team and list organization users (required to manage the created team).                                                                                                                                                                                                      |
+| `fixed:teams:read`                           | `fixed_Z8pB0GQlrqRt8IZBCJQxPWvJPgQ` | `teams:read`                                                                                                                                                                                                                                                                | List all teams.                                                                                                                                                                                                                                                                       |
+| `fixed:teams:writer`                         | `fixed_xw1T0579h620MOYi4L96GUs7fZY` | `teams:create`<br>`teams:delete`<br>`teams:read`<br>`teams:write`<br>`teams.permissions:read`<br>`teams.permissions:write`                                                                                                                                                  | Create, read, update and delete teams and manage team memberships.                                                                                                                                                                                                                    |
+| `fixed:usagestats:reader`                    | `fixed_eAM0azEvnWFCJAjNkUKnGL_1-bU` | `server.usagestats.report:read`                                                                                                                                                                                                                                             | View usage statistics report.                                                                                                                                                                                                                                                         |
+| `fixed:users:reader`                         | `fixed_buZastUG3reWyQpPemcWjGqPAd0` | `users:read`<br>`users.quotas:read`<br>`users.authtoken:read`                                                                                                                                                                                                               | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
+| `fixed:users:writer`                         | `fixed_wjzgHHo_Ux25DJuELn_oiAdB_yM` | All permissions from `fixed:users:reader` and <br>`users:write`<br>`users:create`<br>`users:delete`<br>`users:enable`<br>`users:disable`<br>`users.password:write`<br>`users.permissions:write`<br>`users:logout`<br>`users.authtoken:write`<br>`users.quotas:write`        | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |

 ### Alerting roles

@@ -164,20 +164,10 @@ Access to Grafana alert rules is an intersection of many permissions:
 - Permission to read a folder. For example, the fixed role `fixed:folders:reader` includes the action `folders:read` and a folder scope `folders:id:`.
 - Permission to query **all** data sources that a given alert rule uses. If a user cannot query a given data source, they cannot see any alert rules that query that data source.

-There is only one exclusion. Role `fixed:alerting.provisioning:writer` does not require user to have any additional permissions and provides access to all aspects of the alerting configuration via special provisioning API.
+There is only one exclusion at this moment. Role `fixed:alerting.provisioning:writer` does not require user to have any additional permissions and provides access to all aspects of the alerting configuration via special provisioning API.

 For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder](ref:plan-rbac-rollout-strategy-create-a-custom-role-to-access-alerts-in-a-folder).

-#### Alerting basic roles
-
-The following table lists the default RBAC alerting role assignments to the basic roles:
-
-| Basic role | Associated fixed roles                                                                                          | Description                                                                     |
-| ---------- | --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- |
-| Admin      | `fixed:alerting:writer`<br>`fixed:alerting.provisioning.secrets:reader`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator](ref:rbac-basic-roles) assignments. |
-| Editor     | `fixed:alerting:writer`<br>`fixed:alerting.provisioning.provenance:writer`                                      | Default [Editor](ref:rbac-basic-roles) assignments.                             |
-| Viewer     | `fixed:alerting:reader`                                                                                         | Default [Viewer](ref:rbac-basic-roles) assignments.                             |
-
 ### Grafana OnCall roles

 If you are using [Grafana OnCall](ref:oncall), you can try out the integration between Grafana OnCall and RBAC.
@@ -59,9 +59,9 @@ For more details on contact points, including how to test them and enable notifi

 ## Alertmanager settings

-| Option | Description                                                                                                       |
-| ------ | ----------------------------------------------------------------------------------------------------------------- |
-| URL    | The Alertmanager URL. This field is [protected](ref:configure-contact-points) from modification in Grafana Cloud. |
+| Option | Description                                                                                                                        |
+| ------ | ---------------------------------------------------------------------------------------------------------------------------------- |
+| URL    | The Alertmanager URL. This field is [protected](ref:configure-contact-points#protected-fields) from modification in Grafana Cloud. |

 #### Optional settings

@@ -49,14 +49,14 @@ For more details on contact points, including how to test them and enable notifi

 ### Required Settings

-| Key                 | Description                                                                                                                                                                                                                            |
-| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| URL                 | The URL of the REST API of your Jira instance. Supported versions: `2` and `3` (e.g., `https://your-domain.atlassian.net/rest/api/3`). This field is [protected](ref:configure-contact-points) from modification in Grafana Cloud.     |
-| Basic Auth User     | Username for authentication. For Jira Cloud, use your email address.                                                                                                                                                                   |
-| Basic Auth Password | Password or personal token. For Jira Cloud, you need to obtain a personal token [here](https://id.atlassian.com/manage-profile/security/api-tokens) and use it as the password.                                                        |
-| API Token           | An alternative to basic authentication, a bearer token is used to authorize the API requests. See [Jira documentation](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html) for more information. |
-| Project Key         | The project key identifying the project where issues will be created. Project keys are unique identifiers for a project.                                                                                                               |
-| Issue Type          | The type of issue to create (e.g., `Task`, `Bug`, `Incident`). Make sure that you specify a type that is available in your project.                                                                                                    |
+| Key                 | Description                                                                                                                                                                                                                                         |
+| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| URL                 | The URL of the REST API of your Jira instance. Supported versions: `2` and `3` (e.g., `https://your-domain.atlassian.net/rest/api/3`). This field is [protected](ref:configure-contact-points#protected-fields) from modification in Grafana Cloud. |
+| Basic Auth User     | Username for authentication. For Jira Cloud, use your email address.                                                                                                                                                                                |
+| Basic Auth Password | Password or personal token. For Jira Cloud, you need to obtain a personal token [here](https://id.atlassian.com/manage-profile/security/api-tokens) and use it as the password.                                                                     |
+| API Token           | An alternative to basic authentication, a bearer token is used to authorize the API requests. See [Jira documentation](https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html) for more information.              |
+| Project Key         | The project key identifying the project where issues will be created. Project keys are unique identifiers for a project.                                                                                                                            |
+| Issue Type          | The type of issue to create (e.g., `Task`, `Bug`, `Incident`). Make sure that you specify a type that is available in your project.                                                                                                                 |

 ### Optional Settings

@@ -54,10 +54,10 @@ For more details on contact points, including how to test them and enable notifi

 ### Required Settings

-| Option     | Description                                                                                                             |
-| ---------- | ----------------------------------------------------------------------------------------------------------------------- |
-| Broker URL | The URL of the MQTT broker. This field is [protected](ref:configure-contact-points) from modification in Grafana Cloud. |
-| Topic      | The topic to which the message will be sent.                                                                            |
+| Option     | Description                                                                                                                              |
+| ---------- | ---------------------------------------------------------------------------------------------------------------------------------------- |
+| Broker URL | The URL of the MQTT broker. This field is [protected](ref:configure-contact-points#protected-fields) from modification in Grafana Cloud. |
+| Topic      | The topic to which the message will be sent.                                                                                             |

 ### Optional Settings

@@ -51,8 +51,8 @@ You can customize the `title` and `body` of the Slack message using [notificatio

 If you are using a Slack API Token, complete the following steps.

-1. Follow step 1 of the [Slack API Quickstart](https://docs.slack.dev/app-management/quickstart-app-settings/#creating) to create the app.
-1. Continue onto the second step of the [Slack API Quickstart](https://docs.slack.dev/app-management/quickstart-app-settings/#scopes) and add the [chat:write.public](https://api.slack.com/scopes/chat:write.public) scope as described to give your app the ability to post in all public channels without joining.
+1. Follow steps 1 and 2 of the [Slack API Quickstart](https://api.slack.com/start/quickstart).
+1. Add the [chat:write.public](https://api.slack.com/scopes/chat:write.public) scope to give your app the ability to post in all public channels without joining.
 1. In OAuth Tokens for Your Workspace, copy the Bot User OAuth Token.
 1. Open your Slack workplace.
 1. Right click the channel you want to receive notifications in.
@@ -62,9 +62,9 @@ For more details on contact points, including how to test them and enable notifi

 ## Webhook settings

-| Option | Description                                                                                                  |
-| ------ | ------------------------------------------------------------------------------------------------------------ |
-| URL    | The Webhook URL. This field is [protected](ref:configure-contact-points) from modification in Grafana Cloud. |
+| Option | Description                                                                                                                   |
+| ------ | ----------------------------------------------------------------------------------------------------------------------------- |
+| URL    | The Webhook URL. This field is [protected](ref:configure-contact-points#protected-fields) from modification in Grafana Cloud. |

 #### Optional settings

@@ -62,9 +62,6 @@ The following steps describe a basic configuration:

   # The URL of the Loki server
   loki_remote_url = http://localhost:3100
-
-   [feature_toggles]
-   enable = alertingCentralAlertHistory
   ```

 1. **Configure the Loki data source in Grafana**
@@ -17,166 +17,55 @@ weight: 155

 # Configure RBAC

-[Role-based access control (RBAC)](/docs/grafana/latest/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/) for Grafana Enterprise and Grafana Cloud provides a standardized way of granting, changing, and revoking access, so that users can view and modify Grafana resources.
+Role-based access control (RBAC) for Grafana Enterprise and Grafana Cloud provides a standardized way of granting, changing, and revoking access, so that users can view and modify Grafana resources.

-A user is any individual who can log in to Grafana. Each user has a role that includes permissions. Permissions determine the tasks a user can perform in the system.
+A user is any individual who can log in to Grafana. Each user is associated with a role that includes permissions. Permissions determine the tasks a user can perform in the system.

 Each permission contains one or more actions and a scope.

-## Role types
-
-Grafana has three types of roles for managing access:
-
- **Basic roles**: Admin, Editor, Viewer, and No basic role. These are assigned to users and provide default access levels.
- **Fixed roles**: Predefined groups of permissions for specific use cases. Basic roles automatically include certain fixed roles.
- **Custom roles**: User-defined roles that combine specific permissions for granular access control.
-
-## Basic role permissions
-
-The following table summarizes the default alerting permissions for each basic role.
-
-| Capability                                | Admin | Editor | Viewer |
-| ----------------------------------------- | :---: | :----: | :----: |
-| View alert rules                          |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete alert rules      |   ✓   |   ✓    |        |
-| View silences                             |   ✓   |   ✓    |   ✓    |
-| Create, edit, and expire silences         |   ✓   |   ✓    |        |
-| View contact points and templates         |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete contact points   |   ✓   |   ✓    |        |
-| View notification policies                |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete policies         |   ✓   |   ✓    |        |
-| View mute timings                         |   ✓   |   ✓    |   ✓    |
-| Create, edit, and delete timing intervals |   ✓   |   ✓    |        |
-| Access provisioning API                   |   ✓   |   ✓    |        |
-| Export with decrypted secrets             |   ✓   |        |        |
-
-{{< admonition type="note" >}}
-Access to alert rules also requires permission to read the folder containing the rules and permission to query the data sources used in the rules.
-{{< /admonition >}}
-
 ## Permissions

-Grafana Alerting has the following permissions organized by resource type.
+Grafana Alerting has the following permissions.

-### Alert rules
-
-Permissions for managing Grafana-managed alert rules.
-
-| Action               | Applicable scope               | Description                                                                                                                                                                                                                                       |
-| -------------------- | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `alert.rules:create` | `folders:*`<br>`folders:uid:*` | Create Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query.                               |
-| `alert.rules:read`   | `folders:*`<br>`folders:uid:*` | Read Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                         |
-| `alert.rules:write`  | `folders:*`<br>`folders:uid:*` | Update Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder. To allow query modifications add `datasources:query` in the scope of data sources the user can query. |
-| `alert.rules:delete` | `folders:*`<br>`folders:uid:*` | Delete Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                       |
-
-### External alert rules
-
-Permissions for managing alert rules in external data sources that support alerting.
-
-| Action                       | Applicable scope                       | Description                                                                                    |
-| ---------------------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------- |
-| `alert.rules.external:read`  | `datasources:*`<br>`datasources:uid:*` | Read alert rules in data sources that support alerting (Prometheus, Mimir, and Loki).          |
-| `alert.rules.external:write` | `datasources:*`<br>`datasources:uid:*` | Create, update, and delete alert rules in data sources that support alerting (Mimir and Loki). |
-
-### Alert instances and silences
-
-Permissions for managing alert instances and silences in Grafana.
-
-| Action                   | Applicable scope               | Description                                                                          |
-| ------------------------ | ------------------------------ | ------------------------------------------------------------------------------------ |
-| `alert.instances:read`   | n/a                            | Read alerts and silences in the current organization.                                |
-| `alert.instances:create` | n/a                            | Create silences in the current organization.                                         |
-| `alert.instances:write`  | n/a                            | Update and expire silences in the current organization.                              |
-| `alert.silences:read`    | `folders:*`<br>`folders:uid:*` | Read all general silences and rule-specific silences in a folder and its subfolders. |
-| `alert.silences:create`  | `folders:*`<br>`folders:uid:*` | Create rule-specific silences in a folder and its subfolders.                        |
-| `alert.silences:write`   | `folders:*`<br>`folders:uid:*` | Update and expire rule-specific silences in a folder and its subfolders.             |
-
-### External alert instances
-
-Permissions for managing alert instances in external data sources.
-
-| Action                           | Applicable scope                       | Description                                                       |
-| -------------------------------- | -------------------------------------- | ----------------------------------------------------------------- |
-| `alert.instances.external:read`  | `datasources:*`<br>`datasources:uid:*` | Read alerts and silences in data sources that support alerting.   |
-| `alert.instances.external:write` | `datasources:*`<br>`datasources:uid:*` | Manage alerts and silences in data sources that support alerting. |
-
-### Contact points
-
-Permissions for managing contact points (notification receivers).
-
-| Action                                       | Applicable scope                   | Description                                                                                                 |
-| -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- |
-| `alert.notifications.receivers:list`         | n/a                                | List contact points in the current organization.                                                            |
-| `alert.notifications.receivers:read`         | `receivers:*`<br>`receivers:uid:*` | Read contact points.                                                                                        |
-| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*` | Export contact points with decrypted secrets.                                                               |
-| `alert.notifications.receivers:create`       | n/a                                | Create a new contact points. The creator is automatically granted full access to the created contact point. |
-| `alert.notifications.receivers:write`        | `receivers:*`<br>`receivers:uid:*` | Update existing contact points.                                                                             |
-| `alert.notifications.receivers:delete`       | `receivers:*`<br>`receivers:uid:*` | Update and delete existing contact points.                                                                  |
-| `alert.notifications.receivers:test`         | `receivers:*`<br>`receivers:uid:*` | Test contact points to verify their configuration.                                                          |
-| `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points.                                                                        |
-| `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points.                                                                      |
-
-### Notification policies
-
-Permissions for managing notification policies (routing rules).
-
-| Action                             | Applicable scope | Description                                           |
-| ---------------------------------- | ---------------- | ----------------------------------------------------- |
-| `alert.notifications.routes:read`  | n/a              | Read notification policies.                           |
-| `alert.notifications.routes:write` | n/a              | Create new, update, and delete notification policies. |
-
-### Time intervals
-
-Permissions for managing mute time intervals.
-
-| Action                                      | Applicable scope | Description                                        |
-| ------------------------------------------- | ---------------- | -------------------------------------------------- |
-| `alert.notifications.time-intervals:read`   | n/a              | Read mute time intervals.                          |
-| `alert.notifications.time-intervals:write`  | n/a              | Create new or update existing mute time intervals. |
-| `alert.notifications.time-intervals:delete` | n/a              | Delete existing time intervals.                    |
-
-### Templates
-
-Permissions for managing notification templates.
-
-| Action                                     | Applicable scope | Description                                                                     |
-| ------------------------------------------ | ---------------- | ------------------------------------------------------------------------------- |
-| `alert.notifications.templates:read`       | n/a              | Read templates.                                                                 |
-| `alert.notifications.templates:write`      | n/a              | Create new or update existing templates.                                        |
-| `alert.notifications.templates:delete`     | n/a              | Delete existing templates.                                                      |
-| `alert.notifications.templates.test:write` | n/a              | Test templates with custom payloads (preview and payload editor functionality). |
-
-### General notifications
-
-Legacy permissions for managing all notification resources.
-
-| Action                      | Applicable scope | Description                                                                                              |
-| --------------------------- | ---------------- | -------------------------------------------------------------------------------------------------------- |
-| `alert.notifications:read`  | n/a              | Read all templates, contact points, notification policies, and mute timings in the current organization. |
-| `alert.notifications:write` | n/a              | Manage templates, contact points, notification policies, and mute timings in the current organization.   |
-
-### External notifications
-
-Permissions for managing notification resources in external data sources.
-
-| Action                               | Applicable scope                       | Description                                                                                                      |
-| ------------------------------------ | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
-| `alert.notifications.external:read`  | `datasources:*`<br>`datasources:uid:*` | Read templates, contact points, notification policies, and mute timings in data sources that support alerting.   |
-| `alert.notifications.external:write` | `datasources:*`<br>`datasources:uid:*` | Manage templates, contact points, notification policies, and mute timings in data sources that support alerting. |
-
-### Provisioning
-
-Permissions for managing alerting resources via the provisioning API.
-
-| Action                                   | Applicable scope | Description                                                                                                                                                        |
-| ---------------------------------------- | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| `alert.provisioning:read`                | n/a              | Read all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                            |
-| `alert.provisioning.secrets:read`        | n/a              | Same as `alert.provisioning:read` plus ability to export resources with decrypted secrets.                                                                         |
-| `alert.provisioning:write`               | n/a              | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                          |
-| `alert.rules.provisioning:read`          | n/a              | Read Grafana alert rules via provisioning API. More specific than `alert.provisioning:read`.                                                                       |
-| `alert.rules.provisioning:write`         | n/a              | Create, update, and delete Grafana alert rules via provisioning API. More specific than `alert.provisioning:write`.                                                |
-| `alert.notifications.provisioning:read`  | n/a              | Read notification resources (contact points, notification policies, templates, time intervals) via provisioning API. More specific than `alert.provisioning:read`. |
-| `alert.notifications.provisioning:write` | n/a              | Create, update, and delete notification resources via provisioning API. More specific than `alert.provisioning:write`.                                             |
-| `alert.provisioning.provenance:write`    | n/a              | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources.                                       |
+| Action                                       | Applicable scope                       | Description                                                                                                                                                                                                                                       |
+| -------------------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `alert.instances.external:read`              | `datasources:*`<br>`datasources:uid:*` | Read alerts and silences in data sources that support alerting.                                                                                                                                                                                   |
+| `alert.instances.external:write`             | `datasources:*`<br>`datasources:uid:*` | Manage alerts and silences in data sources that support alerting.                                                                                                                                                                                 |
+| `alert.instances:create`                     | n/a                                    | Create silences in the current organization.                                                                                                                                                                                                      |
+| `alert.instances:read`                       | n/a                                    | Read alerts and silences in the current organization.                                                                                                                                                                                             |
+| `alert.instances:write`                      | n/a                                    | Update and expire silences in the current organization.                                                                                                                                                                                           |
+| `alert.notifications.external:read`          | `datasources:*`<br>`datasources:uid:*` | Read templates, contact points, notification policies, and mute timings in data sources that support alerting.                                                                                                                                    |
+| `alert.notifications.external:write`         | `datasources:*`<br>`datasources:uid:*` | Manage templates, contact points, notification policies, and mute timings in data sources that support alerting.                                                                                                                                  |
+| `alert.notifications:write`                  | n/a                                    | Manage templates, contact points, notification policies, and mute timings in the current organization.                                                                                                                                            |
+| `alert.notifications:read`                   | n/a                                    | Read all templates, contact points, notification policies, and mute timings in the current organization.                                                                                                                                          |
+| `alert.rules.external:read`                  | `datasources:*`<br>`datasources:uid:*` | Read alert rules in data sources that support alerting (Prometheus, Mimir, and Loki)                                                                                                                                                              |
+| `alert.rules.external:write`                 | `datasources:*`<br>`datasources:uid:*` | Create, update, and delete alert rules in data sources that support alerting (Mimir and Loki).                                                                                                                                                    |
+| `alert.rules:create`                         | `folders:*`<br>`folders:uid:*`         | Create Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query.                               |
+| `alert.rules:delete`                         | `folders:*`<br>`folders:uid:*`         | Delete Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                       |
+| `alert.rules:read`                           | `folders:*`<br>`folders:uid:*`         | Read Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder.                                                                                                         |
+| `alert.rules:write`                          | `folders:*`<br>`folders:uid:*`         | Update Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder. To allow query modifications add `datasources:query` in the scope of data sources the user can query. |
+| `alert.silences:create`                      | `folders:*`<br>`folders:uid:*`         | Create rule-specific silences in a folder and its subfolders.                                                                                                                                                                                     |
+| `alert.silences:read`                        | `folders:*`<br>`folders:uid:*`         | Read all general silences and rule-specific silences in a folder and its subfolders.                                                                                                                                                              |
+| `alert.silences:write`                       | `folders:*`<br>`folders:uid:*`         | Update and expire rule-specific silences in a folder and its subfolders.                                                                                                                                                                          |
+| `alert.provisioning:read`                    | n/a                                    | Read all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                                                                                                           |
+| `alert.provisioning.secrets:read`            | n/a                                    | Same as `alert.provisioning:read` plus ability to export resources with decrypted secrets.                                                                                                                                                        |
+| `alert.provisioning:write`                   | n/a                                    | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required.                                                                                                         |
+| `alert.provisioning.provenance:write`        | n/a                                    | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources                                                                                                                       |
+| `alert.notifications.receivers:read`         | `receivers:*`<br>`receivers:uid:*`     | Read contact points.                                                                                                                                                                                                                              |
+| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*`     | Export contact points with decrypted secrets.                                                                                                                                                                                                     |
+| `alert.notifications.receivers:create`       | n/a                                    | Create a new contact points. The creator is automatically granted full access to the created contact point.                                                                                                                                       |
+| `alert.notifications.receivers:write`        | `receivers:*`<br>`receivers:uid:*`     | Update existing contact points.                                                                                                                                                                                                                   |
+| `alert.notifications.receivers:delete`       | `receivers:*`<br>`receivers:uid:*`     | Update and delete existing contact points.                                                                                                                                                                                                        |
+| `receivers.permissions:read`                 | `receivers:*`<br>`receivers:uid:*`     | Read permissions for contact points.                                                                                                                                                                                                              |
+| `receivers.permissions:write`                | `receivers:*`<br>`receivers:uid:*`     | Manage permissions for contact points.                                                                                                                                                                                                            |
+| `alert.notifications.time-intervals:read`    | n/a                                    | Read mute time intervals.                                                                                                                                                                                                                         |
+| `alert.notifications.time-intervals:write`   | n/a                                    | Create new or update existing mute time intervals.                                                                                                                                                                                                |
+| `alert.notifications.time-intervals:delete`  | n/a                                    | Delete existing time intervals.                                                                                                                                                                                                                   |
+| `alert.notifications.templates:read`         | n/a                                    | Read templates.                                                                                                                                                                                                                                   |
+| `alert.notifications.templates:write`        | n/a                                    | Create new or update existing templates.                                                                                                                                                                                                          |
+| `alert.notifications.templates:delete`       | n/a                                    | Delete existing templates.                                                                                                                                                                                                                        |
+| `alert.notifications.templates.test:write`   | n/a                                    | Test templates with custom payloads (preview and payload editor functionality).                                                                                                                                                                   |
+| `alert.notifications.routes:read`            | n/a                                    | Read notification policies.                                                                                                                                                                                                                       |
+| `alert.notifications.routes:write`           | n/a                                    | Create new, update and update notification policies.                                                                                                                                                                                              |

 To help plan your RBAC rollout strategy, refer to [Plan your RBAC rollout strategy](https://grafana.com/docs/grafana/next/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/).
@@ -16,7 +16,7 @@ title: Manage access using folders or data sources
 weight: 200
 ---

-# Manage access using folders or data sources
+## Manage access using folders or data sources

 You can extend the access provided by a role to alert rules and rule-specific silences by assigning permissions to individual folders or data sources.

@@ -55,7 +55,7 @@ Details of the fixed roles and the access they provide for Grafana Alerting are
 | Full read-only access: `fixed:alerting:reader`                                           | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                                                                                               | Read alert rules, alert instances, silences, contact points, and notification policies in Grafana and external providers.                                |
 | Read via Provisioning API + Export Secrets: `fixed:alerting.provisioning.secrets:reader` | `alert.provisioning:read` and `alert.provisioning.secrets:read`                                                                                                                                                                                                                                                                                 | Read alert rules, alert instances, silences, contact points, and notification policies using the provisioning API and use export with decrypted secrets. |
 | Access to alert rules provisioning API: `fixed:alerting.provisioning:writer`             | `alert.provisioning:read` and `alert.provisioning:write`                                                                                                                                                                                                                                                                                        | Manage all alert rules, notification policies, contact points, templates, in the organization using the provisioning API.                                |
-| Set provisioning status: `fixed:alerting.provisioning.provenance:writer`                 | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                                                                                           | Set provisioning rules for Alerting resources. Should be used together with other regular roles (Notifications Writer and/or Rules Writer.)              |
+| Set provisioning status: `fixed:alerting.provisioning.status:writer`                     | `alert.provisioning.provenance:write`                                                                                                                                                                                                                                                                                                           | Set provisioning rules for Alerting resources. Should be used together with other regular roles (Notifications Writer and/or Rules Writer.)              |
 | Contact Point Reader: `fixed:alerting.receivers:reader`                                  | `alert.notifications.receivers:read` for scope `receivers:*`                                                                                                                                                                                                                                                                                    | Read all contact points.                                                                                                                                 |
 | Contact Point Creator: `fixed:alerting.receivers:creator`                                | `alert.notifications.receivers:create`                                                                                                                                                                                                                                                                                                          | Create a new contact point. The user is automatically granted full access to the created contact point.                                                  |
 | Contact Point Writer: `fixed:alerting.receivers:writer`                                  | `alert.notifications.receivers:read`, `alert.notifications.receivers:write`, `alert.notifications.receivers:delete` for scope `receivers:*` and <br> `alert.notifications.receivers:create`                                                                                                                                                     | Create a new contact point and manage all existing contact points.                                                                                       |
@@ -63,8 +63,8 @@ Details of the fixed roles and the access they provide for Grafana Alerting are
 | Templates Writer: `fixed:alerting.templates:writer`                                      | `alert.notifications.templates:read`, `alert.notifications.templates:write`, `alert.notifications.templates:delete`, `alert.notifications.templates.test:write`                                                                                                                                                                                 | Create new and manage existing notification templates. Test templates with custom payloads.                                                              |
 | Time Intervals Reader: `fixed:alerting.time-intervals:reader`                            | `alert.notifications.time-intervals:read`                                                                                                                                                                                                                                                                                                       | Read all time intervals.                                                                                                                                 |
 | Time Intervals Writer: `fixed:alerting.time-intervals:writer`                            | `alert.notifications.time-intervals:read`, `alert.notifications.time-intervals:write`, `alert.notifications.time-intervals:delete`                                                                                                                                                                                                              | Create new and manage existing time intervals.                                                                                                           |
-| Notification Policies Reader: `fixed:alerting.routes:reader`                             | `alert.notifications.routes:read`                                                                                                                                                                                                                                                                                                               | Read all notification policies.                                                                                                                          |
-| Notification Policies Writer: `fixed:alerting.routes:writer`                             | `alert.notifications.routes:read`<br>`alert.notifications.routes:write`                                                                                                                                                                                                                                                                         | Create new and manage existing notification policies.                                                                                                    |
+| Notification Policies Reader: `fixed:alerting.routes:reader`                             | `alert.notifications.routes:read`                                                                                                                                                                                                                                                                                                               | Read all time intervals.                                                                                                                                 |
+| Notification Policies Writer: `fixed:alerting.routes:writer`                             | `alert.notifications.routes:read` `alert.notifications.routes:write`                                                                                                                                                                                                                                                                            | Create new and manage existing time intervals.                                                                                                           |

 ## Create custom roles

@@ -16,27 +16,25 @@ weight: 150

 # Configure roles and permissions

-This guide explains how to configure roles and permissions for Grafana Alerting for Grafana OSS users. You'll learn how to manage access using roles, folder permissions, and contact point permissions.
-
 A user is any individual who can log in to Grafana. Each user is associated with a role that includes permissions. Permissions determine the tasks a user can perform in the system. For example, the Admin role includes permissions for an administrator to create and delete users.

 For more information, refer to [Organization roles](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#organization-roles).

 ## Manage access using roles

-Grafana OSS has three roles: Admin, Editor, and Viewer.
+For Grafana OSS, there are three roles: Admin, Editor, and Viewer.

-The following table describes the access each role provides for Grafana Alerting.
+Details of the roles and the access they provide for Grafana Alerting are below.

-| Role   | Access                                                                                                                                                                                             |
-| ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Viewer | Read access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences).                                             |
-| Editor | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning.                          |
-| Admin  | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning, as well as assign roles. |
+| Role   | Access                                                                                                                                                                    |
+| ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Admin  | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning. |
+| Editor | Write access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences), and provisioning. |
+| Viewer | Read access to alert rules, notification resources (notification API, contact points, templates, time intervals, notification policies, and silences).                    |

 ## Assign roles

-To assign roles, an admin needs to complete the following steps.
+To assign roles, admins need to complete the following steps.

 1. Navigate to **Administration** > **Users and access** > **Users, Teams, or Service Accounts**.
 1. Search for the user, team or service account you want to add a role for.
@@ -60,30 +58,32 @@ Refer to the following table for details on the additional access provided by fo
 You can't use folders to customize access to notification resources.
 {{< /admonition >}}

-To manage folder permissions, complete the following steps:
+To manage folder permissions, complete the following steps.

 1. In the left-side menu, click **Dashboards**.
 1. Hover your mouse cursor over a folder and click **Go to folder**.
 1. Click **Manage permissions** from the Folder actions menu.
 1. Update or add permissions as required.

-## Manage access to contact points
+## Manage access using contact point permissions

-Extend or limit the access provided by a role to contact points by assigning permissions to individual contact points.
+### Before you begin
+
+Extend or limit the access provided by a role to contact points by assigning permissions to individual contact point.

 This allows different users, teams, or service accounts to have customized access to read or modify specific contact points.

 Refer to the following table for details on the additional access provided by contact point permissions.

-| Contact point permission | Additional Access                                                                                                                             |
-| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- |
-| View                     | View and export contact point as well as select it on the Alert rule edit page                                                                |
-| Edit                     | Update or delete the contact point                                                                                                            |
-| Admin                    | Same additional access as Edit and manage permissions for the contact point. User should have additional permissions to read users and teams. |
+| Folder permission | Additional Access                                                                                                                             |
+| ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
+| View              | View and export contact point as well as select it on the Alert rule edit page                                                                |
+| Edit              | Update or delete the contact point                                                                                                            |
+| Admin             | Same additional access as Edit and manage permissions for the contact point. User should have additional permissions to read users and teams. |

-### Assign contact point permissions
+### Steps

-To manage contact point permissions, complete the following steps:
+To contact point permissions, complete the following steps.

 1. In the left-side menu, click **Contact points**.
 1. Hover your mouse cursor over a contact point and click **More**.
@@ -81,7 +81,7 @@ Replace the placeholders with your values:

 In your `grafana` directory, create a sub-folder called `dashboards`.

-This guide shows you how to create three separate dashboards. For all dashboard configurations, replace the placeholders with your values:
+This guide shows you how to creates three separate dashboards. For all dashboard configurations, replace the placeholders with your values:

 - _`<GRAFANA_CLOUD_STACK_NAME>`_: Name of your Grafana Cloud Stack
 - _`<GRAFANA_OPERATOR_NAMESPACE>`_: Namespace where the `grafana-operator` is deployed in your Kubernetes cluster
@@ -24,7 +24,7 @@ Before you begin, you should have the following available:
 - Administrator permissions in your Grafana instance; for more information on assigning Grafana RBAC roles, refer to [Assign RBAC roles](/docs/grafana-cloud/security-and-account-management/authentication-and-permissions/access-control/assign-rbac-roles/).

 {{< admonition type="note" >}}
-Save all of the following Terraform configuration files in the same directory.
+All of the following Terraform configuration files should be saved in the same directory.
 {{< /admonition >}}

 ## Configure the Grafana provider
@@ -1,147 +0,0 @@
---
-title: Git Sync deployment scenarios
-menuTitle: Deployment scenarios
-description: Learn about common Git Sync deployment patterns and configurations for different organizational needs
-weight: 450
-keywords:
-  - git sync
-  - deployment patterns
-  - scenarios
-  - multi-environment
-  - teams
---
-
-# Git Sync deployment scenarios
-
-This guide shows practical deployment scenarios for Grafana’s Git Sync. Learn how to configure bidirectional synchronization between Grafana and Git repositories for teams, environments, and regions.
-
-{{< admonition type="caution" >}}
-Git Sync is an experimental feature. It reflects Grafana’s approach to Observability as Code and might include limitations or breaking changes. For current status and known limitations, refer to the [Git Sync introduction](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/intro-git-sync/).
-{{< /admonition >}}
-
-## Understand the relationship between key Git Sync components
-
-Before you explore the scenarios, understand how the key Git Sync components relate:
-
- [Grafana instance](#grafana-instance)
- [Git repository structure](#git-repository-structure)
- [Git Sync repository resource](#git-sync-repository-resource)
-
-### Grafana instance
-
-A Grafana instance is a running Grafana server. Multiple instances can:
-
- Connect to the same Git repository using different Repository configurations.
- Sync from different branches of the same repository.
- Sync from different paths within the same repository.
- Sync from different repositories.
-
-### Git repository structure
-
-You can organize your Git repository in several ways:
-
- Single branch, multiple paths: Use different directories for different purposes (for example, `dev/`, `prod/`, `team-a/`).
- Multiple branches: Use different branches for different environments or teams (for example, `main`, `develop`, `team-a`).
- Multiple repositories: Use separate repositories for different teams or environments.
-
-### Git Sync repository resource
-
-A repository resource is a Grafana configuration object that defines:
-
- Which Git repository to sync with.
- Which branch to use.
- Which directory path to synchronize.
- Sync behavior and workflows.
-
-Each repository resource creates bidirectional synchronization between a Grafana instance and a specific location in Git.
-
-## How does repository sync behave?
-
-With Git Sync you configure a repository resource to sync with your Grafana instance:
-
-1. Grafana monitors the specified Git location (repository, branch, and path).
-2. Grafana creates a folder in Dashboards (typically named after the repository).
-3. Grafana creates dashboards from dashboard JSON files in Git within this folder.
-4. Grafana commits dashboard changes made in the UI back to Git.
-5. Grafana pulls dashboard changes made in Git and updates dashboards in the UI.
-6. Synchronization occurs at regular intervals (configurable), or instantly if you use webhooks.
-
-You can find the provisioned dashboards organized in folders under **Dashboards**.
-
-## Example: Relationship between repository, branch, and path
-
-Here's a concrete example showing how the three parameters work together:
-
-**Configuration:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `team-platform/grafana/`
-
-**In Git (on branch `main`):**
-
-```
-your-org/grafana-manifests/
-├── .git/
-├── README.md
-├── team-platform/
-│   └── grafana/
-│       ├── cpu-metrics.json       ← Synced
-│       ├── memory-usage.json      ← Synced
-│       └── disk-io.json           ← Synced
-├── team-data/
-│   └── grafana/
-│       └── pipeline-stats.json    ← Not synced (different path)
-└── other-files.txt                 ← Not synced (outside path)
-```
-
-**In Grafana Dashboards view:**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── CPU Metrics Dashboard
-    ├── Memory Usage Dashboard
-    └── Disk I/O Dashboard
-```
-
-**Key points:**
-
- Grafana only synchronizes files within the specified path (`team-platform/grafana/`).
- Grafana ignores files in other paths or at the repository root.
- The folder name in Grafana comes from the repository name.
- Dashboard titles come from the JSON file content, not the filename.
-
-## Repository configuration flexibility
-
-Git Sync repositories support different combinations of repository URL, branch, and path:
-
- Different Git repositories: Each environment or team can use its own repository.
-  - Instance A: `repository: your-org/grafana-prod`.
-  - Instance B: `repository: your-org/grafana-dev`.
- Different branches: Use separate branches within the same repository.
-  - Instance A: `repository: your-org/grafana-manifests, branch: main`.
-  - Instance B: `repository: your-org/grafana-manifests, branch: develop`.
- Different paths: Use different directory paths within the same repository.
-  - Instance A: `repository: your-org/grafana-manifests, branch: main, path: production/`.
-  - Instance B: `repository: your-org/grafana-manifests, branch: main, path: development/`.
- Any combination: Mix and match based on your workflow requirements.
-
-## Scenarios
-
-Use these deployment scenarios to plan your Git Sync setup:
-
- [Single instance](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios/single-instance/)
- [Git Sync for development and production environments](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios/dev-prod/)
- [Git Sync with regional replication](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios/multi-region/)
- [High availability](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios/high-availability/)
- [Git Sync in a shared Grafana instance](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios/multi-team/)
-
-## Learn more
-
-Refer to the following documents to learn more:
-
- [Git Sync introduction](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/intro-git-sync/)
- [Git Sync setup guide](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-setup/)
- [Dashboard provisioning](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/provisioning/)
- [Observability as Code](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/)
@@ -1,147 +0,0 @@
---
-title: Git Sync for development and production environments
-menuTitle: Across environments
-description: Use separate Grafana instances for development and production with Git-controlled promotion
-weight: 20
---
-
-# Git Sync for development and production environments
-
-Use separate Grafana instances for development and production. Each syncs with different Git locations to test dashboards before production.
-
-## Use it for
-
- **Staged deployments**: You need to test dashboard changes before production deployment.
- **Change control**: You require approvals before dashboards reach production.
- **Quality assurance**: You verify dashboard functionality in a non-production environment.
- **Risk mitigation**: You minimize the risk of breaking production dashboards.
-
-## Architecture
-
-```
-┌────────────────────────────────────────────────────────────┐
-│              GitHub Repository                             │
-│   Repository: your-org/grafana-manifests                 │
-│   Branch: main                                             │
-│                                                            │
-│   grafana-manifests/                                     │
-│   ├── dev/                                                │
-│   │   ├── dashboard-new.json    ← Development dashboards │
-│   │   └── dashboard-test.json                            │
-│   │                                                       │
-│   └── prod/                                               │
-│       ├── dashboard-stable.json  ← Production dashboards │
-│       └── dashboard-approved.json                        │
-└────────────────────────────────────────────────────────────┘
-           ↕                                 ↕
-    Git Sync (dev/)              Git Sync (prod/)
-           ↕                                 ↕
-┌─────────────────────┐          ┌─────────────────────┐
-│  Dev Grafana        │          │  Prod Grafana       │
-│                     │          │                     │
-│  Repository:        │          │  Repository:        │
-│  - path: dev/       │          │  - path: prod/      │
-│                     │          │                     │
-│  Creates folder:    │          │  Creates folder:    │
-│  "grafana-manifests"│         │  "grafana-manifests"│
-└─────────────────────┘          └─────────────────────┘
-```
-
-## Repository structure
-
-**In Git:**
-
-```
-your-org/grafana-manifests
-├── dev/
-│   ├── dashboard-new.json
-│   └── dashboard-test.json
-└── prod/
-    ├── dashboard-stable.json
-    └── dashboard-approved.json
-```
-
-**In Grafana Dashboards view:**
-
-**Dev instance:**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── New Dashboard
-    └── Test Dashboard
-```
-
-**Prod instance:**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── Stable Dashboard
-    └── Approved Dashboard
-```
-
- Both instances create a folder named "grafana-manifests" (from repository name)
- Each instance only shows dashboards from its configured path (`dev/` or `prod/`)
- Dashboards appear with their titles from the JSON files
-
-## Configuration parameters
-
-Development:
-
- Repository: `your-org/grafana-manifests`
- Branch: `main`
- Path: `dev/`
-
-Production:
-
- Repository: `your-org/grafana-manifests`
- Branch: `main`
- Path: `prod/`
-
-## How it works
-
-1. Developers create and modify dashboards in development.
-2. Git Sync commits changes to `dev/`.
-3. You review changes in Git.
-4. You promote approved dashboards from `dev/` to `prod/`.
-5. Production syncs from `prod/`.
-6. Production dashboards update.
-
-## Alternative: Use branches
-
-Instead of using different paths, you can configure instances to use different branches:
-
-**Development instance:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `develop`
- **Path**: `grafana/`
-
-**Production instance:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `grafana/`
-
-With this approach:
-
- Development changes go to the `develop` branch
- Use Git merge or pull request workflows to promote changes from `develop` to `main`
- Production automatically syncs from the `main` branch
-
-## Alternative: Use separate repositories for stricter isolation
-
-For stricter isolation, use completely separate repositories:
-
-**Development instance:**
-
- **Repository**: `your-org/grafana-manifests-dev`
- **Branch**: `main`
- **Path**: `grafana/`
-
-**Production instance:**
-
- **Repository**: `your-org/grafana-manifests-prod`
- **Branch**: `main`
- **Path**: `grafana/`
@@ -1,217 +0,0 @@
---
-title: Git Sync for high availability environments
-menuTitle: High availability
-description: Run multiple Grafana instances serving traffic simultaneously, synchronized via Git Sync
-weight: 50
---
-
-# Git Sync for high availability environments
-
-## Primary–replica scenario
-
-Use a primary Grafana instance and one or more replicas synchronized with the same Git location to enable failover.
-
-### Use it for
-
- **Automatic failover**: You need service continuity when the primary instance fails.
- **High availability**: Your organization requires guaranteed dashboard availability.
- **Simple HA setup**: You want high availability without the complexity of active–active.
- **Maintenance windows**: You perform updates while another instance serves traffic.
- **Business continuity**: Dashboard access can't tolerate downtime.
-
-### Architecture
-
-```
-┌─────────────────────────────────────────────────────┐
-│           GitHub Repository                         │
-│   Repository: your-org/grafana-manifests          │
-│   Branch: main                                      │
-│                                                     │
-│   grafana-manifests/                              │
-│   └── shared/                                      │
-│       ├── dashboard-metrics.json                   │
-│       ├── dashboard-alerts.json                    │
-│       └── dashboard-logs.json                      │
-└─────────────────────────────────────────────────────┘
-              ↕                           ↕
-        Git Sync (shared/)        Git Sync (shared/)
-              ↕                           ↕
-┌────────────────────┐          ┌────────────────────┐
-│  Master Grafana    │          │  Replica Grafana   │
-│    (Active)        │          │    (Standby)       │
-│                    │          │                    │
-│  Repository:       │          │  Repository:       │
-│  - path: shared/   │          │  - path: shared/   │
-└────────────────────┘          └────────────────────┘
-         │                               │
-         └───────────┬───────────────────┘
-                     ↓
-          ┌──────────────────────┐
-          │  Reverse Proxy       │
-          │  (Failover)          │
-          └──────────────────────┘
-```
-
-### Repository structure
-
-**In Git:**
-
-```
-your-org/grafana-manifests
-└── shared/
-    ├── dashboard-metrics.json
-    ├── dashboard-alerts.json
-    └── dashboard-logs.json
-```
-
-**In Grafana Dashboards view (both instances):**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── Metrics Dashboard
-    ├── Alerts Dashboard
-    └── Logs Dashboard
-```
-
- Master and replica instances show identical folder structure.
- Both sync from the same `shared/` path.
- Reverse proxy routes traffic to master (active) instance.
- If master fails, proxy automatically fails over to replica (standby).
- Users see the same dashboards regardless of which instance is serving traffic.
-
-### Configuration parameters
-
-Both master and replica instances use identical parameters:
-
-**Master instance:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `shared/`
-
-**Replica instance:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `shared/`
-
-### How it works
-
-1. Both instances stay synchronized through Git.
-2. Reverse proxy routes traffic to primary.
-3. Users edit on primary. Git Sync commits changes.
-4. Both instances pull latest changes to keep replica in sync.
-5. On primary failure, proxy fails over to replica.
-
-### Failover considerations
-
- Health checks and monitoring.
- Continuous syncing to minimize data loss.
- Plan failback (automatic or manual).
-
-## Load balancer scenario
-
-Run multiple active Grafana instances behind a load balancer. All instances sync from the same Git location.
-
-### Use it for
-
- **High traffic**: Your deployment needs to handle significant user load.
- **Load distribution**: You want to distribute user requests across instances.
- **Maximum availability**: You need service continuity during maintenance or failures.
- **Scalability**: You want to add instances as load increases.
- **Performance**: Users need fast response times under heavy load.
-
-### Architecture
-
-```
-┌─────────────────────────────────────────────────────┐
-│           GitHub Repository                         │
-│   Repository: your-org/grafana-manifests          │
-│   Branch: main                                      │
-│                                                     │
-│   grafana-manifests/                              │
-│   └── shared/                                      │
-│       ├── dashboard-metrics.json                   │
-│       ├── dashboard-alerts.json                    │
-│       └── dashboard-logs.json                      │
-└─────────────────────────────────────────────────────┘
-              ↕                           ↕
-        Git Sync (shared/)        Git Sync (shared/)
-              ↕                           ↕
-┌────────────────────┐          ┌────────────────────┐
-│  Grafana Instance 1│          │  Grafana Instance 2│
-│    (Active)        │          │    (Active)        │
-│                    │          │                    │
-│  Repository:       │          │  Repository:       │
-│  - path: shared/   │          │  - path: shared/   │
-└────────────────────┘          └────────────────────┘
-         │                               │
-         └───────────┬───────────────────┘
-                     ↓
-          ┌──────────────────────┐
-          │  Load Balancer       │
-          │  (Round Robin)       │
-          └──────────────────────┘
-```
-
-### Repository structure
-
-**In Git:**
-
-```
-your-org/grafana-manifests
-└── shared/
-    ├── dashboard-metrics.json
-    ├── dashboard-alerts.json
-    └── dashboard-logs.json
-```
-
-**In Grafana Dashboards view (all instances):**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── Metrics Dashboard
-    ├── Alerts Dashboard
-    └── Logs Dashboard
-```
-
- All instances show identical folder structure.
- All instances sync from the same `shared/` path.
- Load balancer distributes requests across all active instances.
- Any instance can serve read requests.
- Any instance can accept dashboard modifications.
- Changes propagate to all instances through Git.
-
-### Configuration parameters
-
-All instances use identical parameters:
-
-**Instance 1:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `shared/`
-
-**Instance 2:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `shared/`
-
-### How it works
-
-1. All instances stay synchronized through Git.
-2. Load balancer distributes incoming traffic across all active instances.
-3. Users can view dashboards from any instance.
-4. When a user modifies a dashboard on any instance, Git Sync commits the change.
-5. All other instances pull the updated dashboard during their next sync cycle, or instantly if webhooks are configured.
-6. If one instance fails, load balancer stops routing traffic to it and remaining instances continue serving.
-
-### Important considerations
-
- **Eventually consistent**: Due to sync intervals, instances may briefly have different dashboard versions.
- **Concurrent edits**: Multiple users editing the same dashboard on different instances can cause conflicts.
- **Database sharing**: Instances should share the same backend database for user sessions, preferences, and annotations.
- **Stateless design**: Design for stateless operation where possible to maximize load balancing effectiveness.
@@ -1,93 +0,0 @@
---
-title: Git Sync with regional replication
-menuTitle: Regional replication
-description: Synchronize multiple regional Grafana instances from a shared Git location
-weight: 30
---
-
-# Git Sync with regional replication
-
-Deploy multiple Grafana instances across regions. Synchronize them with the same Git location to ensure consistent dashboards everywhere.
-
-## Use it for
-
- **Geographic distribution**: You deploy Grafana close to users in different regions.
- **Latency reduction**: Users need fast dashboard access from their location.
- **Data sovereignty**: You keep dashboard data in specific regions.
- **High availability**: You need dashboard availability across regions.
- **Consistent experience**: All users see the same dashboards regardless of region.
-
-## Architecture
-
-```
-┌─────────────────────────────────────────────────────┐
-│           GitHub Repository                         │
-│   Repository: your-org/grafana-manifests          │
-│   Branch: main                                      │
-│                                                     │
-│   grafana-manifests/                              │
-│   └── shared/                                      │
-│       ├── dashboard-global.json                    │
-│       ├── dashboard-metrics.json                   │
-│       └── dashboard-logs.json                      │
-└─────────────────────────────────────────────────────┘
-              ↕                           ↕
-       Git Sync (shared/)         Git Sync (shared/)
-              ↕                           ↕
-┌────────────────────┐          ┌────────────────────┐
-│  US Region         │          │  EU Region         │
-│  Grafana           │          │  Grafana           │
-│                    │          │                    │
-│  Repository:       │          │  Repository:       │
-│  - path: shared/   │          │  - path: shared/   │
-└────────────────────┘          └────────────────────┘
-```
-
-## Repository structure
-
-**In Git:**
-
-```
-your-org/grafana-manifests
-└── shared/
-    ├── dashboard-global.json
-    ├── dashboard-metrics.json
-    └── dashboard-logs.json
-```
-
-**In Grafana Dashboards view (all regions):**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── Global Dashboard
-    ├── Metrics Dashboard
-    └── Logs Dashboard
-```
-
- All regional instances (US, EU, etc.) show identical folder structure
- Same folder name "grafana-manifests" in every region
- Same dashboards synced from the `shared/` path appear everywhere
- Users in any region see the exact same dashboards with the same titles
-
-## Configuration parameters
-
-All regions:
-
- Repository: `your-org/grafana-manifests`
- Branch: `main`
- Path: `shared/`
-
-## How it works
-
-1. All regional instances pull dashboards from `shared/`.
-2. Any region’s change commits to Git.
-3. Other regions pull updates during the next sync (or via webhooks).
-4. Changes propagate across regions per sync interval.
-
-## Considerations
-
- **Write conflicts**: If users in different regions modify the same dashboard simultaneously, Git uses last-write-wins.
- **Primary region**: Consider designating one region as the primary location for making dashboard changes.
- **Propagation time**: Changes propagate to all regions within the configured sync interval, or instantly if webhooks are configured.
- **Network reliability**: Ensure all regions have reliable connectivity to the Git repository.
@@ -1,169 +0,0 @@
---
-title: Multiple team Git Sync
-menuTitle: Shared instance
-description: Use multiple Git repositories with one Grafana instance, one repository per team
-weight: 60
---
-
-# Git Sync in a Grafana instance shared by multiple teams
-
-Use a single Grafana instance with multiple Repository resources, one per team. Each team manages its own dashboards while sharing Grafana.
-
-## Use it for
-
- **Team autonomy**: Different teams manage their own dashboards independently.
- **Organizational structure**: Dashboard organization aligns with team structure.
- **Resource efficiency**: Multiple teams share Grafana infrastructure.
- **Cost optimization**: You reduce infrastructure costs while maintaining team separation.
- **Collaboration**: Teams can view each other’s dashboards while managing their own.
-
-## Architecture
-
-```
-┌─────────────────────────┐  ┌─────────────────────────┐
-│  Platform Team Repo     │  │  Data Team Repo         │
-│  platform-dashboards    │  │  data-dashboards        │
-│                         │  │                         │
-│  platform-dashboards/   │  │  data-dashboards/       │
-│  └── grafana/           │  │  └── grafana/           │
-│      ├── k8s.json       │  │      ├── pipeline.json  │
-│      └── infra.json     │  │      └── analytics.json │
-└─────────────────────────┘  └─────────────────────────┘
-           ↕                            ↕
-    Git Sync (grafana/)          Git Sync (grafana/)
-           ↕                            ↕
-        ┌──────────────────────────────────────┐
-        │       Grafana Instance               │
-        │                                      │
-        │  Repository 1:                       │
-        │  - repo: platform-dashboards         │
-        │  → Creates "platform-dashboards"     │
-        │                                      │
-        │  Repository 2:                       │
-        │  - repo: data-dashboards             │
-        │  → Creates "data-dashboards"         │
-        └──────────────────────────────────────┘
-```
-
-## Repository structure
-
-**In Git (separate repositories):**
-
-**Platform team repository:**
-
-```
-your-org/platform-dashboards
-└── grafana/
-    ├── dashboard-k8s.json
-    └── dashboard-infra.json
-```
-
-**Data team repository:**
-
-```
-your-org/data-dashboards
-└── grafana/
-    ├── dashboard-pipeline.json
-    └── dashboard-analytics.json
-```
-
-**In Grafana Dashboards view:**
-
-```
-Dashboards
-├── 📁 platform-dashboards/
-│   ├── Kubernetes Dashboard
-│   └── Infrastructure Dashboard
-└── 📁 data-dashboards/
-    ├── Pipeline Dashboard
-    └── Analytics Dashboard
-```
-
- Two separate folders created (one per Repository resource).
- Folder names derived from repository names.
- Each team has complete control over their own repository.
- Teams can independently manage permissions, branches, and workflows in their repos.
- All teams can view each other's dashboards in Grafana but manage only their own.
-
-## Configuration parameters
-
-**Platform team repository:**
-
- **Repository**: `your-org/platform-dashboards`
- **Branch**: `main`
- **Path**: `grafana/`
-
-**Data team repository:**
-
- **Repository**: `your-org/data-dashboards`
- **Branch**: `main`
- **Path**: `grafana/`
-
-## How it works
-
-1. Each team has their own Git repository for complete autonomy.
-2. Each repository resource in Grafana creates a separate folder.
-3. Platform team dashboards sync from `your-org/platform-dashboards` repository.
-4. Data team dashboards sync from `your-org/data-dashboards` repository.
-5. Teams can independently manage their repository settings, access controls, and workflows.
-6. All teams can view each other's dashboards in Grafana but edit only their own.
-
-## Scale to more teams
-
-Adding additional teams is straightforward. For a third team, create a new repository and configure:
-
- **Repository**: `your-org/security-dashboards`
- **Branch**: `main`
- **Path**: `grafana/`
-
-This creates a new "security-dashboards" folder in the same Grafana instance.
-
-## Alternative: Shared repository with different paths
-
-For teams that prefer sharing a single repository, use different paths to separate team dashboards:
-
-**In Git:**
-
-```
-your-org/grafana-manifests
-├── team-platform/
-│   ├── dashboard-k8s.json
-│   └── dashboard-infra.json
-└── team-data/
-    ├── dashboard-pipeline.json
-    └── dashboard-analytics.json
-```
-
-**Configuration:**
-
-**Platform team:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `team-platform/`
-
-**Data team:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `team-data/`
-
-This approach provides simpler repository management but less isolation between teams.
-
-## Alternative: Different branches per team
-
-For teams wanting their own branch in a shared repository:
-
-**Platform team:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `team-platform`
- **Path**: `grafana/`
-
-**Data team:**
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `team-data`
- **Path**: `grafana/`
-
-This allows teams to use Git branch workflows for collaboration while sharing the same repository.
@@ -1,86 +0,0 @@
---
-title: Single instance Git Sync
-menuTitle: Single instance
-description: Synchronize a single Grafana instance with a Git repository
-weight: 10
---
-
-# Single instance Git Sync
-
-Use a single Grafana instance synchronized with a Git repository. This is the foundation for Git Sync and helps you understand bidirectional synchronization.
-
-## Use it for
-
- **Getting started**: You want to learn how Git Sync works before implementing complex scenarios.
- **Personal projects**: Individual developers manage their own dashboards.
- **Small teams**: You have a simple setup without multiple environments or complex workflows.
- **Development environments**: You need quick prototyping and testing.
-
-## Architecture
-
-```
-┌─────────────────────────────────────────────────────┐
-│           GitHub Repository                         │
-│   Repository: your-org/grafana-manifests          │
-│   Branch: main                                      │
-│                                                     │
-│   grafana-manifests/                              │
-│   └── grafana/                                     │
-│       ├── dashboard-1.json                         │
-│       ├── dashboard-2.json                         │
-│       └── dashboard-3.json                         │
-└─────────────────────────────────────────────────────┘
-                        ↕
-              Git Sync (bidirectional)
-                        ↕
-        ┌─────────────────────────────┐
-        │    Grafana Instance         │
-        │                             │
-        │  Repository Resource:       │
-        │  - url: grafana-manifests  │
-        │  - branch: main             │
-        │  - path: grafana/           │
-        │                             │
-        │  Creates folder:            │
-        │  "grafana-manifests"       │
-        └─────────────────────────────┘
-```
-
-## Repository structure
-
-**In Git:**
-
-```
-your-org/grafana-manifests
-└── grafana/
-    ├── dashboard-1.json
-    ├── dashboard-2.json
-    └── dashboard-3.json
-```
-
-**In Grafana Dashboards view:**
-
-```
-Dashboards
-└── 📁 grafana-manifests/
-    ├── Dashboard 1
-    ├── Dashboard 2
-    └── Dashboard 3
-```
-
- A folder named "grafana-manifests" (from repository name) contains all synced dashboards.
- Each JSON file becomes a dashboard with its title displayed in the folder.
- Users browse dashboards organized under this folder structure.
-
-## Configuration parameters
-
-Configure your Grafana instance to synchronize with:
-
- **Repository**: `your-org/grafana-manifests`
- **Branch**: `main`
- **Path**: `grafana/`
-
-## How it works
-
-1. **From Grafana to Git**: When users create or modify dashboards in Grafana, Git Sync commits changes to the `grafana/` directory on the `main` branch.
-2. **From Git to Grafana**: When dashboard JSON files are added or modified in the `grafana/` directory, Git Sync pulls these changes into Grafana.
@@ -367,6 +367,5 @@ To learn more about using Git Sync:

 - [Work with provisioned dashboards](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/provisioned-dashboards/)
 - [Manage provisioned repositories with Git Sync](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/use-git-sync/)
- [Git Sync deployment scenarios](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios)
 - [Export resources](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/export-resources/)
 - [grafanactl documentation](https://grafana.github.io/grafanactl/)
@@ -127,13 +127,7 @@ An instance can be in one of the following Git Sync states:

 ## Common use cases

-{{< admonition type="note" >}}
-
-Refer to [Git Sync deployment scenarios](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/as-code/observability-as-code/provision-resources/git-sync-deployment-scenarios) for sample scenarios, including architecture and configuration details.
-
-{{< /admonition >}}
-
-You can use Git Sync for the following use cases:
+You can use Git Sync in the following scenarios.

 ### Version control and auditing

@@ -14,7 +14,7 @@ labels:
    - cloud
 title: Manage provisioned repositories with Git Sync
 menuTitle: Manage repositories with Git Sync
-weight: 400
+weight: 120
 canonical: https://grafana.com/docs/grafana/latest/as-code/observability-as-code/provision-resources/use-git-sync/
 aliases:
  - ../../../observability-as-code/provision-resources/use-git-sync/ # /docs/grafana/next/observability-as-code/provision-resources/use-git-sync/
@@ -62,6 +62,5 @@ The table includes default and other fields:
 | targetBlank | bool. If true, the link will be opened in a new tab. Default is `false`. |
 | includeVars | bool. If true, includes current template variables values in the link as query params. Default is `false`. |
 | keepTime    | bool. If true, includes current time range in the link as query params. Default is `false`. |
-| placement?  | string. Use placement to display the link somewhere else on the dashboard other than above the visualizations. Use  the `inControlsMenu` parameter to render the link in the dashboard controls dropdown menu. |

 <!-- prettier-ignore-end -->
@@ -3,6 +3,7 @@ aliases:
  - ../data-sources/azure-monitor/
  - ../features/datasources/azuremonitor/
  - azuremonitor/
+  - azuremonitor/deprecated-application-insights/
 description: Guide for using Azure Monitor in Grafana
 keywords:
  - grafana
@@ -22,7 +23,6 @@ labels:
 menuTitle: Azure Monitor
 title: Azure Monitor data source
 weight: 300
-last_reviewed: 2025-12-04
 refs:
  configure-grafana-feature-toggles:
    - pattern: /docs/grafana/
@@ -49,11 +49,6 @@ refs:
      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/
    - pattern: /docs/grafana-cloud/
      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/
-  transform-data:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/panels-visualizations/query-transform-data/transform-data/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/panels-visualizations/query-transform-data/transform-data/
  configure-grafana-azure:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-grafana/#azure
@@ -68,98 +63,295 @@ refs:
    - pattern: /docs/grafana/
      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-access/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-  query-editor-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-  template-variables-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/template-variables/
-  alerting-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/alerting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/alerting/
-  troubleshooting-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-  annotations-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/annotations/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/annotations/
+      destination: /docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-access/configure-authentication/azuread/#enable-azure-ad-oauth-in-grafana
 ---

 # Azure Monitor data source

-The Azure Monitor data source plugin allows you to query and visualize data from Azure Monitor, the Azure service to maximize the availability and performance of applications and services in the Azure Cloud.
+Grafana ships with built-in support for Azure Monitor, the Azure service to maximize the availability and performance of applications and services in the Azure Cloud.
+This topic explains configuring and querying specific to the Azure Monitor data source.

-## Supported Azure clouds
+For instructions on how to add a data source to Grafana, refer to the [administration documentation](ref:data-source-management).
+Only users with the organization administrator role can add data sources.

-The Azure Monitor data source supports the following Azure cloud environments:
+Once you've added the Azure Monitor data source, you can [configure it](#configure-the-data-source) so that your Grafana instance's users can create queries in its [query editor](query-editor/) when they [build dashboards](ref:build-dashboards) and use [Explore](ref:explore).

- **Azure** - Azure public cloud (default)
- **Azure US Government** - Azure Government cloud
- **Azure China** - Azure China cloud operated by 21Vianet
+The Azure Monitor data source supports visualizing data from four Azure services:

-## Supported Azure services
+- **Azure Monitor Metrics:** Collect numeric data from resources in your Azure account.
+- **Azure Monitor Logs:** Collect log and performance data from your Azure account, and query using the Kusto Query Language (KQL).
+- **Azure Resource Graph:** Query your Azure resources across subscriptions.
+- **Azure Monitor Application Insights:** Collect trace logging data and other application performance metrics.

-The Azure Monitor data source supports the following Azure services:
+## Configure the data source

-| Service                         | Description                                                                                                                 |
-| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| **Azure Monitor Metrics**       | Collect numeric data from resources in your Azure account. Supports dimensions, aggregations, and time grain configuration. |
-| **Azure Monitor Logs**          | Collect log and performance data from your Azure account using the Kusto Query Language (KQL).                              |
-| **Azure Resource Graph**        | Query your Azure resources across subscriptions using KQL. Useful for inventory, compliance, and resource management.       |
-| **Application Insights Traces** | Collect distributed trace data and correlate requests across your application components.                                   |
+**To access the data source configuration page:**

-## Get started
+1. Click **Connections** in the left-side menu.
+1. Under Your connections, click **Data sources**.
+1. Enter `Azure Monitor` in the search bar.
+1. Click **Azure Monitor**.

-The following documents will help you get started with the Azure Monitor data source:
+   The **Settings** tab of the data source is displayed.

- [Configure the Azure Monitor data source](ref:configure-azure-monitor) - Set up authentication and connect to Azure
- [Azure Monitor query editor](ref:query-editor-azure-monitor) - Create and edit queries for Metrics, Logs, Traces, and Resource Graph
- [Template variables](ref:template-variables-azure-monitor) - Create dynamic dashboards with Azure Monitor variables
- [Alerting](ref:alerting-azure-monitor) - Create alert rules using Azure Monitor data
- [Troubleshooting](ref:troubleshooting-azure-monitor) - Solve common configuration and query errors
+### Configure Azure Active Directory (AD) authentication

-## Additional features
+You must create an app registration and service principal in Azure AD to authenticate the data source.
+For configuration details, refer to the [Azure documentation for service principals](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).

-After you have configured the Azure Monitor data source, you can:
+The app registration you create must have the `Reader` role assigned on the subscription.
+For more information, refer to [Azure documentation for role assignments](https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=current).

- Add [Annotations](ref:annotations-azure-monitor) to overlay Azure log events on your graphs.
- Configure and use [Template variables](ref:template-variables-azure-monitor) for dynamic dashboards.
- Add [Transformations](ref:transform-data) to manipulate query results.
- Set up [Alerting](ref:alerting-azure-monitor) and recording rules using Metrics, Logs, Traces, and Resource Graph queries.
- Use [Explore](ref:explore) to investigate your Azure data without building a dashboard.
+If you host Grafana in Azure, such as in App Service or Azure Virtual Machines, you can configure the Azure Monitor data source to use Managed Identity for secure authentication without entering credentials into Grafana.
+For details, refer to [Configuring using Managed Identity](#configuring-using-managed-identity).

-## Pre-built dashboards
+You can configure the Azure Monitor data source to use Workload Identity for secure authentication without entering credentials into Grafana if you host Grafana in a Kubernetes environment, such as AKS, and require access to Azure resources.
+For details, refer to [Configuring using Workload Identity](#configuring-using-workload-identity).

-The Azure Monitor plugin includes the following pre-built dashboards:
+| Name                        | Description                                                                                                                                                                                                                                                                                           |
+| --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Authentication**          | Enables Managed Identity. Selecting Managed Identity hides many of the other fields. For details, see [Configuring using Managed Identity](#configuring-using-managed-identity).                                                                                                                      |
+| **Azure Cloud**             | Sets the national cloud for your Azure account. For most users, this is the default "Azure". For details, see the [Azure documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud).                                                               |
+| **Directory (tenant) ID**   | Sets the directory/tenant ID for the Azure AD app registration to use for authentication. For details, see the [Azure tenant and app ID docs](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in).     |
+| **Application (client) ID** | Sets the application/client ID for the Azure AD app registration to use for authentication.                                                                                                                                                                                                           |
+| **Client secret**           | Sets the application client secret for the Azure AD app registration to use for authentication. For details, see the [Azure application secret docs](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret). |
+| **Default subscription**    | _(Optional)_ Sets a default subscription for template variables to use.                                                                                                                                                                                                                               |
+| **Enable Basic Logs**       | Allows this data source to execute queries against [Basic Logs tables](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/basic-logs-query?tabs=portal-1) in supported Log Analytics Workspaces. These queries may incur additional costs.                                                    |

- **Azure Monitor Overview** - Displays key metrics across your Azure subscriptions and resources.
- **Azure Storage Account** - Shows storage account metrics including availability, latency, and transactions.
+### Provision the data source

-To import a pre-built dashboard:
+You can define and configure the data source in YAML files as part of Grafana's provisioning system.
+For more information about provisioning, and for available configuration options, refer to [Provisioning Grafana](ref:provisioning-data-sources).

-1. Go to **Connections** > **Data sources**.
-1. Select your Azure Monitor data source.
-1. Click the **Dashboards** tab.
-1. Click **Import** next to the dashboard you want to use.
+#### Provisioning examples

-## Related resources
+**Azure AD App Registration (client secret):**

- [Azure Monitor documentation](https://docs.microsoft.com/en-us/azure/azure-monitor/)
- [Kusto Query Language (KQL) reference](https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/)
- [Grafana community forum](https://community.grafana.com/)
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: clientsecret
+      cloudName: azuremonitor # See table below
+      tenantId: <tenant-id>
+      clientId: <client-id>
+      subscriptionId: <subscription-id> # Optional, default subscription
+    secureJsonData:
+      clientSecret: <client-secret>
+    version: 1
+```
+
+**Managed Identity:**
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: msi
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
+**Workload Identity:**
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: workloadidentity
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
+**Current User:**
+
+{{< admonition type="note" >}}
+The `oauthPassThru` property is required for current user authentication to function.
+Additionally, `disableGrafanaCache` is necessary to prevent the data source returning cached responses for resources users don't have access to.
+{{< /admonition >}}
+
+```yaml
+apiVersion: 1 # config file version
+
+datasources:
+  - name: Azure Monitor
+    type: grafana-azure-monitor-datasource
+    access: proxy
+    jsonData:
+      azureAuthType: currentuser
+      oauthPassThru: true
+      disableGrafanaCache: true
+      subscriptionId: <subscription-id> # Optional, default subscription
+    version: 1
+```
+
+#### Supported cloud names
+
+| Azure Cloud                          | `cloudName` Value          |
+| ------------------------------------ | -------------------------- |
+| **Microsoft Azure public cloud**     | `azuremonitor` (_Default_) |
+| **Microsoft Chinese national cloud** | `chinaazuremonitor`        |
+| **US Government cloud**              | `govazuremonitor`          |
+
+{{< admonition type="note" >}}
+Cloud names for current user authentication differ to the `cloudName` values in the preceding table.
+The public cloud name is `AzureCloud`, the Chinese national cloud name is `AzureChinaCloud`, and the US Government cloud name is `AzureUSGovernment`.
+{{< /admonition >}}
+
+### Configure Managed Identity
+
+{{< admonition type="note" >}}
+Managed Identity is available only in [Azure Managed Grafana](https://azure.microsoft.com/en-us/products/managed-grafana) or Grafana OSS/Enterprise when deployed in Azure. It is not available in Grafana Cloud.
+{{< /admonition >}}
+
+You can use managed identity to configure Azure Monitor in Grafana if you host Grafana in Azure (such as an App Service or with Azure Virtual Machines) and have managed identity enabled on your VM.
+This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations.
+For details on Azure managed identities, refer to the [Azure documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview).
+
+**To enable managed identity for Grafana:**
+
+1. Set the `managed_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure).
+
+   ```ini
+   [azure]
+   managed_identity_enabled = true
+   ```
+
+2. In the Azure Monitor data source configuration, set **Authentication** to **Managed Identity**.
+
+   This hides the directory ID, application ID, and client secret fields, and the data source uses managed identity to authenticate to Azure Monitor Metrics and Logs, and Azure Resource Graph.
+
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-managed-identity-2.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Managed Identity authentication" >}}
+
+3. You can set the `managed_identity_client_id` field in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure) to allow a user-assigned managed identity to be used instead of the default system-assigned identity.
+
+```ini
+[azure]
+managed_identity_enabled = true
+managed_identity_client_id = USER_ASSIGNED_IDENTITY_CLIENT_ID
+```
+
+### Configure Workload Identity
+
+You can use workload identity to configure Azure Monitor in Grafana if you host Grafana in a Kubernetes environment, such as AKS, in conjunction with managed identities.
+This lets you securely authenticate data sources without manually configuring credentials via Azure AD App Registrations.
+For details on workload identity, refer to the [Azure workload identity documentation](https://azure.github.io/azure-workload-identity/docs/).
+
+**To enable workload identity for Grafana:**
+
+1. Set the `workload_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure).
+
+   ```ini
+   [azure]
+   workload_identity_enabled = true
+   ```
+
+2. In the Azure Monitor data source configuration, set **Authentication** to **Workload Identity**.
+
+   This hides the directory ID, application ID, and client secret fields, and the data source uses workload identity to authenticate to Azure Monitor Metrics and Logs, and Azure Resource Graph.
+
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-workload-identity.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Workload Identity authentication" >}}
+
+3. There are additional configuration variables that can control the authentication method.`workload_identity_tenant_id` represents the Azure AD tenant that contains the managed identity, `workload_identity_client_id` represents the client ID of the managed identity if it differs from the default client ID, `workload_identity_token_file` represents the path to the token file. Refer to the [documentation](https://azure.github.io/azure-workload-identity/docs/) for more information on what values these variables should use, if any.
+
+   ```ini
+   [azure]
+   workload_identity_enabled = true
+   workload_identity_tenant_id = IDENTITY_TENANT_ID
+   workload_identity_client_id = IDENTITY_CLIENT_ID
+   workload_identity_token_file = TOKEN_FILE_PATH
+   ```
+
+### Configure Current User authentication
+
+{{< admonition type="note" >}}
+Current user authentication is an [experimental feature](/docs/release-life-cycle). Engineering and on-call support is not available. Documentation is either limited or not provided outside of code comments. No SLA is provided. Contact Grafana Support to enable this feature in Grafana Cloud. Aspects of Grafana may not work as expected when using this authentication method.
+{{< /admonition >}}
+
+If your Grafana instance is configured with Azure Entra (formerly Active Directory) authentication for login, this authentication method can be used to forward the currently logged in user's credentials to the data source. The users credentials will then be used when requesting data from the data source. For details on how to configure your Grafana instance using Azure Entra refer to the [documentation](ref:configure-grafana-azure-auth).
+
+{{< admonition type="note" >}}
+Additional configuration is required to ensure that the App Registration used to login a user via Azure provides an access token with the permissions required by the data source.
+
+The App Registration must be configured to issue both **Access Tokens** and **ID Tokens**.
+
+1. In the Azure Portal, open the App Registration that requires configuration.
+2. Select **Authentication** in the side menu.
+3. Under **Implicit grant and hybrid flows** check both the **Access tokens** and **ID tokens** boxes.
+4. Save the changes to ensure the App Registration is updated.
+
+The App Registration must also be configured with additional **API Permissions** to provide authenticated users with access to the APIs utilised by the data source.
+
+1. In the Azure Portal, open the App Registration that requires configuration.
+1. Select **API Permissions** in the side menu.
+1. Ensure the `openid`, `profile`, `email`, and `offline_access` permissions are present under the **Microsoft Graph** section. If not, they must be added.
+1. Select **Add a permission** and choose the following permissions. They must be added individually. Refer to the [Azure documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis) for more information.
+   - Select **Azure Service Management** > **Delegated permissions** > `user_impersonation` > **Add permissions**
+   - Select **APIs my organization uses** > Search for **Log Analytics API** and select it > **Delegated permissions** > `Date.Read` > **Add permissions**
+
+Once all permissions have been added, the Azure authentication section in Grafana must be updated. The `scopes` section must be updated to include the `.default` scope to ensure that a token with access to all APIs declared on the App Registration is requested by Grafana. Once updated the scopes value should equal: `.default openid email profile`.
+{{< /admonition >}}
+
+This method of authentication doesn't inherently support all backend functionality as a user's credentials won't be in scope.
+Affected functionality includes alerting, reporting, and recorded queries.
+In order to support backend queries when using a data source configured with current user authentication, you can configure service credentials.
+Also, note that query and resource caching is disabled by default for data sources using current user authentication.
+
+{{< admonition type="note" >}}
+To configure fallback service credentials the [feature toggle](ref:configure-grafana-feature-toggles) `idForwarding` must be set to `true` and `user_identity_fallback_credentials_enabled` must be enabled in the [Azure configuration section](ref:configure-grafana-azure) (enabled by default when `user_identity_enabled` is set to `true`).
+{{< /admonition >}}
+
+Permissions for fallback credentials may need to be broad to appropriately support backend functionality.
+For example, an alerting query created by a user is dependent on their permissions.
+If a user tries to create an alert for a resource that the fallback credentials can't access, the alert will fail.
+
+**To enable current user authentication for Grafana:**
+
+1. Set the `user_identity_enabled` flag in the `[azure]` section of the [Grafana server configuration](ref:configure-grafana-azure).
+   By default this will also enable fallback service credentials.
+   If you want to disable service credentials at the instance level set `user_identity_fallback_credentials_enabled` to false.
+
+   ```ini
+   [azure]
+   user_identity_enabled = true
+   ```
+
+1. In the Azure Monitor data source configuration, set **Authentication** to **Current User**.
+   If fallback service credentials are enabled at the instance level, an additional configuration section is visible that you can use to enable or disable using service credentials for this data source.
+   {{< figure src="/media/docs/grafana/data-sources/screenshot-current-user.png" max-width="800px" class="docs-image--no-shadow" caption="Azure Monitor screenshot showing Current User authentication" >}}
+
+1. If you want backend functionality to work with this data source, enable service credentials and configure the data source using the most applicable credentials for your circumstances.
+
+## Query the data source
+
+The Azure Monitor data source can query data from Azure Monitor Metrics and Logs, the Azure Resource Graph, and Application Insights Traces. Each source has its own specialized query editor.
+
+For details, see the [query editor documentation](query-editor/).
+
+## Use template variables
+
+Instead of hard-coding details such as server, application, and sensor names in metric queries, you can use variables.
+Grafana lists these variables in dropdown select boxes at the top of the dashboard to help you change the data displayed in your dashboard.
+Grafana refers to such variables as template variables.
+
+For details, see the [template variables documentation](template-variables/).
+
+## Application Insights and Insights Analytics (removed)
+
+Until Grafana v8.0, you could query the same Azure Application Insights data using Application Insights and Insights Analytics.
+
+These queries were deprecated in Grafana v7.5. In Grafana v8.0, Application Insights and Insights Analytics were made read-only in favor of querying this data through Metrics and Logs. These query methods were completely removed in Grafana v9.0.
+
+If you're upgrading from a Grafana version prior to v9.0 and relied on Application Insights and Analytics queries, refer to the [Grafana v9.0 documentation](/docs/grafana/v9.0/datasources/azuremonitor/deprecated-application-insights/) for help migrating these queries to Metrics and Logs queries.
@@ -1,262 +0,0 @@
---
-aliases:
-  - ../../data-sources/azure-monitor/alerting/
-description: Set up alerts using Azure Monitor data in Grafana
-keywords:
-  - grafana
-  - azure
-  - monitor
-  - alerting
-  - alerts
-  - metrics
-  - logs
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Alerting
-title: Azure Monitor alerting
-weight: 500
-refs:
-  alerting:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/
-  alerting-fundamentals:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/fundamentals/
-  create-alert-rule:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-grafana-managed-rule/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-grafana-managed-rule/
-  grafana-managed-recording-rules:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-recording-rules/create-grafana-managed-recording-rules/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/alerting/alerting-rules/create-recording-rules/create-grafana-managed-recording-rules/
-  configure-azure-monitor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/configure/
-  query-editor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-  troubleshoot:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/troubleshooting/
---
-
-# Azure Monitor alerting
-
-The Azure Monitor data source supports [Grafana Alerting](ref:alerting) and [Grafana-managed recording rules](ref:grafana-managed-recording-rules), allowing you to create alert rules based on Azure metrics, logs, traces, and resource data. You can monitor your Azure environment and receive notifications when specific conditions are met.
-
-## Before you begin
-
- Ensure you have the appropriate permissions to create alert rules in Grafana.
- Verify your Azure Monitor data source is configured and working correctly.
- Familiarize yourself with [Grafana Alerting concepts](ref:alerting-fundamentals).
- **Important**: Verify your data source uses a supported authentication method. Refer to [Authentication requirements](#authentication-requirements).
-
-## Supported query types for alerting
-
-All Azure Monitor query types support alerting and recording rules:
-
-| Query type           | Use case                                           | Notes                                                    |
-| -------------------- | -------------------------------------------------- | -------------------------------------------------------- |
-| Metrics              | Threshold-based alerts on Azure resource metrics   | Best suited for alerting; returns time-series data       |
-| Logs                 | Alert on log patterns, error counts, or thresholds | Use KQL to aggregate data into numeric values            |
-| Azure Resource Graph | Alert on resource state or configuration changes   | Use count aggregations to return numeric data            |
-| Traces               | Alert on trace data and application performance    | Use aggregations to return numeric values for evaluation |
-
-{{< admonition type="note" >}}
-Alert queries must return numeric data that Grafana can evaluate against a threshold. Queries that return only text or non-numeric data cannot be used directly for alerting.
-{{< /admonition >}}
-
-## Authentication requirements
-
-Alerting and recording rules run as background processes without a user context. This means they require service-level authentication and don't work with all authentication methods.
-
-| Authentication method            | Supported                             |
-| -------------------------------- | ------------------------------------- |
-| App Registration (client secret) | ✓                                     |
-| Managed Identity                 | ✓                                     |
-| Workload Identity                | ✓                                     |
-| Current User                     | ✓ (with fallback service credentials) |
-
-{{< admonition type="note" >}}
-If you use **Current User** authentication, you must configure **fallback service credentials** for alerting and recording rules to function. User credentials aren't available for background operations, so Grafana uses the fallback credentials instead. Refer to [configure the data source](ref:configure-azure-monitor) for details on setting up fallback credentials.
-{{< /admonition >}}
-
-## Create an alert rule
-
-To create an alert rule using Azure Monitor data:
-
-1. Go to **Alerting** > **Alert rules**.
-1. Click **New alert rule**.
-1. Enter a name for your alert rule.
-1. In the **Define query and alert condition** section:
-   - Select your Azure Monitor data source.
-   - Configure your query (for example, a Metrics query for CPU usage or a Logs query using KQL).
-   - Add a **Reduce** expression if your query returns multiple series.
-   - Add a **Threshold** expression to define the alert condition.
-1. Configure the **Set evaluation behavior**:
-   - Select or create a folder and evaluation group.
-   - Set the evaluation interval (how often the alert is checked).
-   - Set the pending period (how long the condition must be true before firing).
-1. Add labels and annotations to provide context for notifications.
-1. Click **Save rule**.
-
-For detailed instructions, refer to [Create a Grafana-managed alert rule](ref:create-alert-rule).
-
-## Example: VM CPU usage alert
-
-This example creates an alert that fires when virtual machine CPU usage exceeds 80%:
-
-1. Create a new alert rule.
-1. Configure the query:
-   - **Service**: Metrics
-   - **Resource**: Select your virtual machine
-   - **Metric namespace**: `Microsoft.Compute/virtualMachines`
-   - **Metric**: `Percentage CPU`
-   - **Aggregation**: `Average`
-1. Add expressions:
-   - **Reduce**: Last (to get the most recent data point)
-   - **Threshold**: Is above 80
-1. Set evaluation to run every 1 minute with a 5-minute pending period.
-1. Save the rule.
-
-## Example: Error log count alert
-
-This example alerts when error logs exceed a threshold using a KQL query:
-
-1. Create a new alert rule.
-1. Configure the query:
-   - **Service**: Logs
-   - **Resource**: Select your Log Analytics workspace
-   - **Query**:
-     ```kusto
-     AppExceptions
-     | where TimeGenerated > ago(5m)
-     | summarize ErrorCount = count() by bin(TimeGenerated, 1m)
-     ```
-1. Add expressions:
-   - **Reduce**: Max (to get the highest count in the period)
-   - **Threshold**: Is above 10
-1. Set evaluation to run every 5 minutes.
-1. Save the rule.
-
-## Example: Resource count alert
-
-This example alerts when the number of running virtual machines drops below a threshold using Azure Resource Graph:
-
-1. Create a new alert rule.
-1. Configure the query:
-   - **Service**: Azure Resource Graph
-   - **Subscriptions**: Select your subscriptions
-   - **Query**:
-
-     ```kusto
-     resources
-     | where type == "microsoft.compute/virtualmachines"
-     | where properties.extended.instanceView.powerState.displayStatus == "VM running"
-     | summarize RunningVMs = count()
-     ```
-
-1. Add expressions:
-   - **Reduce**: Last
-   - **Threshold**: Is below 3
-1. Set evaluation to run every 5 minutes.
-1. Save the rule.
-
-## Best practices
-
-Follow these recommendations to create reliable and efficient alerts with Azure Monitor data.
-
-### Use appropriate query intervals
-
- Set the alert evaluation interval to be greater than or equal to the minimum data resolution from Azure Monitor.
- Azure Monitor Metrics typically have 1-minute granularity at minimum.
- Avoid very short intervals (less than 1 minute) as they may cause evaluation timeouts or miss data points.
-
-### Reduce multiple series
-
-When your Azure Monitor query returns multiple time series (for example, CPU usage across multiple VMs), use the **Reduce** expression to aggregate them:
-
- **Last**: Use the most recent value
- **Mean**: Average across all series
- **Max/Min**: Use the highest or lowest value
- **Sum**: Total across all series
-
-### Optimize Log Analytics queries
-
-For Logs queries used in alerting:
-
- Use `summarize` to aggregate data into numeric values.
- Include appropriate time filters using `ago()` or `TimeGenerated`.
- Avoid returning large result sets; aggregate data in the query.
- Test queries in Explore before using them in alert rules.
-
-### Handle no data conditions
-
-Configure what happens when no data is returned:
-
-1. In the alert rule, find **Configure no data and error handling**.
-1. Choose an appropriate action:
-   - **No Data**: Keep the alert in its current state
-   - **Alerting**: Treat no data as an alert condition
-   - **OK**: Treat no data as a healthy state
-
-### Test queries before alerting
-
-Always verify your query returns expected data before creating an alert:
-
-1. Go to **Explore**.
-1. Select your Azure Monitor data source.
-1. Run the query you plan to use for alerting.
-1. Confirm the data format and values are correct.
-1. Verify the query returns numeric data suitable for threshold evaluation.
-
-## Troubleshooting
-
-If your Azure Monitor alerts aren't working as expected, use the following sections to diagnose and resolve common issues.
-
-### Alerts not firing
-
- Verify the data source uses a supported authentication method. If using Current User authentication, ensure fallback service credentials are configured.
- Check that the query returns numeric data in Explore.
- Ensure the evaluation interval allows enough time for data to be available.
- Review the alert rule's health and any error messages in the Alerting UI.
-
-### Authentication errors in alert evaluation
-
-If you see authentication errors when alerts evaluate:
-
- Confirm the data source is configured with App Registration, Managed Identity, Workload Identity, or Current User with fallback service credentials.
- If using App Registration, verify the client secret hasn't expired.
- If using Current User, verify that fallback service credentials are configured and valid.
- Check that the service principal has appropriate permissions on Azure resources.
-
-### Query timeout errors
-
- Simplify complex KQL queries.
- Reduce the time range in Log Analytics queries.
- Add more specific filters to narrow result sets.
-
-For additional troubleshooting help, refer to [Troubleshoot Azure Monitor](ref:troubleshoot).
-
-## Additional resources
-
- [Grafana Alerting documentation](ref:alerting)
- [Create alert rules](ref:create-alert-rule)
- [Azure Monitor query editor](ref:query-editor)
- [Grafana-managed recording rules](ref:grafana-managed-recording-rules)
@@ -1,218 +0,0 @@
---
-aliases:
-  - ../../data-sources/azure-monitor/annotations/
-description: Use annotations with the Azure Monitor data source in Grafana
-keywords:
-  - grafana
-  - azure
-  - monitor
-  - annotations
-  - events
-  - logs
-labels:
-  products:
-    - cloud
-    - enterprise
-    - oss
-menuTitle: Annotations
-title: Azure Monitor annotations
-weight: 450
-refs:
-  annotate-visualizations:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/annotate-visualizations/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/dashboards/build-dashboards/annotate-visualizations/
-  query-editor:
-    - pattern: /docs/grafana/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
-    - pattern: /docs/grafana-cloud/
-      destination: /docs/grafana/<GRAFANA_VERSION>/datasources/azure-monitor/query-editor/
---
-
-# Azure Monitor annotations
-
-[Annotations](ref:annotate-visualizations) overlay rich event information on top of graphs. You can use Azure Monitor Log Analytics queries to create annotations that mark important events, deployments, alerts, or other significant occurrences on your dashboards.
-
-## Before you begin
-
- Ensure you have configured the Azure Monitor data source.
- You need access to a Log Analytics workspace containing the data you want to use for annotations.
- Annotations use Log Analytics (KQL) queries only. Metrics, Traces, and Azure Resource Graph queries are not supported for annotations.
-
-## Create an annotation query
-
-To add an Azure Monitor annotation to a dashboard:
-
-1. Open the dashboard where you want to add annotations.
-1. Click **Dashboard settings** (gear icon) in the top navigation.
-1. Select **Annotations** in the left menu.
-1. Click **Add annotation query**.
-1. Enter a **Name** for the annotation (e.g., "Azure Activity", "Deployments").
-1. Select your **Azure Monitor** data source.
-1. Choose the **Logs** service.
-1. Select a **Resource** (Log Analytics workspace or Application Insights resource).
-1. Write a KQL query that returns the annotation data.
-1. Click **Apply** to save.
-
-## Query requirements
-
-Your KQL query should return columns that Grafana can use to create annotations:
-
-| Column             | Required    | Description                                                                                      |
-| ------------------ | ----------- | ------------------------------------------------------------------------------------------------ |
-| `TimeGenerated`    | Yes         | The timestamp for the annotation. Grafana uses this to position the annotation on the time axis. |
-| `Text`             | Recommended | The annotation text displayed when you hover over or click the annotation.                       |
-| Additional columns | Optional    | Any other columns returned become annotation tags.                                               |
-
-{{< admonition type="note" >}}
-Always include a time filter in your query to limit results to the dashboard's time range. Use the `$__timeFilter()` macro.
-{{< /admonition >}}
-
-## Annotation query examples
-
-The following examples demonstrate common annotation use cases.
-
-### Azure Activity Log events
-
-Display Azure Activity Log events such as resource modifications, deployments, and administrative actions:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where Level == "Error" or Level == "Warning" or CategoryValue == "Administrative"
-| project TimeGenerated, Text=OperationNameValue, Level, ResourceGroup, Caller
-| order by TimeGenerated desc
-| take 100
-```
-
-### Deployment events
-
-Show deployment-related activity:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where OperationNameValue contains "deployments"
-| project TimeGenerated, Text=strcat("Deployment: ", OperationNameValue), Status=ActivityStatusValue, ResourceGroup
-| order by TimeGenerated desc
-```
-
-### Application Insights exceptions
-
-Mark application exceptions as annotations:
-
-```kusto
-AppExceptions
-| where $__timeFilter(TimeGenerated)
-| project TimeGenerated, Text=strcat(ProblemId, ": ", OuterMessage), SeverityLevel, AppRoleName
-| order by TimeGenerated desc
-| take 50
-```
-
-### Custom events from Application Insights
-
-Display custom events logged by your application:
-
-```kusto
-AppEvents
-| where $__timeFilter(TimeGenerated)
-| where Name == "DeploymentStarted" or Name == "DeploymentCompleted"
-| project TimeGenerated, Text=Name, AppRoleName
-| order by TimeGenerated desc
-```
-
-### Security alerts
-
-Show security-related alerts:
-
-```kusto
-SecurityAlert
-| where $__timeFilter(TimeGenerated)
-| project TimeGenerated, Text=AlertName, Severity=AlertSeverity, Description
-| order by TimeGenerated desc
-| take 50
-```
-
-### Resource health events
-
-Display resource health status changes:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where CategoryValue == "ResourceHealth"
-| project TimeGenerated, Text=OperationNameValue, Status=ActivityStatusValue, ResourceId
-| order by TimeGenerated desc
-```
-
-### VM start and stop events
-
-Mark virtual machine state changes:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where OperationNameValue has_any ("start", "deallocate", "restart")
-| where ResourceProviderValue == "MICROSOFT.COMPUTE"
-| project TimeGenerated, Text=OperationNameValue, VM=Resource, Status=ActivityStatusValue
-| order by TimeGenerated desc
-```
-
-### Autoscale events
-
-Show autoscale operations:
-
-```kusto
-AzureActivity
-| where $__timeFilter(TimeGenerated)
-| where OperationNameValue contains "autoscale"
-| project TimeGenerated, Text=strcat("Autoscale: ", OperationNameValue), Status=ActivityStatusValue, ResourceGroup
-| order by TimeGenerated desc
-```
-
-## Customize annotation appearance
-
-After creating an annotation query, you can customize its appearance:
-
-| Setting       | Description                                                                                              |
-| ------------- | -------------------------------------------------------------------------------------------------------- |
-| **Color**     | Choose a color for the annotation markers. Use different colors to distinguish between annotation types. |
-| **Show in**   | Select which panels display the annotations.                                                             |
-| **Filter by** | Add filters to limit when annotations appear.                                                            |
-
-## Best practices
-
-Follow these recommendations when creating annotations:
-
-1. **Limit results**: Always use `take` or `limit` to restrict the number of annotations. Too many annotations can clutter your dashboard and impact performance.
-
-2. **Use time filters**: Include `$__timeFilter()` to ensure queries only return data within the dashboard's time range.
-
-3. **Create meaningful text**: Use `strcat()` or `project` to create descriptive annotation text that provides context at a glance.
-
-4. **Add relevant tags**: Include columns like `ResourceGroup`, `Severity`, or `Status` that become clickable tags for filtering.
-
-5. **Use descriptive names**: Name your annotations clearly (e.g., "Production Deployments", "Critical Alerts") so dashboard users understand what they represent.
-
-## Troubleshoot annotations
-
-If annotations aren't appearing as expected, try the following solutions.
-
-### Annotations don't appear
-
- Verify the query returns data in the selected time range.
- Check that the query includes a `TimeGenerated` column.
- Test the query in the Azure Portal Log Analytics query editor.
- Ensure the annotation is enabled (toggle is on).
-
-### Too many annotations
-
- Add more specific filters to your query.
- Use `take` to limit results.
- Narrow the time range.
-
-### Annotations appear at wrong times
-
- Verify the `TimeGenerated` column contains the correct timestamp.
- Check your dashboard's timezone settings.
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Todd Treece	07bb48e874	add storage test	2025-12-11 21:22:28 -05:00
Will Browne	306186c4ea	Merge branch 'main' into wb/pluginmeta-local	2025-12-11 16:59:33 +00:00
Will Browne	a28c70bbcc	fix linter	2025-12-11 16:06:27 +00:00
Will Browne	1ebcd2319a	undo var name change	2025-12-11 15:55:17 +00:00
Will Browne	5dc3767854	more tidying	2025-12-11 15:48:26 +00:00
Will Browne	040dbfb5e3	tidy	2025-12-11 15:34:55 +00:00
Will Browne	32d43f5b5d	add gen files	2025-12-11 14:51:09 +00:00
Will Browne	fef9c760a0	merge with main	2025-12-11 14:48:58 +00:00
Will Browne	1fe9a38a2a	add angular + translations	2025-11-27 15:04:20 +00:00
Will Browne	59bf7896f4	Merge branch 'main' into wb/pluginmeta-local	2025-11-27 10:40:45 +00:00
Will Browne	4b4ad544a8	Merge branch 'main' into wb/pluginmeta-local	2025-11-26 16:08:53 +00:00
Will Browne	7e3289f2c9	Merge branch 'main' into wb/pluginmeta-local	2025-11-26 12:24:17 +00:00
Will Browne	0d0b5b757b	fix test + lint issues	2025-11-26 12:14:50 +00:00
Will Browne	c49261cce2	fix another test	2025-11-26 11:54:12 +00:00
Will Browne	d5efce72f3	fix tests	2025-11-26 11:48:13 +00:00
Will Browne	881c81f0b3	flesh out local for demo	2025-11-26 11:28:16 +00:00