Giam is a lightweight, proxy-based solution that controls access to your dashboards and logs and metrics at a fine-grained level. It enforces Label-Based Access Control (LBAC), enabling you to define exactly who can view specific data sources, queries, or even labels. GIAM is specifically designed to work with open-source monitoring and visualization tools (like Grafana) without requiring complex enterprise add-ons or licensing.

GIAM is optimized to introduce minimal overhead. It intercepts requests and applies rules without heavy processing, so most teams see negligible latency increases.

In typical setups, network latency or the complexity of the underlying dashboards/log queries themselves often overshadow GIAM’s added proxy step.

For high-traffic environments, Giam always scales whether you've selected the self hosting option or not.

GIAM uses a subscription-based model with different tiers, so you can pick the plan that fits your team size and usage needs.

Even at the entry level, you get the core LBAC functionality - no hidden fees or forced enterprise upgrades.

For more complex environments, we also offer higher tiers with added support or feature sets. You can explore detailed pricing options on our pricing page or reach out to our team for a custom quote if you have specific requirements.

GIAM is deployed as a proxy between your users and your monitoring platform. You install and configure GIAM on a server (or container environment), then point your team’s access to GIAM instead of directly to your dashboards.

GIAM intercepts requests, applies your access rules, and forwards approved queries to your existing tools. This approach requires minimal changes to your existing infrastructure - no need to modify source code or install plug-ins.

LBAC enforces permissions at the query level, ensuring that only authorized users or teams can access specific data.

Access rules are defined in the portal, where you have full control over who can query which data sources. You can customize the level of access and the granularity of enforcement to fit your security needs.

This approach provides fine-grained security without relying solely on broad role-based permissions, making it easier to tailor access based on actual user needs.

Absolutely. GIAM is designed to manage access across multiple teams or even clients in a multi-tenant setup.

You can define separate rulesets or “layers” for different groups, specify which dashboards or data sources each group can see, and even enforce per-query restrictions based on labels.

This flexibility makes it easy to keep data securely segmented and relevant to each user or tenant.

GIAM primarily acts as a pass-through proxy.

It doesn’t store the actual data or logs your users query. The only persistent information GIAM maintains is your access control configurations (e.g., rules you define through the UI) and basic operational data necessary to manage sessions. This design ensures that sensitive metrics and logs remain in your existing storage systems, minimizing risk and complexity.

GIAM intercepts requests to data sources - like: Prometheus; Thanos; Loki; or InfluxDB, and applies your configured access rules before forwarding them on.

You specify which teams can query which data source and under what conditions, giving you precise control over what metrics or logs each user sees.

Our UI guides you to configure your setup to achieve your desired behavior. We have an experienced support team on standby, ready to help with any queries. We also have a comprehensive guide to help you through typical scenarios—from defining team-based access to more advanced label-based restrictions.