tigera · ctauchen · Jan 30, 2026 · Jan 29, 2026
@@ -11,14 +11,34 @@
 
 Dashboards help you see what's going on in your cluster.
 See how your cluster is performing and visualize your system's log data.
+
 ## About dashboards
 
 $[prodname] provides a set of dashboards to help you understand the activity in your cluster.
 Each dashboard is made up of graphs, charts, and diagrams that visually represent the data in your logs.
 
 To view your dashboards, sign in to the web console and click the <IconDashboard width="20" /> **Dashboards** icon.
 
+You can also create your own arrangement by creating a custom dashboard.
+With a custom dashboard, you can combine and arrange cards from any of the other dashboards.
+
+Creating custom dashboards is limited to users with Owner, Admin, or Dashboards Admin permissions.
+
+## Role access to dashboards
+
+The following user roles have access to all information in an organization's dashboards:
+
+* Owner
+* Admin
+* Dashboards Admin
+* Devops
+* Security
+* Viewer
+
+Users with custom roles can access dashboards if they have sufficient permissions.
+
 Not all users have access to dashboards.
+Administrators can limit a user's access to dashboards for a particular cluster or for particular namespaces in a cluster.
 
 ### Cluster Health
 

@@ -18,6 +18,7 @@ But in some cases these global roles can be too broad.
 
 By creating and assigning custom roles, you can be much more discriminating about what permissions you give users.
 For example, you could create a role that allows the user to modify network policy for a particular tier and namespace and gives view access to all other network policies.
+Or you can add permissions for a user to view dashboards that show data from only one namespace in a cluster.
 Permissions are assigned on a cluster-by-cluster basis.
 
 ## Required permissions for common $[prodname] features
@@ -28,7 +29,7 @@ Certain permissions are required for a user to access common $[prodname] feature
 | --| -- | -- |
 | Alerts | &bull; **View Alerts**<br/>and<br/>&bull;**View All Logs** | |
 | Compliance reports | &bull; **View Compliance Reports** | |
-| Dashboard | &bull; **View All Logs**<br/>and<br/>&bull; **View Global Network Sets** or **View Network Sets**<br/>and (optional)<br/>&bull; **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. |
+| Dashboard | &bull; **View All Logs**<br/>and<br/>&bull; **View Global Network Sets** or **View Network Sets**<br/>and (optional)<br/>&bull; **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. Users with **View Network Sets** have access to dashboards that show data only from namespaces that they have been explicitly given access to. |
 | Network policies | &bull; **View** or **Modify Policies**<br/>or<br/>&bull; **View** or **Modify Global Policies**<br/>and (optional)<br/>&bull; **View Audit Logs** or **View All Logs** | The **Policies** permissions apply to one or more namespaces. The **Global Policies** permissions apply to the whole cluster. These permissions are also scoped by [policy tier](../network-policy/policy-tiers/tiered-policy.mdx). <br/> <br/>The optional **View Audit Logs** or **View All Logs** let users view the change history on the policies. |
 | Service graph | &bull; **View All Logs**<br/>and<br/>&bull; **View** or **Modify Network Sets**<br/>and (optional)<br/>&bull; **View** or **Modify Packet Captures** | Network sets can be restricted to a namespace or set to all namespaces to see all flows. |
 | Threat feeds | &bull; **View** or **Modify Threat Feeds** | |

@@ -11,6 +11,7 @@
 
 Dashboards help you see what's going on in your cluster.
 See how your cluster is performing and visualize your system's log data.
+
 ## About dashboards
 
 Calico Cloud provides a set of dashboards to help you understand the activity in your cluster.
@@ -21,8 +22,23 @@
 You can also create your own arrangement by creating a custom dashboard.
 With a custom dashboard, you can combine and arrange cards from any of the other dashboards.
 
+Creating custom dashboards is limited to users with Owner, Admin, or Dashboards Admin permissions.
+
+## Role access to dashboards
+
+The following user roles have access to all information in an organization's dashboards:
+
+* Owner
+* Admin
+* Dashboards Admin
+* Devops
+* Security
+* Viewer
+
+Users with custom roles can access dashboards if they have sufficient permissions.
+
 Not all users have access to dashboards.
-Creating custom dashboards is limited to administrators.
+Administrators can limit a user's access to dashboards for a particular cluster or for particular namespaces in a cluster.
 
 ### Cluster Health
 

@@ -11,7 +11,18 @@
 
 #### Feature 1
 
-#### Feature 2
+#### Namespaced access to dashboards
+
+Administrators can now provide users with namespaced access to dashboards.
+This ensures that users view logs and information only for the specific areas they are authorized to manage.
+Namespaced access to dashboards can be managed by specifying namespaces in the **View Network Sets** custom role permission.
+
+:::important
+Changes in this release may cause some users to lose access to dashboard data.
+To restore access, administrators must edit users' custom roles to add the **View Global Network Sets** permission or the **View Network Sets** permission with the appropriate namespaces.
+:::
+
+For more information, see [Create and assign custom roles](../users/create-and-assign-custom-roles.mdx).
 
 #### Feature 3
 

@@ -18,6 +18,7 @@ But in some cases these global roles can be too broad.
 
 By creating and assigning custom roles, you can be much more discriminating about what permissions you give users.
 For example, you could create a role that allows the user to modify network policy for a particular tier and namespace and gives view access to all other network policies.
+Or you can add permissions for a user to view dashboards that show data from only one namespace in a cluster.
 Permissions are assigned on a cluster-by-cluster basis.
 
 ## Required permissions for common $[prodname] features
@@ -28,7 +29,7 @@ Certain permissions are required for a user to access common $[prodname] feature
 | --| -- | -- |
 | Alerts | &bull; **View Alerts**<br/>and<br/>&bull;**View All Logs** | |
 | Compliance reports | &bull; **View Compliance Reports** | |
-| Dashboard | &bull; **View All Logs**<br/>and<br/>&bull; **View Global Network Sets** or **View Network Sets**<br/>and (optional)<br/>&bull; **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. |
+| Dashboard | &bull; **View All Logs**<br/>and<br/>&bull; **View Global Network Sets** or **View Network Sets**<br/>and (optional)<br/>&bull; **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. Users with **View Network Sets** have access to dashboards that show data only from namespaces that they have been explicitly given access to. |
 | Network policies | &bull; **View** or **Modify Policies**<br/>or<br/>&bull; **View** or **Modify Global Policies**<br/>and (optional)<br/>&bull; **View Audit Logs** or **View All Logs** | The **Policies** permissions apply to one or more namespaces. The **Global Policies** permissions apply to the whole cluster. These permissions are also scoped by [policy tier](../network-policy/policy-tiers/tiered-policy.mdx). <br/> <br/>The optional **View Audit Logs** or **View All Logs** let users view the change history on the policies. |
 | Service graph | &bull; **View All Logs**<br/>and<br/>&bull; **View** or **Modify Network Sets**<br/>and (optional)<br/>&bull; **View** or **Modify Packet Captures** | Network sets can be restricted to a namespace or set to all namespaces to see all flows. |
 | Threat feeds | &bull; **View** or **Modify Threat Feeds** | |