diff --git a/calico-cloud/observability/dashboards.mdx b/calico-cloud/observability/dashboards.mdx
index 36ffcf2e62..2066482832 100644
--- a/calico-cloud/observability/dashboards.mdx
+++ b/calico-cloud/observability/dashboards.mdx
@@ -11,6 +11,7 @@ import IconGripLines from '/img/icons/grip-lines.svg';
Dashboards help you see what's going on in your cluster.
See how your cluster is performing and visualize your system's log data.
+
## About dashboards
$[prodname] provides a set of dashboards to help you understand the activity in your cluster.
@@ -18,7 +19,24 @@ Each dashboard is made up of graphs, charts, and diagrams that visually represen
To view your dashboards, sign in to the web console and click the **Dashboards** icon.
-Not all users have access to dashboards.
+You can also create your own arrangement by creating a custom dashboard.
+With a custom dashboard, you can combine and arrange cards from any of the other dashboards.
+
+Creating custom dashboards is limited to users with Owner, Admin, or Dashboards Admin permissions.
+
+## Role access to dashboards
+
+The following user roles have access to all information in an organization's dashboards:
+
+* Owner
+* Admin
+* Dashboards Admin
+* Devops
+* Security
+* Viewer
+
+Users must be assigned one of the standard roles above, or a custom role with dashboard permissions, to access dashboards.
+Administrators can limit dashboard access for custom roles, for example to specific clusters or namespaces in a cluster.
### Cluster Health
diff --git a/calico-cloud/observability/kibana.mdx b/calico-cloud/observability/kibana.mdx
index 3dd17e077b..6b12672014 100644
--- a/calico-cloud/observability/kibana.mdx
+++ b/calico-cloud/observability/kibana.mdx
@@ -4,6 +4,14 @@ description: Learn the basics of using Elasticsearch logs and Kibana to gain vis
# Kibana dashboards and logs
+:::warning[deprecation and removal notice]
+
+Kibana dashboards are deprecated and will be removed in an upcoming release.
+During the deprecation period, you will have read-only access to Kibana dashboards.
+You can still [create custom dashboards](create-custom-dashboard.mdx) using Calico Cloud's built-in dashboards.
+
+:::
+
## Kibana
Kibana is the frontend for $[prodname] Elasticsearch, which is the logging infrastructure that centrally stores logs from all managed clusters. Kibana provides an interface to explore Elasticsearch logs and gain insights into workload communication traffic volume, performance, and other key aspects of cluster operations. Log data is also summarized in custom dashboards.
diff --git a/calico-cloud/users/create-and-assign-custom-roles.mdx b/calico-cloud/users/create-and-assign-custom-roles.mdx
index a0c35e0f73..59aa5c69b0 100644
--- a/calico-cloud/users/create-and-assign-custom-roles.mdx
+++ b/calico-cloud/users/create-and-assign-custom-roles.mdx
@@ -18,6 +18,7 @@ But in some cases these global roles can be too broad.
By creating and assigning custom roles, you can be much more discriminating about what permissions you give users.
For example, you could create a role that allows the user to modify network policy for a particular tier and namespace and gives view access to all other network policies.
+Or you can add permissions for a user to view dashboards that show data from only one namespace in a cluster.
Permissions are assigned on a cluster-by-cluster basis.
## Required permissions for common $[prodname] features
@@ -28,7 +29,7 @@ Certain permissions are required for a user to access common $[prodname] feature
| --| -- | -- |
| Alerts | • **View Alerts**
and
•**View All Logs** | |
| Compliance reports | • **View Compliance Reports** | |
-| Dashboard | • **View All Logs**
and
• **View Global Network Sets** or **View Network Sets**
and (optional)
• **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. |
+| Dashboard | • **View All Logs**
and
• **View Global Network Sets** or **View Network Sets**
and (optional)
• **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. Users with **View Network Sets** have access to dashboards that show data only from namespaces that they have been explicitly given access to. |
| Network policies | • **View** or **Modify Policies**
or
• **View** or **Modify Global Policies**
and (optional)
• **View Audit Logs** or **View All Logs** | The **Policies** permissions apply to one or more namespaces. The **Global Policies** permissions apply to the whole cluster. These permissions are also scoped by [policy tier](../network-policy/policy-tiers/tiered-policy.mdx).
The optional **View Audit Logs** or **View All Logs** let users view the change history on the policies. |
| Service graph | • **View All Logs**
and
• **View** or **Modify Network Sets**
and (optional)
• **View** or **Modify Packet Captures** | Network sets can be restricted to a namespace or set to all namespaces to see all flows. |
| Threat feeds | • **View** or **Modify Threat Feeds** | |
diff --git a/calico-cloud_versioned_docs/version-22-2/observability/dashboards.mdx b/calico-cloud_versioned_docs/version-22-2/observability/dashboards.mdx
index b2a782f1c9..3ffe03485b 100644
--- a/calico-cloud_versioned_docs/version-22-2/observability/dashboards.mdx
+++ b/calico-cloud_versioned_docs/version-22-2/observability/dashboards.mdx
@@ -11,6 +11,7 @@ import IconGripLines from '/img/icons/grip-lines.svg';
Dashboards help you see what's going on in your cluster.
See how your cluster is performing and visualize your system's log data.
+
## About dashboards
Calico Cloud provides a set of dashboards to help you understand the activity in your cluster.
@@ -21,8 +22,21 @@ To view your dashboards, sign in to the web console and click the February 3, 2026 (web console update)
+
+### New features and enhancements
+
+#### Feature 1
+
+#### Namespaced access to dashboards
+
+Administrators can now provide users with namespaced access to dashboards.
+This ensures that users view logs and information only for the specific areas they are authorized to manage.
+Namespaced access to dashboards can be managed by specifying namespaces in the **View Network Sets** custom role permission.
+
+:::important
+Changes in this release may cause some users to lose access to dashboard data.
+To restore access, administrators must edit users' custom roles to add the **View Global Network Sets** permission or the **View Network Sets** permission with the appropriate namespaces.
+:::
+
+For more information, see [Create and assign custom roles](../users/create-and-assign-custom-roles.mdx).
+
+### Deprecated and removed features
+
+* Kibana dashboards are deprecated and will be removed in an upcoming release.
+ During the deprecation period, you will have read-only access to Kibana dashboards.
+ You can still [create custom dashboards](../observability/create-custom-dashboard.mdx) using Calico Cloud's built-in dashboards.
+
+### Bug fixes
+
+* TBD
+
December 1, 2025 (version 22.1.0)
### New features and enhancements
diff --git a/calico-cloud_versioned_docs/version-22-2/users/create-and-assign-custom-roles.mdx b/calico-cloud_versioned_docs/version-22-2/users/create-and-assign-custom-roles.mdx
index a0c35e0f73..59aa5c69b0 100644
--- a/calico-cloud_versioned_docs/version-22-2/users/create-and-assign-custom-roles.mdx
+++ b/calico-cloud_versioned_docs/version-22-2/users/create-and-assign-custom-roles.mdx
@@ -18,6 +18,7 @@ But in some cases these global roles can be too broad.
By creating and assigning custom roles, you can be much more discriminating about what permissions you give users.
For example, you could create a role that allows the user to modify network policy for a particular tier and namespace and gives view access to all other network policies.
+Or you can add permissions for a user to view dashboards that show data from only one namespace in a cluster.
Permissions are assigned on a cluster-by-cluster basis.
## Required permissions for common $[prodname] features
@@ -28,7 +29,7 @@ Certain permissions are required for a user to access common $[prodname] feature
| --| -- | -- |
| Alerts | • **View Alerts**
and
•**View All Logs** | |
| Compliance reports | • **View Compliance Reports** | |
-| Dashboard | • **View All Logs**
and
• **View Global Network Sets** or **View Network Sets**
and (optional)
• **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. |
+| Dashboard | • **View All Logs**
and
• **View Global Network Sets** or **View Network Sets**
and (optional)
• **View Compliance Reports** | These permissions are required for the dashboard to fully populate. All users are granted limited dashboard metrics by having access to a cluster. Users with **View Network Sets** have access to dashboards that show data only from namespaces that they have been explicitly given access to. |
| Network policies | • **View** or **Modify Policies**
or
• **View** or **Modify Global Policies**
and (optional)
• **View Audit Logs** or **View All Logs** | The **Policies** permissions apply to one or more namespaces. The **Global Policies** permissions apply to the whole cluster. These permissions are also scoped by [policy tier](../network-policy/policy-tiers/tiered-policy.mdx).
The optional **View Audit Logs** or **View All Logs** let users view the change history on the policies. |
| Service graph | • **View All Logs**
and
• **View** or **Modify Network Sets**
and (optional)
• **View** or **Modify Packet Captures** | Network sets can be restricted to a namespace or set to all namespaces to see all flows. |
| Threat feeds | • **View** or **Modify Threat Feeds** | |