AdvisorHello @Jeroen Gouma,
I don't know if this is the best solution but, we had a similar need in the past. We have a data source that discovers different instances (one per client essentially).
Since Roles don't allow you to drill down to Instance level permissions, what we ended up doing was instead of giving any access to the actual resource that owns the data source, we've created 'Services' that only grab select the specific instances/metrics we want (created a group of service per customer), then on the 'Roles' you can give read/manage permissions for that service only (on a per customer role basis).
Not sure if I was clear enough on my explanation but, that's how we ended up doing.
Thanks!
