[Feature] Authentication & Authorization limitations block SkyWalking adoption in large-scale banking environment (Tracing via Grafana?)

[aliebrahimy]

Search before asking

• I had searched in the issues and found no similar feature requirement.

Description

Hello SkyWalking team 👋,

First of all, thank you for the great work on Apache SkyWalking.
We are currently evaluating SkyWalking as the main APM and observability platform in our organization, but we have encountered a critical blocker related to authentication and authorization.

Background

We are a large-scale banking organization with approximately 2000 servers and strict security and compliance requirements.
Due to the lack of built-in authentication and authorization mechanisms in SkyWalking (especially for UI and query access), our security team does not allow us to expose or adopt SkyWalking directly in our monitoring stack.

As a result, the migration of our enterprise monitoring system to SkyWalking is currently blocked.

Current Idea / Workaround

One workaround we are considering is:

Do NOT expose SkyWalking UI

Use Grafana as the only published UI

Rely on Grafana’s authentication & authorization mechanisms (LDAP / SSO / RBAC)

Connect Grafana to SkyWalking as a data source

This approach is more acceptable to our security team.

Problem with Tracing

While metrics and dashboards can be handled via Grafana, distributed tracing is a major concern:

As far as we know, Grafana does not fully support SkyWalking tracing features

We are especially concerned about TraceQL / trace querying / trace exploration

It is unclear whether:

Grafana currently supports SkyWalking tracing at all

TraceQL (or an equivalent) is supported or planned

There is a recommended way to visualize and query traces from SkyWalking inside Grafana

Questions

Is there an official or recommended way to visualize SkyWalking traces in Grafana?

Does Grafana support TraceQL (or SkyWalking trace query capabilities) today?

If not:

Is this support planned on the SkyWalking side or Grafana side?

Is there any ETA or roadmap?

Are there other recommended solutions or patterns for:

Securing SkyWalking in enterprise / banking environments

Providing authentication & authorization without exposing SkyWalking UI directly

Why this matters

SkyWalking fits our technical needs very well, but security compliance is mandatory in our environment.
Without a clear solution for authentication or a Grafana-based tracing strategy, it is difficult for us to move forward with SkyWalking adoption at enterprise scale.

Any guidance, best practices, or roadmap insights would be greatly appreciated 🙏

Thank you for your time and support.

Use case

No response

Related issues

No response

Are you willing to submit a pull request to implement this on your own?

• Yes I am willing to submit a pull request on my own!

Code of Conduct

• I agree to follow this project's Code of Conduct