Grafana Enterprise Logs (GEL) 1.1 introduces label-based access control (LBAC), a feature designed to enhance security by allowing organizations to enforce fine-grained access permissions on log data. This functionality is part of Grafana Labs' broader initiative to provide detailed access control across its products, making it possible for users to limit log access based on specific label requirements, which is particularly useful for protecting sensitive information like personally identifiable information (PII). LBAC, which mirrors a similar feature in Grafana Enterprise Metrics (GEM), enables users to establish access policies that permit log queries only if certain label criteria are met, thereby reducing the amount of data processed and improving query efficiency. This feature underwent five months of development and rigorous testing to ensure reliability, with special attention given to the proper transmission of label matchers across system components. Despite its complexity, LBAC offers flexibility in specifying labels through logical and regular expressions, allowing for precise control over log data access, as demonstrated in Grafana Labs' own billing cluster.