grafana/docs/sources/permissions/overview.md

+++
title = "Overview"
description = "Overview for permissions"
keywords = ["grafana", "configuration", "documentation", "admin", "users", "datasources", "permissions"]
type = "docs"
aliases = ["/docs/grafana/latest/reference/admin", "/docs/grafana/latest/administration/permissions/"]
[menu.docs]
name = "Overview"
identifier = "overview-permissions"
parent = "permissions"
weight = 1
+++

# Permissions Overview

Grafana users have permissions that are determined by their:

- **Organization Role** (Admin, Editor, Viewer)
- Via **Team** memberships where the **Team** has been assigned specific permissions.
- Via permissions assigned directly to user (on folders, dashboards, data sources)
- The Grafana Admin (i.e. Super Admin) user flag.

## Users

Grafana supports a wide variety of internal and external ways for users to authenticate themselves. These include from its own integrated database, from an external SQL server, or from an external LDAP server.

## Grafana Admin

This admin flag makes user a `Super Admin`. This means they can access the `Server Admin` views where all users and organizations can be administrated.

## Organization Roles

Users can belong to one or more organizations. A user's organization membership is tied to a role that defines what the user is allowed to do
in that organization. Grafana supports multiple *organizations* in order to support a wide variety of deployment models, including using a single Grafana instance to provide service to multiple potentially untrusted organizations.

In most cases, Grafana is deployed with a single organization.

Each organization can have one or more data sources.

All dashboards are owned by a particular organization.

 > Note: Most metric databases do not provide per-user series authentication. This means that organization data sources and dashboards are available to all users in a particular organization.

Refer to [Organization roles]({{< relref "../permissions/organization_roles.md" >}}) for more information.


## Dashboard and Folder Permissions

Dashboard and folder permissions allow you to remove the default role based permissions for Editors and Viewers and assign permissions to specific **Users** and **Teams**. Learn more about [Dashboard and Folder Permissions]({{< relref "dashboard_folder_permissions.md" >}}).

## Data source permissions

Per default, a data source in an organization can be queried by any user in that organization. For example a user with `Viewer` role can still
issue any possible query to a data source, not just those queries that exist on dashboards he/she has access to.

Data source permissions allows you to change the default permissions for data sources and restrict query permissions to specific **Users** and **Teams**. Read more about [data source permissions]({{< relref "../enterprise/datasource_permissions.md" >}}).
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`+++`
			`title = "Overview"`
			`description = "Overview for permissions"`
			`keywords = ["grafana", "configuration", "documentation", "admin", "users", "datasources", "permissions"]`
			`type = "docs"`
Docs: Fix aliases/redirects (#21241) Makes all aliases rooted to /docs/grafana/latest. Fixes #21240 2019-12-30 01:17:03 -06:00			`aliases = ["/docs/grafana/latest/reference/admin", "/docs/grafana/latest/administration/permissions/"]`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`[menu.docs]`
			`name = "Overview"`
			`identifier = "overview-permissions"`
			`parent = "permissions"`
			`weight = 1`
			`+++`

			`# Permissions Overview`

			`Grafana users have permissions that are determined by their:`

			`- Organization Role (Admin, Editor, Viewer)`
			`- Via Team memberships where the Team has been assigned specific permissions.`
Docs: Minor edits to the README and several md files (#19238) * Update README.md Capitalized the G and S in "Getting Started," and moved "guide" to match the section title in the docs. * Fixed sentence structure. Changed "download" to "grafana.com/get" and changed "get" to "download". * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) 2019-09-19 17:04:56 -05:00			`- Via permissions assigned directly to user (on folders, dashboards, data sources)`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`- The Grafana Admin (i.e. Super Admin) user flag.`

Add docs for user management (#24277) * Add docs for user management * WIP 2020-05-08 10:33:59 -05:00			`## Users`
Docs: Organize basic concepts and getting started (#21859) * Update shortcuts.md Removed content that was out-of-date and redundant with the UI. * Added panels.md * Added dashboards.md * Added data-sources.md * Update data-sources.md * Sorted basic concepts into other topics * Update docs/sources/menu.yaml Co-Authored-By: Marcus Olsson <accounts+github@marcus.se.net> * Update panels.md * Update data-sources.md Co-authored-by: Marcus Olsson <accounts+github@marcus.se.net> 2020-02-13 15:04:05 -06:00
			`Grafana supports a wide variety of internal and external ways for users to authenticate themselves. These include from its own integrated database, from an external SQL server, or from an external LDAP server.`

restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`## Grafana Admin`

Docs: Grammar corrections line 31 : makes user a superadmin : multiple use of 'a' can be avoided for better reading line 35: User can belong to : remove 'be' it is incorrect line 51: allow you : typo correction 2020-03-11 02:42:23 -05:00			This admin flag makes user a `Super Admin`. This means they can access the `Server Admin` views where all users and organizations can be administrated.
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
			`## Organization Roles`

Docs: Grammar corrections line 31 : makes user a superadmin : multiple use of 'a' can be avoided for better reading line 35: User can belong to : remove 'be' it is incorrect line 51: allow you : typo correction 2020-03-11 02:42:23 -05:00			`Users can belong to one or more organizations. A user's organization membership is tied to a role that defines what the user is allowed to do`
Docs: Organize basic concepts and getting started (#21859) * Update shortcuts.md Removed content that was out-of-date and redundant with the UI. * Added panels.md * Added dashboards.md * Added data-sources.md * Update data-sources.md * Sorted basic concepts into other topics * Update docs/sources/menu.yaml Co-Authored-By: Marcus Olsson <accounts+github@marcus.se.net> * Update panels.md * Update data-sources.md Co-authored-by: Marcus Olsson <accounts+github@marcus.se.net> 2020-02-13 15:04:05 -06:00			`in that organization. Grafana supports multiple organizations in order to support a wide variety of deployment models, including using a single Grafana instance to provide service to multiple potentially untrusted organizations.`

			`In most cases, Grafana is deployed with a single organization.`

			`Each organization can have one or more data sources.`

			`All dashboards are owned by a particular organization.`

			`> Note: Most metric databases do not provide per-user series authentication. This means that organization data sources and dashboards are available to all users in a particular organization.`

			`Refer to [Organization roles]({{< relref "../permissions/organization_roles.md" >}}) for more information.`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00

Docs: Replace ampersands with and (#19609) 2019-10-03 11:20:52 -05:00			`## Dashboard and Folder Permissions`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
Docs: Grammar corrections line 31 : makes user a superadmin : multiple use of 'a' can be avoided for better reading line 35: User can belong to : remove 'be' it is incorrect line 51: allow you : typo correction 2020-03-11 02:42:23 -05:00			`Dashboard and folder permissions allow you to remove the default role based permissions for Editors and Viewers and assign permissions to specific Users and Teams. Learn more about [Dashboard and Folder Permissions]({{< relref "dashboard_folder_permissions.md" >}}).`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
Docs: Minor edits to the README and several md files (#19238) * Update README.md Capitalized the G and S in "Getting Started," and moved "guide" to match the section title in the docs. * Fixed sentence structure. Changed "download" to "grafana.com/get" and changed "get" to "download". * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) 2019-09-19 17:04:56 -05:00			`## Data source permissions`
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00
Docs: Minor edits to the README and several md files (#19238) * Update README.md Capitalized the G and S in "Getting Started," and moved "guide" to match the section title in the docs. * Fixed sentence structure. Changed "download" to "grafana.com/get" and changed "get" to "download". * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) * Docs: Replace "datasources" with "data sources" (#19111) 2019-09-19 17:04:56 -05:00			Per default, a data source in an organization can be queried by any user in that organization. For example a user with `Viewer` role can still
restructure administration/permissions page into a section with sub pages 2018-10-30 12:43:54 -05:00			`issue any possible query to a data source, not just those queries that exist on dashboards he/she has access to.`

Docs: Update overview.md (#25672) Updated a link. 2020-06-17 13:15:41 -05:00			`Data source permissions allows you to change the default permissions for data sources and restrict query permissions to specific Users and Teams. Read more about [data source permissions]({{< relref "../enterprise/datasource_permissions.md" >}}).`