grafana/docs/sources/http_api/dashboard_permissions.md

+++
title = "Dashboard Permissions HTTP API "
description = "Grafana Dashboard Permissions HTTP API"
keywords = ["grafana", "http", "documentation", "api", "dashboard", "permission", "permissions", "acl"]
aliases = ["/docs/grafana/latest/http_api/dashboardpermissions/"]
+++

# Dashboard Permissions API

This API can be used to update/get the permissions for a dashboard.

Permissions with `dashboardId=-1` are the default permissions for users with the Viewer and Editor roles. Permissions can be set for a user, a team or a role (Viewer or Editor). Permissions cannot be set for Admins - they always have access to everything.

The permission levels for the permission field:

- 1 = View
- 2 = Edit
- 4 = Admin

## Get permissions for a dashboard

`GET /api/dashboards/id/:dashboardId/permissions`

Gets all existing permissions for the dashboard with the given `dashboardId`.

**Example request**:

```http
GET /api/dashboards/id/1/permissions HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```

**Example Response**

```http
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 551

[
  {
    "id": 1,
    "dashboardId": -1,
    "created": "2017-06-20T02:00:00+02:00",
    "updated": "2017-06-20T02:00:00+02:00",
    "userId": 0,
    "userLogin": "",
    "userEmail": "",
    "teamId": 0,
    "team": "",
    "role": "Viewer",
    "permission": 1,
    "permissionName": "View",
    "uid": "",
    "title": "",
    "slug": "",
    "isFolder": false,
    "url": ""
  },
  {
    "id": 2,
    "dashboardId": -1,
    "created": "2017-06-20T02:00:00+02:00",
    "updated": "2017-06-20T02:00:00+02:00",
    "userId": 0,
    "userLogin": "",
    "userEmail": "",
    "teamId": 0,
    "team": "",
    "role": "Editor",
    "permission": 2,
    "permissionName": "Edit",
    "uid": "",
    "title": "",
    "slug": "",
    "isFolder": false,
    "url": ""
  }
]
```

Status Codes:

- **200** - Ok
- **401** - Unauthorized
- **403** - Access denied
- **404** - Dashboard not found

## Update permissions for a dashboard

`POST /api/dashboards/id/:dashboardId/permissions`

Updates permissions for a dashboard. This operation will remove existing permissions if they're not included in the request.

**Example request**:

```http
POST /api/dashboards/id/1/permissions
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "items": [
    {
      "role": "Viewer",
      "permission": 1
    },
    {
      "role": "Editor",
      "permission": 2
    },
    {
      "teamId": 1,
      "permission": 1
    },
    {
      "userId": 11,
      "permission": 4
    }
  ]
}
```

JSON body schema:

- **items** - The permission items to add/update. Items that are omitted from the list will be removed.

**Example response**:

```http
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message":"Dashboard permissions updated"}
```

Status Codes:

- **200** - Ok
- **401** - Unauthorized
- **403** - Access denied
- **404** - Dashboard not found
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`+++`
			`title = "Dashboard Permissions HTTP API "`
			`description = "Grafana Dashboard Permissions HTTP API"`
			`keywords = ["grafana", "http", "documentation", "api", "dashboard", "permission", "permissions", "acl"]`
Docs: Fix aliases/redirects (#21241) Makes all aliases rooted to /docs/grafana/latest. Fixes #21240 2019-12-30 01:17:03 -06:00			`aliases = ["/docs/grafana/latest/http_api/dashboardpermissions/"]`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`+++`

docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			`# Dashboard Permissions API`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`This API can be used to update/get the permissions for a dashboard.`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			Permissions with `dashboardId=-1` are the default permissions for users with the Viewer and Editor roles. Permissions can be set for a user, a team or a role (Viewer or Editor). Permissions cannot be set for Admins - they always have access to everything.
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
			`The permission levels for the permission field:`

			`- 1 = View`
			`- 2 = Edit`
			`- 4 = Admin`

docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`## Get permissions for a dashboard`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`GET /api/dashboards/id/:dashboardId/permissions`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			Gets all existing permissions for the dashboard with the given `dashboardId`.
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			`Example request:`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
			```http
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`GET /api/dashboards/id/1/permissions HTTP/1.1`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`Accept: application/json`
			`Content-Type: application/json`
			`Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk`
			```

			`Example Response`

			```http
			`HTTP/1.1 200 OK`
			`Content-Type: application/json; charset=UTF-8`
			`Content-Length: 551`

			`[`
			`{`
			`"id": 1,`
			`"dashboardId": -1,`
			`"created": "2017-06-20T02:00:00+02:00",`
			`"updated": "2017-06-20T02:00:00+02:00",`
			`"userId": 0,`
			`"userLogin": "",`
			`"userEmail": "",`
			`"teamId": 0,`
			`"team": "",`
			`"role": "Viewer",`
			`"permission": 1,`
			`"permissionName": "View",`
			`"uid": "",`
			`"title": "",`
			`"slug": "",`
			`"isFolder": false,`
			`"url": ""`
			`},`
			`{`
			`"id": 2,`
			`"dashboardId": -1,`
			`"created": "2017-06-20T02:00:00+02:00",`
			`"updated": "2017-06-20T02:00:00+02:00",`
			`"userId": 0,`
			`"userLogin": "",`
			`"userEmail": "",`
			`"teamId": 0,`
			`"team": "",`
			`"role": "Editor",`
			`"permission": 2,`
			`"permissionName": "Edit",`
			`"uid": "",`
			`"title": "",`
			`"slug": "",`
			`"isFolder": false,`
			`"url": ""`
			`}`
			`]`
			```

			`Status Codes:`

			`- 200 - Ok`
docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			`- 401 - Unauthorized`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`- 403 - Access denied`
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`- 404 - Dashboard not found`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`## Update permissions for a dashboard`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`POST /api/dashboards/id/:dashboardId/permissions`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`Updates permissions for a dashboard. This operation will remove existing permissions if they're not included in the request.`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			`Example request:`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
			```http
docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`POST /api/dashboards/id/1/permissions`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`Accept: application/json`
			`Content-Type: application/json`
			`Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk`

Update dashboard_permissions.md miss { in repsponse 2018-05-10 21:19:28 -05:00			`{`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`"items": [`
			`{`
			`"role": "Viewer",`
			`"permission": 1`
			`},`
			`{`
			`"role": "Editor",`
			`"permission": 2`
			`},`
			`{`
			`"teamId": 1,`
			`"permission": 1`
			`},`
			`{`
			`"userId": 11,`
			`"permission": 4`
			`}`
			`]`
			`}`
			```

			`JSON body schema:`

docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			`- items - The permission items to add/update. Items that are omitted from the list will be removed.`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00
			`Example response:`

			```http
			`HTTP/1.1 200 OK`
			`Content-Type: application/json; charset=UTF-8`
			`Content-Length: 35`

docs: dashboard and folder permissions http api 2018-02-21 06:09:54 -06:00			`{"message":"Dashboard permissions updated"}`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			```

			`Status Codes:`

			`- 200 - Ok`
docs: update dashboard permissions http api docs 2018-02-12 07:50:35 -06:00			`- 401 - Unauthorized`
docs: adds http api dashboard permissions 2018-02-05 10:12:22 -06:00			`- 403 - Access denied`
			`- 404 - Dashboard not found`