Provisioning: Update accesscontrol sample file

2025-01-26 08:16:59 -06:00 · 2021-06-02 17:22:34 +02:00 · 2021-06-02 17:22:34 +02:00 · 134dba5101
commit 134dba5101
parent 7aee0deb38
2 changed files with 45 additions and 20 deletions
--- a/conf/provisioning/access-control/sample.yaml
+++ b/conf/provisioning/access-control/sample.yaml
@ -3,37 +3,42 @@

 # # list of default built-in role assignments that should be removed
 # removeDefaultAssignments:
-#   # <string, required>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin`
+#   # <string>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin`
 #   - builtInRole: "Grafana Admin"
-#     # <string, required>, must be one of the existing predefined roles
-#     predefinedRole: "grafana:roles:permissions:admin"
+#     # <string>, must be one of the existing fixed roles
+#     fixedRole: "fixed:permissions:admin"

 # # list of default built-in role assignments that should be added back
 # addDefaultAssignments:
-#   # <string, required>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin`
+#   # <string>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin`
 #   - builtInRole: "Admin"
-#     # <string, required>, must be one of the existing predefined roles
-#     predefinedRole: "grafana:roles:reporting:admin:read"
+#     # <string>, must be one of the existing fixed roles
+#     fixedRole: "fixed:reporting:admin:read"
    
 # # list of roles that should be deleted
 # deleteRoles:
 #   # <string> name of the role you want to create. Required if no uid is set
-#   - name: "custom:roles:reporting:admin:edit"
+#   - name: "custom:reports:editor"
 #     # <string> uid of the role. Required if no name
-#     uid: customrolesreportingadminedit
+#     uid: "customreportseditor1"
 #     # <int> org id. will default to Grafana's default if not specified
 #     orgId: 1
 #     # <bool> force deletion revoking all grants of the role
 #     force: true
+#   - name: "custom:global:reports:reader"
+#     uid: "customglobalreportsreader1"
+#     # <bool> overwrite org id and removes a global role
+#     global: true
+#     force: true

 # # list of roles to insert/update depending on what is available in the database
 # roles:
 #   # <string, required> name of the role you want to create. Required
-#   - name: custom:roles:users:editor
+#   - name: "custom:users:editor"
 #     # <string> uid of the role. Has to be unique for all orgs.
-#     uid: customrolesuserseditor
+#     uid: customuserseditor1
 #     # <string> description of the role, informative purpose only.
-#     description: "Role to allow users to create/read/write users"
+#     description: "Role for our custom user editors"
 #     # <int> version of the role, Grafana will update the role when increased
 #     version: 2
 #     # <int> org id. will default to Grafana's default if not specified
@ -51,6 +56,21 @@
 #     # <list> list of builtIn roles the role should be assigned to
 #     builtInRoles:
 #       # <string, required> name of the builtin role you want to assign the role to
-#       - name: "Admin"
+#       - name: "Editor"
 #         # <int> org id. will default to the role org id
-#         orgId: 1
+#         orgId: 1        
+#   - name: "custom:global:users:reader"
+#     uid: "customglobalusersreader1"
+#     description: "Global Role for custom user readers"
+#     version: 1
+#     # <bool> overwrite org id and creates a global role
+#     global: true
+#     permissions:
+#       - action: "users:read"
+#         scope: "users:*"
+#     builtInRoles:
+#       - name: "Viewer"
+#         orgId: 1        
+#       - name: "Editor"
+#         # <bool> overwrite org id and assign role globally
+#         global: true
--- a/docs/sources/enterprise/access-control/provisioning.md
+++ b/docs/sources/enterprise/access-control/provisioning.md
@ -174,20 +174,25 @@ addDefaultAssignments:
 # list of roles that should be deleted
 deleteRoles:
  # <string> name of the role you want to create. Required if no uid is set
-  - name: ReportEditor
+  - name: "custom:reports:editor"
    # <string> uid of the role. Required if no name
-    uid: reporteditor1
+    uid: "customreportseditor1"
    # <int> org id. will default to Grafana's default if not specified
    orgId: 1
    # <bool> force deletion revoking all grants of the role
    force: true
+  - name: "custom:global:reports:reader"
+    uid: "customglobalreportsreader1"
+    # <bool> overwrite org id and removes a global role
+    global: true
+    force: true

 # list of roles to insert/update depending on what is available in the database
 roles:
  # <string, required> name of the role you want to create. Required
-  - name: CustomEditor
+  - name: "custom:users:editor"
    # <string> uid of the role. Has to be unique for all orgs.
-    uid: customeditor1
+    uid: customuserseditor1
    # <string> description of the role, informative purpose only.
    description: "Role for our custom user editors"
    # <int> version of the role, Grafana will update the role when increased
@ -210,9 +215,9 @@ roles:
      - name: "Editor"
        # <int> org id. will default to the role org id
        orgId: 1        
-  - name: GlobalReader
-    uid: globalreader
-    description: "Global Role for custom user reader"
+  - name: "custom:global:users:reader"
+    uid: "customglobalusersreader1"
+    description: "Global Role for custom user readers"
    version: 1
    # <bool> overwrite org id and creates a global role
    global: true