IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-27 16:57:14 -06:00
Code Issues Packages Projects Releases Wiki Activity

Provisioning: Update accesscontrol sample file

Browse Source
This commit is contained in:
Gabriel MABILLE 2021-06-02 17:22:34 +02:00 committed by GitHub
parent 7aee0deb38
commit 134dba5101
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 45 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
conf/provisioning/access-control/sample.yaml
View File

@ -3,37 +3,42 @@
# # list of default built-in role assignments that should be removed # # list of default built-in role assignments that should be removed
# removeDefaultAssignments: # removeDefaultAssignments:
# # <string, required>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin` # # <string>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin`
# - builtInRole: "Grafana Admin" # - builtInRole: "Grafana Admin"
# # <string, required>, must be one of the existing predefined roles # # <string>, must be one of the existing fixed roles
# predefinedRole: "grafana:roles:permissions:admin" # fixedRole: "fixed:permissions:admin"
# # list of default built-in role assignments that should be added back # # list of default built-in role assignments that should be added back
# addDefaultAssignments: # addDefaultAssignments:
# # <string, required>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin` # # <string>, must be one of the Organization roles (`Viewer`, `Editor`, `Admin`) or `Grafana Admin`
# - builtInRole: "Admin" # - builtInRole: "Admin"
# # <string, required>, must be one of the existing predefined roles # # <string>, must be one of the existing fixed roles
# predefinedRole: "grafana:roles:reporting:admin:read" # fixedRole: "fixed:reporting:admin:read"
# # list of roles that should be deleted # # list of roles that should be deleted
# deleteRoles: # deleteRoles:
# # <string> name of the role you want to create. Required if no uid is set # # <string> name of the role you want to create. Required if no uid is set
# - name: "custom:roles:reporting:admin:edit" # - name: "custom:reports:editor"
# # <string> uid of the role. Required if no name # # <string> uid of the role. Required if no name
# uid: customrolesreportingadminedit # uid: "customreportseditor1"
# # <int> org id. will default to Grafana's default if not specified # # <int> org id. will default to Grafana's default if not specified
# orgId: 1 # orgId: 1
# # <bool> force deletion revoking all grants of the role # # <bool> force deletion revoking all grants of the role
# force: true # force: true
# - name: "custom:global:reports:reader"
# uid: "customglobalreportsreader1"
# # <bool> overwrite org id and removes a global role
# global: true
# force: true
# # list of roles to insert/update depending on what is available in the database # # list of roles to insert/update depending on what is available in the database
# roles: # roles:
# # <string, required> name of the role you want to create. Required # # <string, required> name of the role you want to create. Required
# - name: custom:roles:users:editor # - name: "custom:users:editor"
# # <string> uid of the role. Has to be unique for all orgs. # # <string> uid of the role. Has to be unique for all orgs.
# uid: customrolesuserseditor # uid: customuserseditor1
# # <string> description of the role, informative purpose only. # # <string> description of the role, informative purpose only.
# description: "Role to allow users to create/read/write users" # description: "Role for our custom user editors"
# # <int> version of the role, Grafana will update the role when increased # # <int> version of the role, Grafana will update the role when increased
# version: 2 # version: 2
# # <int> org id. will default to Grafana's default if not specified # # <int> org id. will default to Grafana's default if not specified
@ -51,6 +56,21 @@
# # <list> list of builtIn roles the role should be assigned to # # <list> list of builtIn roles the role should be assigned to
# builtInRoles: # builtInRoles:
# # <string, required> name of the builtin role you want to assign the role to # # <string, required> name of the builtin role you want to assign the role to
# - name: "Admin" # - name: "Editor"
# # <int> org id. will default to the role org id # # <int> org id. will default to the role org id
# orgId: 1 # orgId: 1
# - name: "custom:global:users:reader"
# uid: "customglobalusersreader1"
# description: "Global Role for custom user readers"
# version: 1
# # <bool> overwrite org id and creates a global role
# global: true
# permissions:
# - action: "users:read"
# scope: "users:*"
# builtInRoles:
# - name: "Viewer"
# orgId: 1
# - name: "Editor"
# # <bool> overwrite org id and assign role globally
# global: true

19
docs/sources/enterprise/access-control/provisioning.md
View File

@ -174,20 +174,25 @@ addDefaultAssignments:
# list of roles that should be deleted # list of roles that should be deleted
deleteRoles: deleteRoles:
# <string> name of the role you want to create. Required if no uid is set # <string> name of the role you want to create. Required if no uid is set
- name: ReportEditor - name: "custom:reports:editor"
# <string> uid of the role. Required if no name # <string> uid of the role. Required if no name
uid: reporteditor1 uid: "customreportseditor1"
# <int> org id. will default to Grafana's default if not specified # <int> org id. will default to Grafana's default if not specified
orgId: 1 orgId: 1
# <bool> force deletion revoking all grants of the role # <bool> force deletion revoking all grants of the role
force: true force: true
- name: "custom:global:reports:reader"
uid: "customglobalreportsreader1"
# <bool> overwrite org id and removes a global role
global: true
force: true
# list of roles to insert/update depending on what is available in the database # list of roles to insert/update depending on what is available in the database
roles: roles:
# <string, required> name of the role you want to create. Required # <string, required> name of the role you want to create. Required
- name: CustomEditor - name: "custom:users:editor"
# <string> uid of the role. Has to be unique for all orgs. # <string> uid of the role. Has to be unique for all orgs.
uid: customeditor1 uid: customuserseditor1
# <string> description of the role, informative purpose only. # <string> description of the role, informative purpose only.
description: "Role for our custom user editors" description: "Role for our custom user editors"
# <int> version of the role, Grafana will update the role when increased # <int> version of the role, Grafana will update the role when increased
@ -210,9 +215,9 @@ roles:
- name: "Editor" - name: "Editor"
# <int> org id. will default to the role org id # <int> org id. will default to the role org id
orgId: 1 orgId: 1
- name: GlobalReader - name: "custom:global:users:reader"
uid: globalreader uid: "customglobalusersreader1"
description: "Global Role for custom user reader" description: "Global Role for custom user readers"
version: 1 version: 1
# <bool> overwrite org id and creates a global role # <bool> overwrite org id and creates a global role
global: true global: true