mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
SAML UI: Fix permissions for fixed:authentication.config:writer role (#67290)
* SAML UI: Fix permissions for fixed:authentication.config:writer role * Remove read permissions for auth settings
This commit is contained in:
parent
0a9240aeba
commit
1d99500b3e
@ -42,7 +42,7 @@ The following tables list permissions associated with basic and fixed roles.
|
||||
| `fixed:annotations:writer` | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*` | Read, create, update and delete all annotations and annotation tags. |
|
||||
| `fixed:apikeys:reader` | `apikeys:read` for scope `apikeys:*` | Read all api keys. |
|
||||
| `fixed:apikeys:writer` | All permissions from `fixed:apikeys:reader` and <br> `apikeys:create` <br> `apikeys:delete` for scope `apikeys:*` | Read, create, delete all api keys. |
|
||||
| `fixed:authentication.config:writer` | `settings:read` <br> `settings:write` for scopes `settings:auth:*` and `settings:auth.saml:*` | Read and update authentication and SAML settings. |
|
||||
| `fixed:authentication.config:writer` | `settings:read` for scope `settings:auth.saml:*` <br> `settings:write` for scope `settings:auth.saml:*` | Read and update authentication and SAML settings. |
|
||||
| `fixed:dashboards:creator` | `dashboards:create`<br>`folders:read` | Create dashboards. |
|
||||
| `fixed:dashboards.insights:reader` | `dashboards.insights:read` | Read dashboard insights data and see presence indicators. |
|
||||
| `fixed:dashboards.permissions:reader` | `dashboards.permissions:read` | Read all dashboard permissions. |
|
||||
|
@ -25,7 +25,7 @@ The Grafana SAML UI provides the following advantages over configuring SAML in t
|
||||
To follow this guide, you need:
|
||||
|
||||
- Knowledge of SAML authentication. Refer to [SAML authentication in Grafana]({{< relref "../saml/" >}}) for an overview of Grafana's SAML integration.
|
||||
- Permissions `settings:read` and `settings:write` with scope `settings:auth:*` that allow you to read and update authentication settings.
|
||||
- Permissions `settings:read` and `settings:write` with scope `settings:auth.saml:*` that allow you to read and update SAML authentication settings.
|
||||
|
||||
These permissions are granted by `fixed:authentication.config:writer` role.
|
||||
By default, this role is granted to Grafana server administrator in self-hosted instances and to Organization admins in Grafana Cloud instances.
|
||||
|
@ -178,18 +178,10 @@ var (
|
||||
Description: "Read and update authentication configuration and access configuration UI.",
|
||||
Group: "Settings",
|
||||
Permissions: []Permission{
|
||||
{
|
||||
Action: ActionSettingsRead,
|
||||
Scope: ScopeSettingsAuth,
|
||||
},
|
||||
{
|
||||
Action: ActionSettingsRead,
|
||||
Scope: ScopeSettingsSAML,
|
||||
},
|
||||
{
|
||||
Action: ActionSettingsWrite,
|
||||
Scope: ScopeSettingsAuth,
|
||||
},
|
||||
{
|
||||
Action: ActionSettingsWrite,
|
||||
Scope: ScopeSettingsSAML,
|
||||
|
Loading…
Reference in New Issue
Block a user