IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

RBAC: Add available scopes to RBAC docs (#93131)

Browse Source 
* update the list with some allowed RBAC scopes

* extend the http api docs as well

* display without bulletpoints

* add prettier ignores
This commit is contained in:
Ieva 2024-09-10 09:50:03 +01:00 committed by GitHub
parent 831493278f
commit 3197c5de8d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 95 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md
View File

@ -65,11 +65,10 @@ The following list contains role-based access control actions.
| `alert.provisioning.secrets:read` | None | Same as `alert.provisioning:read` plus ability to export resources with decrypted secrets. |
| `alert.provisioning:write` | None | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and datasource are not required. |
| `alert.provisioning.provenance:write` | None | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources |
| `annotations:create` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Create annotations. |
| `annotations:delete` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Delete annotations. |
| `annotations:read` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Read annotations and annotation tags. |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Update annotations. |
| `apikeys:create` | None | Create API keys. |
| `annotations:create` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Create annotations. |
| `annotations:delete` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Delete annotations. |
| `annotations:read` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Read annotations and annotation tags. |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Update annotations. |
| `apikeys:read` | <ul><li>`apikeys:*`</li><li>`apikeys:id:*`</li></ul> | Read API keys. |
| `apikeys:delete` | <ul><li>`apikeys:*`</li><li>`apikeys:id:*`</li></ul> | Delete API keys. |
| `dashboards:create` | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Create dashboards in one or more folders and their subfolders. |

57
docs/sources/developers/http_api/annotations.md
View File

@ -32,9 +32,12 @@ Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annot
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ---------------- | ----------------------- |
| annotations:read | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:read` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -122,9 +125,12 @@ The format for `time` and `timeEnd` should be epoch numbers in millisecond resol
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ------------------ | ----------------------- |
| annotations:create | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:create` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Required JSON Body Fields**
@ -174,9 +180,9 @@ format (string with multiple tags being separated by a space).
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ------------------ | ----------------------------- |
| annotations:create | annotations:type:organization |
| Action | Scope |
| -------------------- | ------------------------------- |
| `annotations:create` | `annotations:type:organization` |
**Example Request**:
@ -215,9 +221,12 @@ Updates all properties of an annotation that matches the specified id. To only u
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | ----------------------- |
| annotations:write | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -260,9 +269,12 @@ This operation currently supports updating of the `text`, `tags`, `time` and `ti
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | ----------------------- |
| annotations:write | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -299,9 +311,12 @@ Deletes the annotation that matches the specified id.
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ------------------ | ----------------------- |
| annotations:delete | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:delete` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -333,9 +348,9 @@ Find all the event tags created in the annotations.
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ---------------- | ----- |
| annotations:read | N/A |
| Action | Scope |
| ------------------ | ----- |
| `annotations:read` | N/A |
**Example Request**:

46
docs/sources/developers/http_api/dashboard.md
View File

@ -43,9 +43,13 @@ Creates a new dashboard or updates an existing dashboard. When updating existing
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------- |
| `dashboards:create` | `folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:create` | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
| `dashboards:write` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request for new dashboard**:
@ -164,9 +168,12 @@ Will return the dashboard given the dashboard unique identifier (uid). Informati
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | -------------- |
| `dashboards:read` | `dashboards:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ----------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:read` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -220,9 +227,12 @@ Will delete the dashboard given the specified unique identifier (uid).
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------------------------- |
| `dashboards:delete` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:delete` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -267,9 +277,12 @@ Will delete permanently the dashboard given the specified unique identifier (uid
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------------------------- |
| `dashboards:delete` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:delete` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -314,9 +327,12 @@ Will restore a deleted dashboard given the specified unique identifier (uid).
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------------------------- |
| `dashboards:create` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ----------------------------------------------------- |
| `dashboards:create` | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:

36
docs/sources/developers/http_api/dashboard_permissions.md
View File

@ -44,9 +44,12 @@ Gets all existing permissions for the dashboard with the given `uid`.
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ----------------------------- | ------------------------------------- |
| `dashboards.permissions:read` | `dashboards:uid:*`<br>`folders:uid:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ----------------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:read` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:
@ -123,9 +126,12 @@ Updates permissions for a dashboard. This operation will remove existing permiss
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ------------------------------ | ------------------------------------- |
| `dashboards.permissions:write` | `dashboards:uid:*`<br>`folders:uid:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------------------ | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:write` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:
@ -192,9 +198,12 @@ Gets all existing permissions for the dashboard with the given `dashboardId`.
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ----------------------------- | ----------------------------- |
| `dashboards.permissions:read` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ----------------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:read` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:
@ -275,9 +284,12 @@ Updates permissions for a dashboard. This operation will remove existing permiss
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ------------------------------ | ----------------------------- |
| `dashboards.permissions:write` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------------------ | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:write` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**: