IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-10 07:35:45 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Skip org role sync moved in docs (#69676)

Browse Source 
skip org role sync moved in docs
This commit is contained in:
Eric Leijonmarck 2023-06-07 10:02:05 +02:00 committed by GitHub
parent aee5c6dea0
commit 498f8ea4ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/sources/setup-grafana/configure-grafana/_index.md
View File

@ -923,7 +923,7 @@ reset to the default organization role on every login. [See `auto_assign_org_rol
`skip_org_role_sync` default value is `false`.
With `skip_org_role_sync` set to `false`, the users' organization and role is reset on every new login, based on the external provider's role. See provider specifities in the tables below.
With `skip_org_role_sync` set to `false`, the users' organization and role is reset on every new login, based on the external provider's role. See your provider in the tables below.
With `skip_org_role_sync` set to `true`, when a user logs in for the first time, Grafana sets the organization role based on the value specified in `auto_assign_org_role` and forces the organization to `auto_assign_org_id` when specified, otherwise it falls back to OrgID `1`.

22
docs/sources/setup-grafana/configure-security/configure-authentication/jwt/index.md
View File

@ -77,17 +77,6 @@ For embedding to work, you must enable `allow_embedding` in the [security sectio
In a scenario where it is not possible to rewrite the request headers you
can use URL login instead.
## Skip organization role
To skip the assignment of roles and permissions upon login via JWT and handle them via other mechanisms like the user interface, we can skip the organization role synchronization with the following configuration.
```ini
[auth.jwt]
# ...
skip_org_role_sync = true
```
### URL login
`url_login` allows grafana to search for a JWT in the URL query parameter
@ -228,3 +217,14 @@ role_attribute_path = contains(info.roles[*], 'admin') && 'Admin' || contains(in
### Grafana Admin Role
If the `role_attribute_path` property returns a `GrafanaAdmin` role, Grafana Admin is not assigned by default, instead the `Admin` role is assigned. To allow `Grafana Admin` role to be assigned set `allow_assign_grafana_admin = true`.
### Skip organization role mapping
To skip the assignment of roles and permissions upon login via JWT and handle them via other mechanisms like the user interface, we can skip the organization role synchronization with the following configuration.
```ini
[auth.jwt]
# ...
skip_org_role_sync = true
```