diff --git a/docs/sources/administration/roles-and-permissions/access-control/_index.md b/docs/sources/administration/roles-and-permissions/access-control/_index.md index 10c8bad4054..967f2f440ad 100644 --- a/docs/sources/administration/roles-and-permissions/access-control/_index.md +++ b/docs/sources/administration/roles-and-permissions/access-control/_index.md @@ -28,7 +28,7 @@ RBAC provides a standardized way of granting, changing, and revoking access when ## About RBAC Role-based access control (RBAC) provides a standardized way of granting, changing, and revoking access so that users can view and modify Grafana resources, such as users and reports. -RBAC extends Grafana basic roles that are included in Grafana OSS, and enables you more granular control of users’ actions. +RBAC extends Grafana basic roles that are included in Grafana OSS, and enables more granular control of users’ actions. By using RBAC you can provide users with permissions that extend the permissions available with basic roles. For example, you can use RBAC to: @@ -43,6 +43,8 @@ RBAC roles contain multiple permissions, each of which has an action and a scope - **Action:** `datasources:read` - **Scope:** `datasources:*` +For information on the RBAC API refer to [RBAC API](https://grafana.com/docs/grafana//developers/http_api/access_control/#rbac-api). + ### Basic roles Basic roles are the standard roles that are available in Grafana OSS. If you have purchased a Grafana Enterprise license, you can still use basic roles. @@ -78,6 +80,10 @@ For example, if you modify Viewer basic role and grant additional permission, Ed For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}). To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "./manage-rbac-roles/#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID. +{{% admonition type="note" %}} +You cannot use a service account to modify basic roles via the RBAC API. To update basic roles, you must be a Grafana administrator and use basic authentication with the request. +{{% /admonition %}} + ### Fixed roles Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. This gives you fine-grained control over user permissions than you would have with basic roles alone. These roles are called "fixed" because you cannot change or delete fixed roles. You can also create _custom_ roles of your own; see more information in the [custom roles section]({{< relref "#custom-roles" >}}) below.