IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix for doc issue https://github.com/grafana/grafana/issues/32890 (#33034)

Browse Source 
* Added new section "Implications of enabling `Anonymous` access to dashboards".

* Linked from Anonymous authentication section in "Grafana Auth".

* Update docs/sources/administration/security.md

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Update docs/sources/auth/grafana.md

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>

* Fixed formatting issues.

Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
This commit is contained in:
achatterjee-grafana 2021-04-15 11:39:41 -04:00 committed by GitHub
parent 442d3df29c
commit 57091e3d62
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/sources/administration/security.md
View File

@ -36,3 +36,11 @@ To address this vulnerability, you can restrict data source query access in the
- Create multiple data sources with some restrictions added in data source configuration that restrict access (like database name or credentials). Then use the [Data Source Permissions]({{< relref "../permissions/datasource_permissions.md" >}}) Enterprise feature to restrict user access to the data source in Grafana.
- Create a separate Grafana organization, and in that organization, create a separate data source. Make sure the data source has some option/user/credentials setting that limits access to a subset of the data. Not all data sources have an option to limit access.
## Implications of enabling `Anonymous` access to dashboards
When you enable Anonymous access to a dashboard, it is publicly available. This section lists the security implications of enabling Anonymous access.
- Anyone with the URL can access the dashboard.
- Anyone can make view calls to the API and list all folders, dashboards, and data sources.
- Anyone can make arbitrary queries to any data source that the Grafana instance is configured with.

2
docs/sources/auth/grafana.md
View File

@ -52,7 +52,7 @@ api_key_max_seconds_to_live = -1
### Anonymous authentication
You can make Grafana accessible without any login required by enabling anonymous access in the configuration file.
You can make Grafana accessible without any login required by enabling anonymous access in the configuration file. For more information, refer to [Implications of allowing `Anonymous` access to dashboards]({{< relref "../administration/security.md" >}}).
Example: