From 5a91e670d8c4156006e5baf953e15946e152a55a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Knecht?= Date: Tue, 14 Aug 2018 14:09:04 +0200 Subject: [PATCH] docs: gitlab: add note about more restrictive API scope If `allowed_groups` is not used with GitLab authentication, the *read_user* scope can be used instead of *api*. --- docs/sources/installation/configuration.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/sources/installation/configuration.md b/docs/sources/installation/configuration.md index b82d7bed2d4..75bed448a63 100644 --- a/docs/sources/installation/configuration.md +++ b/docs/sources/installation/configuration.md @@ -448,8 +448,12 @@ instance, if you access Grafana at `http://203.0.113.31:3000`, you should use http://203.0.113.31:3000/login/gitlab ``` -Finally, select *api* as the *Scope* and submit the form. You'll get an -*Application Id* and a *Secret* in return; we'll call them +Finally, select *api* as the *Scope* and submit the form. Note that if you're +not going to use GitLab groups for authorization (i.e. not setting +`allowed_groups`, see below), you can select *read_user* instead of *api* as +the *Scope*, thus giving a more restricted access to your GitLab API. + +You'll get an *Application Id* and a *Secret* in return; we'll call them `GITLAB_APPLICATION_ID` and `GITLAB_SECRET` respectively for the rest of this section.