IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 10:20:29 -06:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Update Grafana Teams documentation (#86942)

Browse Source 
* added config doc

* added content

* added new topic docs and made updates

* minor updates

* updates based on feedback

* ran prettier , made updates

* removed original doc, updates to topic docs

* removed old index doc

* fixed format issue

* Update docs/sources/administration/team-management/administering-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/administering-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/_index.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* edits based on feedback

* updates based on feedback

* improved some wording

* ran prettier

* minor correction

* added aliases

* Update docs/sources/administration/team-management/configure-grafana-teams.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* added contractions

* Removed .nx

---------

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
This commit is contained in:
Larissa Wandzura 2024-05-29 00:22:45 -05:00 committed by GitHub
parent 3eea71cc6b
commit 66d6b3d83b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 323 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
docs/sources/administration/team-management/_index.md Normal file
View File

@ -0,0 +1,51 @@
---
aliases:
- ../manage-users/add-or-remove-user-from-team/
- ../manage-users/create-or-remove-team/
- ../manage-users/manage-teams/
- manage-users-and-permissions/manage-teams/
description: This document introduces Grafana Teams and Teams concepts.
labels:
products:
- enterprise
- oss
- cloud
keywords:
- authorization
- microservices
- architecture
menuTitle: Grafana Teams
title: Grafana Teams
weight: 100
---
# Grafana Teams
Grafana Teams makes it easy to organize and administer groups of users in your enterprise. Teams allows you to grant permissions to a group of users instead of granting permissions to individual users one at a time.
Teams are useful in a wide variety of scenarios, such as when onboarding new colleagues or needing access to reports on secure financial data. When you add a user to a team, they get access to all resources assigned to that team.
## Teams concepts
A Grafana Team is a group of users within an organization that have common permissions, including access to dashboards and data sources, and those permissions apply to **all members** of that team. For example, instead of assigning six users access to the same dashboard, you can create a team that consists of those users and assign dashboard permissions to the team. A user can belong to multiple teams.
A Team grants permissions to a wide variety of resources including:
- dashboards
- data sources
- folders
- alerts
- reports
- cloud access policies
- annotations
- playlists
{{< admonition type="note" >}}
All members of a Grafana Team have the same exact permissions. A single Team can't have members with different access levels to resources shared within that Team.
{{< /admonition >}}
A user can be a `Member` or an `Administrator` for a given Team. `Members` of a Team inherit permissions from the team, but they don't have team administrator privileges, and can't edit the team itself. Team `Administrators` can add members to a team and update its settings, such as the team name, team members team roles, UI preferences, and home dashboard.
There are two types of Teams, `isolated` or `collaborative`. Isolated teams can only see their own resources. They can't see other teams resources like dashboards, data, or alerts. Collaborative teams have access to other teams resources.
For information about how to optimize Teams, refer to [How to best organize your teams and resources in Grafana](https://grafana.com/blog/2022/03/14/how-to-best-organize-your-teams-and-resources-in-grafana/).

52
docs/sources/administration/team-management/administering-grafana-teams.md Normal file
View File

@ -0,0 +1,52 @@
---
description: Learn how to administer Grafana Teams.
labels:
products:
- enterprise
- oss
- cloud
keywords:
- authorization
- microservices
- architecture
menuTitle: Administer Grafana Teams
title: Administer Grafana Teams
weight: 300
---
# Administer Grafana Teams
This topic describes how to administer Grafana Teams.
## View a list of Teams
See the complete list of teams in your Grafana organization.
To view a list of teams:
1. Sign in to Grafana as an organization administrator or a team administrator.
1. Click the arrow next to **Administration** in the left-side menu, click **Users and access**, and select **Teams**.
The role you use to sign in to Grafana determines how you see Teams lists.
### Organization administrator view
The following example shows a list as it appears to an `organization` administrator.
![Team list view for org admin](/media/docs/grafana/screenshot-org-admin-team-list.png)
### Team administrator view
The following example shows a list as it appears to a `team` administrator.
![Team list view for team admin](/media/docs/grafana/screenshot-team-admin-team-list.png)
## Teams best practices
Grafana recommends you use Teams to organize and manage access to Grafanas core resources, such as dashboards and alerts. Teams is an easy organizational tool to manage, and allows flexible sharing between teams.
Grafana recommends that you use Instances or Stacks to separate Teams if you want true isolation, to ensure that no information leaks between Teams. You can synchronize some resources between instances using provisioning.
## Secure Grafana Teams
The most important thing to consider for securing Teams is to only grant team administrator rights to the users you trust to administer the Team.

220
docs/sources/administration/team-management/configure-grafana-teams.md Normal file
View File

@ -0,0 +1,220 @@
---
description: Learn how to configure Grafana Teams
labels:
products:
- enterprise
- oss
- cloud
keywords:
- authorization
- microservices
- architecture
menuTitle: Configure Grafana Teams
title: Configure Grafana Teams
weight: 200
---
# Configure Grafana Teams
This topic describes how to set up and configure Grafana Teams.
For a tutorial on working with Teams, refer to [Create users and teams](https://grafana.com/tutorials/create-users-and-teams/).
## Before you begin
Before you begin creating and working with Grafana Teams:
- Ensure that you have either the `Organization Administrator` role or team administrator permissions.
Refer to [Organization roles](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#organization-roles) and [RBAC permissions, actions, and scopes](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/access-control/custom-role-actions-scopes/#rbac-permissions-actions-and-scopes) for a list of Grafana roles and role-based access control actions.
- Decide which users belong to which teams and what permissions team members receive.
- Configure the default basic role for users to join Grafana. This role applies to users where no role is set by the identity provider (IDP).
- No basic role - by default can't view any resources.
Recommended for `isolated` teams.
- Viewer role - by default can view all resources. Recommended for `collaborative` teams.
- Ensure team sync is turned on if you plan to manage team members through team sync.
Refer to [Configure Team Sync](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/setup-grafana/configure-security/configure-team-sync/) for a list of providers and instructions on how to turn on team sync for each provider.
<!-- - Turn on nested folders. __This is a new feature, add when it goes live.__ -->
{{< admonition type="note" >}}
[Grafana Organizations](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/administration/organization-management/) do not exist in Grafana Cloud.
Grafana Cloud uses the term _organization_ to refer to accounts in grafana.com, or GCOM.
In Grafana Enterprise and OSS, Teams belong to Grafana Organizations.
Refer to [About organizations](/docs/grafana/<GRAFANA_VERSION>/administration/organization-management/#about-organizations) for more information.
{{< /admonition >}}
## Create a Grafana Team
A team is a group of users within a Grafana instance that have common permissions needs. Teams to help make user-permission management more efficient. A user can belong to multiple Teams.
Grafana Teams includes common access to the following:
- dashboards
- data sources
- folders
- alerts
- reports
- cloud access policies
- annotations
- playlists
To create a Team, complete the following steps:
1. Sign in to Grafana as an `org administrator` or `team administrator`.
1. Click the arrow next to **Administration** in the left-side menu, click **Users and access**, and select **Teams**.
1. Click **New Team**.
1. Fill in each field and click **Create**.
1. Click **Save**. You can now add a Team member.
## Add a Team member
Add a member to a new Team or add a team member to an existing Team when you want to provide access to team dashboards and folders to another user. This task requires that you have `organization administrator` permissions.
To add a team member, complete the following steps:
1. Sign in to Grafana as an `org administrator` or `team administrator`.
1. Click the arrow next to **Administration** in the left-side menu, click **Users and access**, and select **Teams**.
1. Click the name of the Team to which you want to add members, and click **+ Add member**.
1. Search for and select a user.
1. Choose whether to add the user as a Team **Member** or **Admin**.
1. Click **Save**.
## Grant or change Team member permissions
Complete this task when you want to add or modify team member permissions.
To grant team member permissions:
1. Sign in to Grafana as an `org administrator` or `team administrator`.
1. Click the arrow next to **Administration** in the left-side menu, click **Users and access**, and select **Teams**.
1. Click the pencil next to the name of the Team for which you want to add or modify team member permissions.
1. In the team member list, locate the user that you want to change. You can use the search field to filter the list if necessary.
1. Under the **Permission** column, select the new permission level.
## Add roles to a Grafana Team
You can add or delete roles from a specified team.
To add a role, complete the following steps:
1. Sign in to Grafana as an `org administrator` or `team administrator`.
1. Click the arrow next to **Administration** in the left-side menu, click **Users and access**, and select **Teams**.
1. Select the Team and click under the **Role** column.
Select from a list of current fixed or plugin roles or clear all roles and start over.
As you hover over each role a list of permissions appears to the right.
You can clear any permission for additional fine-grained control.
1. Click **Update** to add the new role or roles.
To delete a role, remove the check next to the role name and click **Update**.
## Delete a team
Delete a team when you no longer need it. This action permanently deletes the team and removes all team permissions from dashboards and folders. This task requires that you have `organization administrator` permissions.
1. Sign in to Grafana as an `org administrator` or `team administrator`.
1. Click the arrow next to **Administration** in the left-side menu, click **Users and access**, and select **Teams**.
1. Click the **red X** on the right side of the name of the team.
1. Click **Delete**.
<!-- ## Create isolated or collaborative teams
Grafana Teams can either be `isolated` or `collaborative`. Isolated teams can only see their own resources. They can't see other teams dashboards, data, or alerts. Collaborative teams have access to other teams resources. Grafana Cloud users must contact Support.
To create an isolated team add the following to the Grafana configuration file:
```ini
auto_assign_org_role = None
role_attribute_path = contains(groups[*], 'admin') && 'Admin' || 'None'
```
To create a collaborative team add the following to the Grafana configuration file:
```ini
auto_assign_org_role = Viewer
role_attribute_path = contains(groups[*], 'admin') && 'Admin' || 'None'
```
You can also use a terraform script as shown in the following example:
```hcl
terraform {
required_providers {
grafana = {
source = "grafana/grafana"
}
}
}
provider "grafana" {
url = "http://localhost:3000/"
auth = "admin:admin"
}
resource "grafana_folder" "awesome_folder" {
title = "Awesome Team Folder"
}
resource "grafana_team" "awesome-team" {
name = "Awesome Team"
}
resource "grafana_team_external_group" "awesome-team-group" {
team_id = grafana_team.awesome-team.id
groups = [
"Awesome_group"
]
}
resource "grafana_role" "team_role" {
name = "team_role"
uid = "team_role"
version = 4
global = true
permissions {
action = "datasources:create"
}
permissions {
action = "serviceaccounts:create"
}
# below should be deleted after bug fix to view service accounts
permissions {
action = "users.roles:read"
scope = "users:id:*"
}
}
resource "grafana_role_assignment" "assign_role" {
role_uid = grafana_role.team_role.uid
teams = [grafana_team.awesome-team.id]
}
resource "grafana_service_account" "awesome_service_account" {
name = "awesome_service_account"
role = "None"
is_disabled = false
}
resource "grafana_service_account_permission" "awesome_service_account_permissions" {
service_account_id = grafana_service_account.awesome_service_account.id
permissions {
team_id = grafana_team.awesome-team.id
permission = "Admin"
}
}
resource "grafana_folder_permission" "awesome_folder_permission" {
folder_uid = grafana_folder.awesome_folder.uid
permissions {
team_id = grafana_team.awesome-team.id
permission = "Admin"
}
permissions {
user_id = grafana_service_account.awesome_service_account.id
permission = "Admin"
}
}
``` -->

123
docs/sources/administration/team-management/index.md
View File

@ -1,123 +0,0 @@
---
aliases:
- ../manage-users/add-or-remove-user-from-team/
- ../manage-users/create-or-remove-team/
- ../manage-users/manage-teams/
- manage-users-and-permissions/manage-teams/
labels:
products:
- enterprise
- oss
title: Team management
weight: 400
---
# Team management
A team is a group of users within an organization that have common dashboard and data source permission needs. For example, instead of assigning five users access to the same dashboard, you can create a team that consists of those users and assign dashboard permissions to the team. A user can belong to multiple teams.
A user can be a Member or an Administrator for a given team. Members of a team inherit permissions from the team, but they cannot edit the team itself. Team Administrators can add members to a team and update its settings, such as the team name, team member's team roles, UI preferences, and home dashboard.
For more information about teams, refer to [Teams and permissions]({{< relref "../roles-and-permissions/#teams-and-permissions" >}}).
For information about how to optimize your teams, refer to [How to best organize your teams and resources in Grafana](https://grafana.com/blog/2022/03/14/how-to-best-organize-your-teams-and-resources-in-grafana/).
This topic describes how to:
- Create a team
- Add a team member
- Grant team member permissions
- Remove a team member
- Delete a team
- View a list of teams
## Before you begin
- Ensure that you have either organization administrator permissions or team administrator permissions
- Make a plan for which users belong to which teams and the permissions team members receive
## Create a team
A team is a group of users within an organization that have common dashboard and data source permission needs. Use teams to help make user-permission management more efficient.
A user can belong to multiple teams.
To create a team:
1. Sign in to Grafana as an organization administrator or team administrator.
1. Click **Administration** in the left-side menu, **Users and access**, and select **Teams**.
1. Click **New Team**.
1. Complete the fields and click **Create**.
1. Click **Add member**.
1. In the **Add member** field, locate and select a user.
1. Click **Save**.
## Add a team member
Add a team member to an existing team whenever you want to provide access to team dashboards and folders to another user. This task requires that you have organization administrator permissions.
To add a team member:
1. Sign in to Grafana as an organization administrator.
1. Click **Administration** in the left-side menu, **Users and access**, and select **Teams**.
1. Click the name of the team to which you want to add members, and click **Add member**.
1. Locate and select a user.
1. Choose if you want to add the user as a team Member or an Admin.
1. Click **Save**.
## Grant team member permissions
Complete this task when you want to add or modify team member permissions.
To grant team member permissions:
1. Sign in to Grafana as an organization administrator or a team administrator.
1. Click **Administration** in the left-side menu, **Users and access**, and select **Teams**.
1. Click the name of the team for which you want to add or modify team member permissions.
1. In the team member list, find and click the user that you want to change. You can use the search field to filter the list if necessary.
1. In the Permission column, select the new user permission level.
## Remove a team member
You can remove a team member when you no longer want to apply team permissions to the user
To remove a team member:
1. Sign in to Grafana as an organization administrator or team administrator.
1. Click **Administration** in the left-side menu, **Users and access**, and select **Teams**.
1. Click a team from which you want to remove a user.
1. Click the **X** next to the name of the user.
## Delete a team
Delete a team when you no longer need it. This action permanently deletes the team and removes all team permissions from dashboards and folders. This task requires that you have organization administrator permissions.
To delete a team:
1. Sign in to Grafana as an organization administrator.
1. Click **Administration** in the left-side menu, **Users and access**, and select **Teams**.
1. Click the **X** next to the name of the team.
1. Click **Delete**.
## View a list of teams
See the complete list of teams in your Grafana organization.
To view a list of teams:
1. Sign in to Grafana as an organization administrator or a team administrator.
1. Click **Administration** in the left-side menu, **Users and access**, and select **Teams**.
The role you use to sign in to Grafana determines how you see team lists.
## Organization administrator view
The following example shows a list as it appears to an organization administrator.
![Team list view for org admin](/media/docs/grafana/screenshot-org-admin-team-list.png)
## Team administrator view
The following example shows a list as it appears to a team administrator.
![Team list view for team admin](/media/docs/grafana/screenshot-team-admin-team-list.png)