IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Update the SAML role mapping docs with the new fields added (#88529)

Browse Source 
* mention the auto_assign_org_role in saml role sync

* add role_values_viewer to docs
This commit is contained in:
Mihai Doarna 2024-06-04 15:45:37 +03:00 committed by GitHub
parent 4d002d85f9
commit 6b7e4b223d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/sources/setup-grafana/configure-grafana/enterprise-configuration/index.md
View File

@ -320,6 +320,10 @@ List of comma- or space-separated Organization:OrgId:Role mappings. Organization
List of comma- or space-separated roles that will be mapped to the None role. List of comma- or space-separated roles that will be mapped to the None role.
### role_values_viewer
List of comma- or space-separated roles that will be mapped to the Viewer role.
### role_values_editor ### role_values_editor
List of comma- or space-separated roles that will be mapped to the Editor role. List of comma- or space-separated roles that will be mapped to the Editor role.

8
docs/sources/setup-grafana/configure-security/configure-authentication/saml/index.md
View File

@ -224,6 +224,7 @@ The table below describes all SAML configuration options. Continue reading below
| `allowed_organizations` | No | List of comma- or space-separated organizations. User should be a member of at least one organization to log in. | | | `allowed_organizations` | No | List of comma- or space-separated organizations. User should be a member of at least one organization to log in. | |
| `org_mapping` | No | List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `None`, `Viewer`, `Editor` or `Admin`. | | | `org_mapping` | No | List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `None`, `Viewer`, `Editor` or `Admin`. | |
| `role_values_none` | No | List of comma- or space-separated roles which will be mapped into the None role | | | `role_values_none` | No | List of comma- or space-separated roles which will be mapped into the None role | |
| `role_values_viewer` | No | List of comma- or space-separated roles which will be mapped into the Viewer role | |
| `role_values_editor` | No | List of comma- or space-separated roles which will be mapped into the Editor role | | | `role_values_editor` | No | List of comma- or space-separated roles which will be mapped into the Editor role | |
| `role_values_admin` | No | List of comma- or space-separated roles which will be mapped into the Admin role | | | `role_values_admin` | No | List of comma- or space-separated roles which will be mapped into the Admin role | |
| `role_values_grafana_admin` | No | List of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role | | | `role_values_grafana_admin` | No | List of comma- or space-separated roles which will be mapped into the Grafana Admin (Super Admin) role | |
@ -395,11 +396,12 @@ Role sync allows you to map user roles from an identity provider to Grafana. To
1. In the configuration file, set [`assertion_attribute_role`]({{< relref "../../../configure-grafana/enterprise-configuration#assertion_attribute_role" >}}) option to the attribute name where the role information will be extracted from. 1. In the configuration file, set [`assertion_attribute_role`]({{< relref "../../../configure-grafana/enterprise-configuration#assertion_attribute_role" >}}) option to the attribute name where the role information will be extracted from.
1. Set the [`role_values_none`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_none" >}}) option to the values mapped to the `None` role. 1. Set the [`role_values_none`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_none" >}}) option to the values mapped to the `None` role.
1. Set the [`role_values_viewer`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_viewer" >}}) option to the values mapped to the `Viewer` role.
1. Set the [`role_values_editor`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_editor" >}}) option to the values mapped to the `Editor` role. 1. Set the [`role_values_editor`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_editor" >}}) option to the values mapped to the `Editor` role.
1. Set the [`role_values_admin`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_admin" >}}) option to the values mapped to the organization `Admin` role. 1. Set the [`role_values_admin`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_admin" >}}) option to the values mapped to the organization `Admin` role.
1. Set the [`role_values_grafana_admin`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_grafana_admin" >}}) option to the values mapped to the `Grafana Admin` role. 1. Set the [`role_values_grafana_admin`]({{< relref "../../../configure-grafana/enterprise-configuration#role_values_grafana_admin" >}}) option to the values mapped to the `Grafana Admin` role.
If a user role doesn't match any of configured values, then the `Viewer` role will be assigned. If a user role doesn't match any of configured values, then the role specified by the `auto_assign_org_role` config option will be assigned. If the `auto_assign_org_role` field is not set then the user role will default to `Viewer`.
For more information about roles and permissions in Grafana, refer to [Roles and permissions]({{< relref "../../../../administration/roles-and-permissions" >}}). For more information about roles and permissions in Grafana, refer to [Roles and permissions]({{< relref "../../../../administration/roles-and-permissions" >}}).
@ -408,7 +410,8 @@ Example configuration:
```ini ```ini
[auth.saml] [auth.saml]
assertion_attribute_role = role assertion_attribute_role = role
role_values_none = none, external role_values_none = none
role_values_viewer = external
role_values_editor = editor, developer role_values_editor = editor, developer
role_values_admin = admin, operator role_values_admin = admin, operator
role_values_grafana_admin = superadmin role_values_grafana_admin = superadmin
@ -498,6 +501,7 @@ assertion_attribute_email = mail
assertion_attribute_groups = Group assertion_attribute_groups = Group
assertion_attribute_role = Role assertion_attribute_role = Role
assertion_attribute_org = Org assertion_attribute_org = Org
role_values_viewer = external
role_values_editor = editor, developer role_values_editor = editor, developer
role_values_admin = admin, operator role_values_admin = admin, operator
role_values_grafana_admin = superadmin role_values_grafana_admin = superadmin