IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Refactor administration docs (#50592)

Browse Source 
* Move data source management to administration

* Move RBAC to administration

* Move team management up a docs org level

* Combine and rename admin preferences docs

* Move plugin management to administration

* Combine plugin management docs

* Combine API key docs

* Combine service account docs

* Combine server user management docs

* Move datasource management to administration

* Move enterprise licenses to administration

* Move CLI out of admin, update links to admin

* Merge org user management docs

* Restructure to Torkel's plan

* Fix typo

* Weigh admin topics for navigation

* Weigh administration topics and align to Torkel's plan

* Move server user management from server admin to admin/user management

* Move configure docker image to setup guide

* Move the remaining server admin docs to the root admin directory

* Reweight docker config
This commit is contained in:
Garrett Guillotte
2022-06-16 12:09:16 -07:00
committed by GitHub
parent c043a8818a
commit 845cebdee2
105 changed files with 1602 additions and 1710 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/sources/administration/_index.md
View File

@@ -10,9 +10,4 @@ weight: 40
This section includes information for Grafana administrators, team administrators, and users performing administrative tasks:
- [Change Preferences]({{< relref "preferences/" >}})
- [Configuration]({{< relref "../setup-grafana/configure-grafana/" >}})
- [Configure Docker image]({{< relref "configure-docker/" >}})
- [Security]({{< relref "../setup-grafana/configure-security/" >}})
- [Database encryption]({{< relref "../setup-grafana/configure-security/configure-database-encryption/" >}})
- [Service accounts]({{< relref "service-accounts/" >}})
{{< section >}}

41
docs/sources/administration/api-keys/_index.md
View File

@@ -1,19 +1,52 @@
---
aliases:
- /docs/grafana/latest/administration/api-keys/about-api-keys/
- /docs/grafana/latest/administration/api-keys/
- /docs/grafana/latest/administration/api-keys/create-api-key/
description: This section contains information about API keys in Grafana
keywords:
- API keys
- Service accounts
menuTitle: API keys
title: API keys in Grafana
weight: 300
title: API keys
weight: 700
---
# API keys in Grafana
# API keys
API Keys can be used to interact with Grafana HTTP APIs.
API keys can be used to interact with Grafana HTTP APIs.
We recommend using service accounts instead of API keys if you are on Grafana 8.5+, for more information refer to [About service accounts]({{< relref "../service-accounts/about-service-accounts/#" >}}).
{{< section >}}
## About API keys
An API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources. For more information about creating API keys, refer to [Create an API key]({{< relref "create-api-key/#" >}}).
## Create an API key
Create an API key when you want to manage your computed workload with a user.
For more information about API keys, refer to [About API keys in Grafana]({{< relref "about-api-keys/" >}}).
This topic shows you how to create an API key using the Grafana UI. You can also create an API key using the Grafana HTTP API. For more information about creating API keys via the API, refer to [Create API key via API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}).
### Before you begin:
- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
**To create an API key:**
1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
1. Click **New API key**.
1. Enter a unique name for the key.
1. In the **Role** field, select one of the following access levels you want to assign to the key.
- **Admin**: Enables a user to use APIs at the broadest, most powerful administrative level.
- **Editor** or **Viewer** to limit the key's users to those levels of power.
1. In the **Time to live** field, specify how long you want the key to be valid.
- The maximum length of time is 30 days (one month). You enter a number and a letter. Valid letters include `s` for seconds,`m` for minutes, `h` for hours, `d `for days, `w` for weeks, and `M `for month. For example, `12h` is 12 hours and `1M` is 1 month (30 days).
- If you are unsure about how long an API key should be valid, we recommend that you choose a short duration, such as a few hours. This approach limits the risk of having API keys that are valid for a long time.
1. Click **Add**.

14
docs/sources/administration/api-keys/about-api-keys.md
View File

@@ -1,14 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/api-keys/about-api-keys/
description: Learn about using API keys in Grafana
menuTitle: About API keys
title: About API keys in Grafana
weight: 30
---
# About API keys in Grafana
An API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources. For more information about creating API keys, refer to [Create an API key]({{< relref "create-api-key/#" >}}).

36
docs/sources/administration/api-keys/create-api-key.md
View File

@@ -1,36 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/api-keys/create-api-key/
description: How to create an API key in Grafana
keywords:
- API keys
- Service accounts
menuTitle: Create an API key
title: Create an API key in Grafana
weight: 50
---
# Create an API key in Grafana
Create an API key when you want to manage your computed workload with a user.
For more information about API keys, refer to [About API keys in Grafana]({{< relref "about-api-keys/" >}}).
This topic shows you how to create an API key using the Grafana UI. You can also create an API key using the Grafana HTTP API. For more information about creating API keys via the API, refer to [Create API key via API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}).
## Before you begin:
- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#" >}}).
**To create an API key:**
1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
1. Click **New API key**.
1. Enter a unique name for the key.
1. In the **Role** field, select one of the following access levels you want to assign to the key.
- **Admin**: Enables a user to use APIs at the broadest, most powerful administrative level.
- **Editor** or **Viewer** to limit the key's users to those levels of power.
1. In the **Time to live** field, specify how long you want the key to be valid.
- The maximum length of time is 30 days (one month). You enter a number and a letter. Valid letters include `s` for seconds,`m` for minutes, `h` for hours, `d `for days, `w` for weeks, and `M `for month. For example, `12h` is 12 hours and `1M` is 1 month (30 days).
- If you are unsure about how long an API key should be valid, we recommend that you choose a short duration, such as a few hours. This approach limits the risk of having API keys that are valid for a long time.
1. Click **Add**.

98
docs/sources/administration/data-source-management/_index.md Normal file
View File

@@ -0,0 +1,98 @@
---
aliases:
- /docs/grafana/latest/datasources/add-a-data-source/
- /docs/grafana/latest/features/datasources/add-a-data-source/
- /docs/grafana/latest/enterprise/datasource_permissions/
- /docs/sources/permissions/datasource_permissions/
title: Data source management
weight: 100
---
# Data source management
Grafana supports many different storage backends for your time series data (data source). Refer to [data sources]({{< relref "../../datasources/" >}}) for more information about using data sources in Grafana. Only users with the organization admin role can add data sources.
## Add a data source
Before you can create your first dashboard, you need to add your data source.
> **Note:** Only users with the organization Admin role can add data sources.
To add a data source:
1. Move your cursor to the cog icon on the side menu which will show the configuration options.
{{< figure src="/static/img/docs/v75/sidemenu-datasource-7-5.png" max-width="150px" class="docs-image--no-shadow">}}
1. Click on **Data sources**. The data sources page opens showing a list of previously configured data sources for the Grafana instance.
1. Click **Add data source** to see a list of all supported data sources.
{{< figure src="/static/img/docs/v75/add-data-source-7-5.png" max-width="600px" class="docs-image--no-shadow">}}
1. Search for a specific data source by entering the name in the search dialog. Or you can scroll through supported data sources grouped into time series, logging, tracing and other categories.
1. Move the cursor over the data source you want to add.
{{< figure src="/static/img/docs/v75/select-data-source-7-5.png" max-width="700px" class="docs-image--no-shadow">}}
1. Click **Select**. The data source configuration page opens.
1. Configure the data source following instructions specific to that data source. See [Data sources]({{< relref "/" >}}) for links to configuration instructions for all supported data sources.
## Data source permissions
Data source permissions allow you to restrict access for users to query a data source. For each data source there is a permission page that allows you to enable permissions and restrict query permissions to specific **Users** and **Teams**.
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
### Enable data source permissions
{{< figure src="/static/img/docs/enterprise/datasource_permissions_enable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/static/img/docs/enterprise/datasource_permissions_enable.gif" >}}
By default, data sources in an organization can be queried by any user in that organization. For example, a user with the `Viewer` role can issue any possible query to a data source, not just
queries that exist on dashboards they have access to.
When permissions are enabled for a data source in an organization, the user who created the datasource can edit the datasource and in addition, viewers can query the datasource.
**Enable permissions for a data source:**
1. Navigate to **Configuration > Data Sources**.
1. Select the data source you want to enable permissions for.
1. On the Permissions tab, click **Enable**.
<div class="clearfix"></div>
> **Caution:** Enabling permissions for the default data source makes users not listed in the permissions unable to invoke queries. Panels using default data source will return `Access denied to data source` error for those users.
### Allow users and teams to query a data source
{{< figure src="/static/img/docs/enterprise/datasource_permissions_add_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/static/img/docs/enterprise/datasource_permissions_add.gif" >}}
After you have enabled permissions for a data source you can assign query permissions to users and teams which will allow access to query the data source.
**Assign query permission to users and teams:**
1. Navigate to **Configuration > Data Sources**.
1. Select the data source you want to assign query permissions for.
1. On the Permissions tab, click **Add Permission**.
1. Select **Team** or **User**.
1. Select the entity you want to allow query access and then click **Save**.
<div class="clearfix"></div>
### Disable data source permissions
{{< figure src="/static/img/docs/enterprise/datasource_permissions_disable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/static/img/docs/enterprise/datasource_permissions_disable.gif" >}}
If you have enabled permissions for a data source and want to return data source permissions to the default, then you can disable permissions with a click of a button.
Note that _all_ existing permissions created for the data source will be deleted.
**Disable permissions for a data source:**
1. Navigate to **Configuration > Data Sources**.
1. Select the data source you want to disable permissions for.
1. On the Permissions tab, click **Disable Permissions**.
<div class="clearfix"></div>

245
docs/sources/administration/enterprise-licensing/_index.md Normal file
View File

@@ -0,0 +1,245 @@
---
aliases:
- /docs/grafana/latest/enterprise/license/
- /docs/grafana/latest/enterprise/activate-license/
- /docs/grafana/latest/enterprise/license/activate-license/
- /docs/grafana/latest/enterprise/license-expiration/
- /docs/grafana/latest/enterprise/license/license-expiration/
- /docs/grafana/latest/enterprise/license-restrictions/
- /docs/grafana/latest/enterprise/license/license-restrictions/
description: Activate and manage a Grafana Enterprise license
keywords:
- grafana
- licensing
- enterprise
title: Enterprise licensing
weight: 500
---
# Grafana Enterprise license
When you become a Grafana Enterprise customer, you gain access to Grafana's premium observability features, including enterprise data source plugins, reporting, and role-based access control. In order to use these [enhanced features of Grafana Enterprise]({{< relref "../enterprise/" >}}), you must purchase and activate a Grafana Enterprise license.
To purchase a license directly from Grafana Labs, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise). To activate an Enterprise license purchased from Grafana Labs, refer to [Activate an Enterprise license]({{< relref "../server-administration/enterprise-licensing/activate-license/" >}}).
You can also purchase a Grafana Enterprise license through the AWS Marketplace. To learn more about activating a license purchased through AWS, refer to [Activate a Grafana Enterprise license purchased through AWS Marketplace]({{< relref "activate-aws-marketplace-license/" >}}).
{{< section >}}
## Activate an Enterprise license
Follow these steps to activate your Grafana Enterprise license:
### Step 1. Download your license file
To download your Grafana Enterprise license:
1. Sign in to your [Grafana Cloud](https://grafana.com) account.
1. Go to **My Account** and select an organization from the drop-down menu at the top left of the page. On the Overview page for each organization, you can see a section for Grafana Enterprise licenses. Click **Details** next to a license.
1. At the bottom of the license details page, select **Download token** to download the `license.jwt` file that contains your license.
### Step 2. Add your license to a Grafana instance
There is more than one way to add the license to a Grafana instance:
#### Upload the license file via the Grafana server administrator page
This is the preferred option for single instance installations of Grafana Enterprise.
1. Sign in as a Grafana server administrator.
1. Navigate to **Server Admin > Upgrade** within Grafana.
1. Click **Upload license token file**.
1. Select your license file, and upload it.
#### Put the `license.jwt` file into the data directory of Grafana
On Linux systems, the data directory is usually at `/var/lib/grafana`.
You can also configure a custom location for the license file using the grafana.ini setting:
```bash
[enterprise]
license_path = /company/secrets/license.jwt
```
This setting can also be set with an environment variable, which is useful if you're running Grafana with Docker and have a custom volume where you have placed the license file. In this case, set the environment variable `GF_ENTERPRISE_LICENSE_PATH` to point to the location of your license file.
#### Set the content of the license file as a configuration option
You can add a license by pasting the content of the `license.jwt`
to the grafana.ini configuration file:
```bash
[enterprise]
license_text = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aGlzIjoiaXMiLCJub3QiOiJhIiwidmFsaWQiOiJsaWNlbnNlIn0.bxDzxIoJlYMwiEYKYT_l2s42z0Y30tY-6KKoyz9RuLE
```
This option can be set using the `GF_ENTERPRISE_LICENSE_TEXT`
environment variable.
### Step 3. Ensure that the license file's root URL matches the root_url configuration option
Update the [`root_url`]({{< relref "../../enterprise/setup-grafana/configure-grafana/#root-url" >}}) in your configuration. It should be the URL that users type in their browsers to access the frontend, not the node hostname(s).
This is important, because as part of the validation checks at startup, Grafana compares the license URL to the [`root_url`]({{< relref "../../enterprise/setup-grafana/configure-grafana/#root-url" >}}) in your configuration.
In your configuration file:
```
[server]
root_url = https://grafana.example.com/
```
Or with an environment variable:
```
GF_SERVER_ROOT_URL=https://grafana.example.com/
```
### Step 4. Restart Grafana
To finalize the installation of Grafana Enterprise, restart Grafana to enable all Grafana Enterprise features. Refer to [restart Grafana]({{< relref "../../enterprise/setup-grafana/restart-grafana/" >}}) for more information.
## License expiration
If your license has expired, most of Grafana keeps working as normal. Some enterprise functionality stops or runs with reduced functionality and Grafana displays a banner informing the users that Grafana is running on an expired license. Your Grafana admin needs to upload a new license file to restore full functionality.
> Replace your license as soon as possible. Running Grafana Enterprise with an expired license is unsupported and can lead to unexpected consequences.
### Update your license
1. Locate your current `license.jwt` file. In a standard installation it is stored inside the Grafana data directory, which on a typical Linux installation is in `/var/lib/grafana/data`. This location might be overridden in the ini file [Configuration]({{< relref "../../enterprise/setup-grafana/configure-grafana/" >}}).
```ini
[enterprise]
license_path = /path/to/your/license.jwt
```
The configuration file's location may also be overridden by the `GF_ENTERPRISE_LICENSE_PATH` environment variable.
2. Log in to your [Grafana Cloud Account](https://grafana.com/login) and make sure you're in the correct organization in the dropdown at the top of the page.
3. Under the **Grafana Enterprise** section in the menu bar to the left, choose licenses and download the currently valid license with which you want to run Grafana. If you cannot see a valid license on Grafana.com, please contact your account manager at Grafana Labs to renew your subscription.
4. Replace the current `license.jwt`-file with the one you've just downloaded.
5. [Restart Grafana]({{< relref "../../enterprise/setup-grafana/restart-grafana/" >}}).
### If your license expires
If your Grafana Enterprise license expires, you can expect the following changes in feature behavior.
#### Data source permissions
Your current data source permissions will keep working as expected, but you'll be unable to add new data source permissions until the license has been renewed.
#### LDAP authentication
- LDAP synchronization is not affected by an expired license.
- Team sync debugging is unavailable.
#### SAML authentication
SAML authentication is not affected by an expired license.
#### Role-based access control (RBAC)
- Creating, updating and deleting custom roles is not available.
- Modifying permissions for custom roles is not available.
#### Reporting
- You're unable to configure new reports or generate previews.
- Existing reports continue to be sent.
#### Enterprise plugins
Enterprise plugins might stop working.
#### White labeling
The white labeling feature is turned off, meaning that any white labeling options will not have any effect.
#### Usage insights
Exporting usage insights logs to Loki will be turned off for licenses expired for more than 7 days.
All the other usage insights features are turned off as soon as the license expires, meaning that you will not be able to see dashboard usage, presence indicators, or use improved search. Grafana continues to collect usage data and you will have access to it as soon as you update your license.
#### Vault integration
Vault integration is not affected by an expired license.
#### Auditing
Auditing is not affected by an expired license.
#### License restrictions
The concurrent session limit remains active for seven days after the expiration date, after which it will be turned off.
The active users limit is turned off immediately.
#### Settings updates at runtime
Settings updates at runtime are not affected by an expired license.
## Grafana Enterprise license restrictions
When you become a Grafana Enterprise customer, you receive a license that governs your use of Grafana Enterprise.
### Active users limit
Your Grafana license includes a maximum number of active users.
- An _active user_ is a user who has signed in to Grafana within the last 30 days. This is a rolling window that is updated daily.
- When you reach the maximum number of active users, only currently active users (users who have signed in over the past 30 days) can sign in. When a new user or a previously-inactive user tries to sign in, the user will see an error message indicating that Grafana has reached its license limit.
- The user's role, number of dashboards that a user can view or edit, and the number of organizations that they can access does not affect the active user count.
- A license limit banner appears to administrators when Grafana reaches its active user limit; editors and viewers do not see the banner.
#### Determine the number of active users
To determine the number of active users:
1. Sign in to Grafana Enterprise as a System Administrator.
1. Click **Server Admin** (the shield icon).
1. Click **Statistics and licensing**.
1. Review the utilization count on the **Utilization** panel.
### Tiered licensing (deprecated)
A tiered license defines dashboard viewers, and dashboard editors and administrators, as two distinct user types that each have their own user limit.
As of Grafana Enterprise version 9.0, Grafana only counts and enforces the _total_ number of active users in your Grafana instance. For example, if you purchase 150 active users, you can have 20 admins, 70 editors, and 60 viewers, or you can have 150 admins. Grafana will enforce the total number of active users even if you use a license that grants a specific number of admins or editors and a certain number of viewers. This is a more permissive policy than before, which gives you the flexibility to change users' roles.
If you are running a pre-9.0 version of Grafana Enterprise, please refer to the documentation for that version to learn more about license enforcement in your current version.
### Additional license restrictions
Your license is controlled by the following rules:
**License expiration date:** The license includes an expiration date, which is the date when a license becomes inactive.
As the license expiration date approaches, you will see a banner in Grafana that encourages you to renew. To learn about how to renew your license and what happens in Grafana when a license expires, refer to [License expiration]({{< relref "../../enterprise/license/license-restrictions/license-expiration/" >}}).
**Grafana License URL:** Your license does not work with an instance of Grafana with a different root URL.
The License URL is the complete URL of your Grafana instance, for example `https://grafana.your-company.com/`. It is defined in the [root_url]({{< relref "../../enterprise/setup-grafana/configure-grafana/#root_url" >}}) configuration setting.
**Concurrent sessions limit**: As of Grafana Enterprise 7.5, users can initiate up to three concurrent sessions of Grafana.
The system creates a session when a user signs in to Grafana from a new device, a different browser, or an incognito window. If a user signs in to Grafana from another tab or window within the same browser, only one session is used.
When a user reaches the session limit, the fourth connection succeeds and the longest inactive session is signed out.
### Request usage billing
You can request Grafana Labs to activate usage billing which allows an unlimited number of active users. When usage billing is enabled, Grafana does not enforce active user limits or display warning banners. Instead, you are charged for active users that exceed the limit, according to your customer contract.
Usage billing involves a contractual agreement between you and Grafana Labs, and it is only available if Grafana Enterprise is configured to [automatically refresh its license token]({{< relref "../../enterprise/setup-grafana/configure-grafana/enterprise-configuration/#auto_refresh_license" >}}).
### Request a change to your license
To increase the number of licensed users within Grafana, extend a license, or change your licensed URL, contact [Grafana support](https://grafana.com/profile/org#support) or your Grafana Labs account team. They will update your license, which you can activate from within Grafana.
For instructions about how to activate your license after it is updated, refer to [Activate an Enterprise license]({{< relref "../../enterprise/license/license-restrictions/activate-license/" >}}).

18
docs/sources/enterprise/license/activate-aws-marketplace-license/about-ge-license-through-aws.md → docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/_index.md
View File

@@ -1,29 +1,31 @@
---
aliases:
- /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/
description: Activate Enterprise license purchased through AWS Marketplace
- /docs/grafana/latest/enterprise/activate-aws-marketplace-license/about-ge-license-through-aws/
- /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/about-ge-license-through-aws/
description: About Grafana Enterprise licenses from AWS Marketplace
keywords:
- grafana
- about
- enterprise
- overview
- aws
- marketplace
title: About Grafana Enterprise licenses from AWS Marketplace
weight: 100
- enterprise
- license
title: Enterprise licenses through AWS Marketplace
weight: 400
---
# About Grafana Enterprise licenses from AWS Marketplace
# Activate a Grafana Enterprise license purchased through AWS Marketplace
AWS Marketplace is a convenient place for AWS customers to buy and manage a license for Grafana Enterprise versions 8.3.0 and later.
{{< section >}}
You can deploy Grafana Enterprise in the following ways:
- Using AWS services like ECS, EKS or EC2.
- In an instance outside AWS.
In each case, you must activate the Grafana Enterprise license purchased in AWS Marketplace to take advantage of Grafana Enterprise observability features. Grafana Enterprise licenses purchased through AWS Marketplace are subject to the same [restrictions]({{< relref "../license-restrictions/" >}}) as Grafana Enterprise licensed purchased directly from Grafana Labs.
In each case, you must activate the Grafana Enterprise license purchased in AWS Marketplace to take advantage of Grafana Enterprise observability features. Grafana Enterprise licenses purchased through AWS Marketplace are subject to the same [restrictions]({{< relref "../../../../enterprise/license/activate-aws-marketplace-license/license-restrictions/" >}}) as Grafana Enterprise licensed purchased directly from Grafana Labs.
> To purchase a license directly from Grafana Labs or learn more about other Grafana offerings, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise).

4
docs/sources/enterprise/license/activate-aws-marketplace-license/activate-license-on-ecs.md → docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/activate-license-on-ecs.md
View File

@@ -44,7 +44,7 @@ Grafana requires that you configure a database to hold dashboards, users, and ot
### Before you begin
- Ensure that you have a supported Grafana database available.
- For a list of supported databases, refer to [Supported databases]({{< relref "../../../setup-grafana/installation/#supported-databases" >}}).
- For a list of supported databases, refer to [Supported databases]({{< relref "../../../../enterprise/setup-grafana/installation/#supported-databases" >}}).
- For information about creating a database, refer to [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html).
- Review the information required to connect to the RDS DB instance. For more information, refer to [Connecting to an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.Connect.html).
@@ -52,7 +52,7 @@ To configure Grafana for high availability:
1. In AWS ECS, use environment variables to update the `database` parameters.
For a list of database parameters, refer to [Configuration]({{< relref "../../../setup-grafana/configure-grafana/#database" >}}).
For a list of database parameters, refer to [Configuration]({{< relref "../../../../enterprise/setup-grafana/configure-grafana/#database" >}}).
1. Create a revision of the task definition for the ECS Task that runs Grafana Enterprise.

8
docs/sources/enterprise/license/activate-aws-marketplace-license/activate-license-on-eks.md → docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/activate-license-on-eks.md
View File

@@ -46,7 +46,7 @@ Grafana requires that you configure a database to hold dashboards, users, and ot
### Before you begin
- Ensure that you have a supported Grafana database available.
- For a list of supported databases, refer to [Supported databases]({{< relref "../../../setup-grafana/installation/#supported-databases" >}}).
- For a list of supported databases, refer to [Supported databases]({{< relref "../../../../setup-grafana/installation/#supported-databases" >}}).
- For information about creating a database, refer to [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html).
- Review the information required to connect to the RDS DB instance. For more information, refer to [Connecting to an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.Connect.html).
@@ -78,7 +78,7 @@ To configure Grafana for high availability, choose **one** of the following opti
value: [database password]
```
For more information on Grafana High Availability setup, refer to [Set up Grafana for high availability]({{< relref "../../../setup-grafana/set-up-for-high-availability/" >}}).
For more information on Grafana High Availability setup, refer to [Set up Grafana for high availability]({{< relref "../../../../enterprise/setup-grafana/set-up-for-high-availability/" >}}).
## Task 3: Configure Grafana Enterprise to validate its license with AWS
@@ -95,7 +95,7 @@ In this task, you configure Grafana Enterprise to validate the license with AWS
For more information about AWS license permissions, refer to [Actions, resources, and condition keys for AWS License Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslicensemanager.html).
1. Choose **one** of the following options to update the [license_validation_type]({{< relref "../../../setup-grafana/configure-grafana/enterprise-configuration/#license_validation_type" >}}) configuration to `aws`:
1. Choose **one** of the following options to update the [license_validation_type]({{< relref "../../../../enterprise/setup-grafana/configure-grafana/enterprise-configuration/#license_validation_type" >}}) configuration to `aws`:
- **Option 1:** Use `kubectl edit configmap grafana` to edit `grafana.ini` add the following section to the configuration:
@@ -121,6 +121,6 @@ To restart Grafana on a Kubernetes cluster,
1. After you update the service, navigate to your Grafana instance, sign in with Grafana Admin credentials, and navigate to the Statistics and Licensing page to validate that your license is active.
For more information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../setup-grafana/restart-grafana/" >}}).
For more information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../../enterprise/setup-grafana/restart-grafana/" >}}).
> If you experience issues when you update the EKS cluster, refer to [Amazon EKS troubleshooting](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html).

10
docs/sources/enterprise/license/activate-aws-marketplace-license/activate-license-on-instance-outside-aws.md → docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/activate-license-on-instance-outside-aws.md
View File

@@ -31,9 +31,9 @@ To activate a Grafana Enterprise license from AWS on a Grafana Enterprise instan
To install Grafana, refer to the documentation specific to your implementation.
- [Install Grafana]({{< relref "../../../setup-grafana/installation" >}}).
- [Run Grafana Docker image]({{< relref "../../../setup-grafana/installation/docker/" >}}).
- [Deploy Grafana on Kubernetes]({{< relref "../../../setup-grafana/installation/kubernetes/#deploy-grafana-enterprise-on-kubernetes" >}}).
- [Install Grafana]({{< relref "../../../../enterprise/setup-grafana/installation/" >}}).
- [Run Grafana Docker image]({{< relref "../../../../enterprise/setup-grafana/installation/docker/" >}}).
- [Deploy Grafana on Kubernetes]({{< relref "../../../../enterprise/setup-grafana/installation/kubernetes/#deploy-grafana-enterprise-on-kubernetes" >}}).
## Task 2: Create an AWS IAM user with access to your Grafana Enterprise license
@@ -106,7 +106,7 @@ To retrieve your license, Grafana Enterprise requires access to your AWS account
In this task you configure Grafana Enterprise to validate the license with AWS instead of Grafana Labs.
Choose one of the following options to update the [license_validation_type]({{< relref "../../../setup-grafana/configure-grafana/enterprise-configuration/#license_validation_type" >}}) configuration to `aws`:
Choose one of the following options to update the [license_validation_type]({{< relref "../../../../enterprise/setup-grafana/configure-grafana/enterprise-configuration/#license_validation_type" >}}) configuration to `aws`:
- **Option 1:** In the `[enterprise]` section of the grafana.ini configuration file, add `license_validation_type=aws`.
@@ -127,4 +127,4 @@ Choose one of the following options to update the [license_validation_type]({{<
To activate Grafana Enterprise features, start (or restart) Grafana.
For information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../setup-grafana/restart-grafana/" >}}).
For information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../../enterprise/setup-grafana/restart-grafana/" >}}).

2
docs/sources/enterprise/license/activate-aws-marketplace-license/manage-license-in-aws-marketplace.md → docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/manage-license-in-aws-marketplace.md
View File

@@ -38,4 +38,4 @@ You can use AWS Marketplace to make the following modifications to your Grafana
This action retrieves updated license information from AWS.
> To learn more about licensing and active users, refer to [Understanding Grafana Enterprise licensing]({{< relref "../license-restrictions/" >}}).
> To learn more about licensing and active users, refer to [Understanding Grafana Enterprise licensing]({{< relref "../../../../enterprise/license/activate-aws-marketplace-license/license-restrictions/" >}}).

0
docs/sources/enterprise/license/activate-aws-marketplace-license/transfer-ge-license.md → docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/transfer-ge-license.md
View File

15
docs/sources/administration/manage-users-and-permissions/manage-org-users/_index.md
View File

@@ -1,15 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/
- /docs/grafana/latest/manage-users/org-admin/
title: Manage users in an organization
weight: 400
---
# Manage users in an organization
Organization administrators can invite users to join their organization. Organization users have access to organization resources based on their role, which is **Admin**, **Editor**, or **Viewer**. Permissions associated with each role determine the tasks a user can perform in the system.
For more information about organization user permissions, refer to [Organization users and permissions]({{< relref "../about-users-and-permissions/#organization-users-and-permissions" >}}).
{{< section >}}

28
docs/sources/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions.md
View File

@@ -1,28 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions/
title: Change a user's organization permissions
weight: 30
---
# Change a user's organization permissions
Update user permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
## Before you begin
- Ensure you have organization administrator privileges
**To change the organization role of a user**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Find the user account for which you want to change the role.
If necessary, use the search field to filter the list.
1. Locate the user on the list and in the **Role** column, click the user role.
1. Select the role that you want to assign.
1. Click **Update**.
> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [change a user's organization permissions]({{< relref "../manage-server-users/change-user-org-permissions/" >}}) in the Server Admin section.

45
docs/sources/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org.md
View File

@@ -1,45 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org/
title: Invite a user to join an organization
weight: 10
---
# Invite a user to join an organization
When you invite users to join an organization, you assign the **Admin**, **Editor**, or **Viewer** role which controls user access to the dashboards and data sources owned by the organization. Users receive an email that prompts them to accept the invitation.
- If you know that the user already has access Grafana and you know their user name, then you issue an invitation by entering their user name.
- If the user is new to Grafana, then use their email address to issue an invitation. The system automatically creates the user account on first sign in.
> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can also manually [add a user to an organization]({{< relref "../manage-server-users/add-remove-user-to-org/" >}}).
## Before you begin
- Ensure you have organization administrator privileges.
- If the user already has access to Grafana, obtain their user name.
- Determine the permissions you want to assign to the user. For more information about organization permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
**To invite or add an existing user account to your organization**:
1. Sign in to Grafana as an organization administrator.
1. To switch to the organization to which you want to invite a user, hover your mouse over your profile and click **Switch organization** and select an organization.
> **Note**: It might be that you are currently in the proper organization and don't need to switch organizations.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Click **Invite**.
1. Enter the following information:
| Field | Description |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Email or username | Either the email or username that the user will use to sign in to Grafana. |
| Name | The user's name. |
| Role | Click the organization role to assign this user. For more information about organization roles, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).. |
| Send invite email | Switch to on if your organization has configured. The system sends an email to the user inviting them to sign in to Grafana and join the organization. Switch to off if you are not using email. The user can sign in to Grafana with the email or username you entered. |
1. Click **Submit**.
If the invitee is not already a user, the system adds them.
![Invite User](/static/img/docs/manage-users/org-invite-user-7-3.png).

32
docs/sources/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites.md
View File

@@ -1,32 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites/
title: Manage a pending invitation
weight: 20
---
# Manage a pending invitation
Periodically review invitations you have sent so that you can see a list of users that have not yet accepted the invitation or cancel a pending invitation.
> **Note:** The **Pending Invites** button is only visible if there are unanswered invitations.
## Before you begin
- Ensure you have organization administrator privileges
**To manage a pending invitation**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Click **Pending Invites**.
The **Pending Invites** button appears only when there are unaccepted invitations.
![Pending Invites button](/static/img/docs/manage-users/pending-invites-button-7-3.png)
To cancel an invitation, click the red **X** next to the invitation.
To copy an invitation link and send it directly to a user, click Copy Invite. You can then paste the invite link into a message.
![Pending Invites list](/static/img/docs/manage-users/pending-invites-list-7-3.png)

28
docs/sources/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org.md
View File

@@ -1,28 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org/
title: Remove a user from an organization
weight: 40
---
# Remove a user from an organization
You can remove a user from an organization when they no longer require access to the dashboard or data sources owned by the organization. No longer requiring access to an organization might occur when the user has left your company or has internally moved to another organization.
This action does not remove the user account from the Grafana server.
## Before you begin
- Ensure you have organization administrator privileges
**To remove a user from an organization**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Find the user account that you want to remove from the organization.
Use the search field to filter the list, if necessary.
1. Click the red **X** to remove the user from the organization.
> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [remove a user from an organization]({{< relref "../manage-server-users/add-remove-user-to-org/#remove-a-user-from-an-organization" >}}) on the Users page of the Server Admin section.

23
docs/sources/administration/manage-users-and-permissions/manage-org-users/view-list-org-users.md
View File

@@ -1,23 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/view-list-org-users/
title: View a list of organization users
weight: 50
---
# View a list of organization users
You can see a list of users with accounts in your Grafana organization. If necessary, you can use the search field to filter the list.
## Before you begin
- Ensure you have organization administrator privileges
**To view a list of organization users**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
![Org Admin user list](/static/img/docs/manage-users/org-user-list-7-3.png)
> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [view a global list of users]({{< relref "../manage-server-users/view-list-users/" >}}) in the Server Admin section of Grafana.

20
docs/sources/administration/manage-users-and-permissions/manage-server-users/_index.md
View File

@@ -1,20 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/
- /docs/grafana/latest/manage-users/server-admin/
- /docs/grafana/latest/manage-users/server-admin/server-admin-manage-users/
title: Manage users globally
weight: 300
---
# Manage users globally
A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system.
If you have [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions in Grafana, you can manage all users for a Grafana instance in the Server Admin section:
{{< section >}}
If you have [organization administrator]({{< relref "../about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, refer to [Manage users in a organization]({{< relref "../manage-org-users/" >}}).
For more information about users and permissions, refer to [About users and permissions]({{< relref "../about-users-and-permissions/" >}}).

29
docs/sources/administration/manage-users-and-permissions/manage-server-users/add-user.md
View File

@@ -1,29 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user/
title: Add a user
weight: 10
---
# Add a user
Add users when you want to manually provide individuals with access to Grafana.
When you create a user using this method, you must create their password. The user does not receive a notification by email. To invite a user to Grafana and allow them to create their own password, [invite a user to join an organization]({{< relref "../manage-org-users/invite-user-join-org/" >}}).
When you configure advanced authentication using Oauth, SAML, LDAP, or the Auth proxy, users are created automatically.
## Before you begin
- Ensure that you have Grafana server administrator privileges
**To add a user**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click **New user**.
1. Complete the fields and click **Create user**.
When you create a user, the system assigns the user viewer permissions in a default organization, which you can change. You can now [add a user to a second organization]({{< relref "add-remove-user-to-org/" >}}).
> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can still add users by [inviting a user to join an organization]({{< relref "../manage-org-users/invite-user-join-org/" >}}).

70
docs/sources/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account.md
View File

@@ -1,70 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-user-account-details/
title: View and edit a user account
weight: 110
---
# View user details
View user details when you want to see login, and organizations and permissions settings associated with a user.
## Before you begin:
- Ensure you have Grafana server administrator privileges
**To view user details**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click a user.
A user account contains the following sections.
### User information
This section contains basic user information, which users can update.
![Server Admin user information section](/static/img/docs/manage-users/server-admin-user-information-7-3.png)
### Permissions
This indicates whether the user account has the Grafana administrator flag applied. If the flag is set to **Yes**, then the user is a Grafana server administrator.
![Server Admin Permissions section](/static/img/docs/manage-users/server-admin-permissions-7-3.png)
### Organisations
This section lists the organizations the user belongs to and their assigned role.
![Server Admin Organizations section](/static/img/docs/manage-users/server-admin-organisations-7-3.png)
### Sessions
This section includes recent user sessions and information about the time the user logged in and they system they used. You can force logouts, if necessary.
![Server Admin Sessions section](/static/img/docs/manage-users/server-admin-sessions-7-3.png)
# Edit a user account
Edit a user account when you want to modify user login credentials, or delete, disable, or enable a user.
## Before you begin
- Ensure you have Grafana server administrator privileges
**To edit a user account**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click a user.
1. Complete any of the following actions, as necessary.
| Action | Description |
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Update name, email, or username | **Is the user notified of these changes?**. Click **Save** after you make a change. |
| Change the user's password | The new password must be at least four characters long. Click **Save** after you make a change. |
| Delete a user | This action permanently removes the user from the Grafana server. The user can no longer sign in after you make this change. |
| Disable user account | This action prevents a user from signing in with this account, but does not delete the account. You might disable an account if a colleague goes on sabbatical. |
| Enable a user account | This action enables a user account. |

23
docs/sources/administration/manage-users-and-permissions/manage-server-users/view-list-users.md
View File

@@ -1,23 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-list-users/
title: View a list of users
weight: 100
---
# View a list of users
You can see a list of users with accounts on your Grafana server. This action might be useful when you want to know which role you assigned to each user.
## Before you begin
- Ensure you have Grafana server administrator privileges
**To view a list of users**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
![Server Admin user list](/static/img/docs/manage-users/server-user-list-7-3.png)
> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [view of list of users in a given organization]({{< relref "../manage-org-users/view-list-org-users/" >}}).

8
docs/sources/administration/manage-organizations/_index.md → docs/sources/administration/organization-management/_index.md
View File

@@ -10,7 +10,7 @@ keywords:
- dashboards
menuTitle: Manage organizations
title: Manage organizations
weight: 300
weight: 200
---
# Manage organizations
@@ -42,7 +42,7 @@ The following table summarizes the resources you can share and/or isolate using
The member of one organization cannot view dashboards assigned to another organization. However, a user can belong to multiple organizations.
Grafana Server Administrators are responsible for creating organizations. For more information about the Grafana Server Administrator role, refer to [Grafana server administrators]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#Grafana server administrators" >}}).
Grafana Server Administrators are responsible for creating organizations. For more information about the Grafana Server Administrator role, refer to [Grafana server administrators]({{< relref "../roles-and-permissions/#Grafana server administrators" >}}).
## View a list of organizations
@@ -80,9 +80,9 @@ Create an organization when you want to isolate dashboards and other resources f
1. On the **Preferences** tab, select a home dashboard, time zone, and week start.
For more information about preferences, refer to [Preferences]({{< relref "../preferences/" >}}).
For more information about preferences, refer to [Preferences]({{< relref "../organization-preferences/" >}}).
For more information about adding users to an organization, refer to [Add a user to an organization]({{< relref "../manage-users-and-permissions/manage-server-users/add-remove-user-to-org/" >}}).
For more information about adding users to an organization, refer to [Add a user to an organization]({{< relref "../user-management/server-user-management/add-remove-user-to-org/" >}}).
## Delete an organization

245
docs/sources/administration/organization-preferences/_index.md Normal file
View File

@@ -0,0 +1,245 @@
---
aliases:
- /docs/grafana/latest/administration/preferences/
- /docs/grafana/latest/administration/preferences/change-grafana-name/
- /docs/grafana/latest/administration/preferences/change-grafana-theme/
- /docs/grafana/latest/administration/preferences/change-grafana-timezone/
- /docs/grafana/latest/administration/change-home-dashboard/
- /docs/grafana/latest/administration/preferences/change-home-dashboard/
title: Organization preferences
weight: 500
---
# Organization preferences
Grafana preferences are basic settings. They control the Grafana UI theme, home dashboard, time zone, and so on.
Preferences are sometimes confusing because they can be set at four different levels, listed from highest level to lowest:
- **Server -** Affects all users on the Grafana server. Set by a [Grafana server admin]({{< relref "../roles-and-permissions/#grafana-server-administrators" >}}).
- **Organization -** Affects all users in an organization. Set by an [Organization admin]({{< relref "../roles-and-permissions/#organization-roles" >}}).
- **Team -** Affects all users assigned to a team. Set by an Organization Admin or Team Admin. To learn more about these roles, refer to [Teams and permissions]({{< relref "../roles-and-permissions/#teams-and-permissions" >}}).
- **User account -** Affects the individual user. Set by the user on their own account.
The lowest level always takes precedence. For example, if a user sets their theme to **Light**, then their visualization of Grafana displays the light theme. Nothing at any higher level can override that.
If the user is aware of the change and intended it, then that's great! But if the user is a Server Admin who made the change to their user preferences a long time ago, they might have forgotten they did that. Then, if that Server Admin is trying to change the theme at the server level, they'll get frustrated as none of their changes have any effect that they can see. (Also, the users on the server might be confused, because _they_ can see the server-level changes!)
## Change Grafana name and email
In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
### Change organization name
Grafana server administrators and organization administrators can change organization names.
#### Grafana Server Admin change organization name
Follow these instructions if you are a Grafana Server Admin.
{{< docs/list >}}
{{< docs/shared "manage-users/view-server-org-list.md" >}}
1. In the organization list, click the name of the organization that you want to change.
1. In **Name**, enter the new organization name.
1. Click **Update**.
{{< /docs/list >}}
#### Organization Admin change organization name
If you are an Organization Admin, follow these steps:
{{< docs/list >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
1. In **Organization name**, enter the new name.
1. Click **Update organization name**.
{{< /docs/list >}}
### Change team name or email
Organization administrators and team administrators can change team names and email addresses.
To change the team name or email, follow these steps:
1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
1. Click **Teams**. Grafana displays the team list.
1. In the team list, click the name of the team that you want to change.
1. Click the **Settings** tab.
1. In the Team Settings section, you can edit the following:
- **Name -** Edit this field to change the display name associated with the team.
- **Email -** Edit this field to change the email address associated with the team.
1. Click **Update**.
### Change user name or email
To learn how to edit your user information, refer to [Edit your profile]({{< relref "../user-management/user-preferences/#edit-your-profile" >}}).
## Change Grafana UI theme
In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
### Theme options
The theme affects how Grafana displays graphs, menus, other UI elements.
#### Default
**Default** is either the dark theme or the theme selected in a higher level. For example, if an Organization administrator set the **Light** theme, then that is the default for all the teams in that organization.
#### Dark
Here is an example of the dark theme.
![Dark theme example](/static/img/docs/preferences/dark-theme-7-4.png)
#### Light
Here is an example of the light theme.
![Light theme example](/static/img/docs/preferences/light-theme-7-4.png)
### Change server UI theme
Grafana server administrators can change the Grafana UI theme for all users on the server by setting the [default_theme]({{< relref "../../setup-grafana/configure-grafana/#default-theme" >}}) option in the Grafana configuration file.
To see what the current settings are, refer to [View server settings]({{< relref "../view-server/view-server-settings/" >}}).
### Change organization UI theme
Organization administrators can change the UI theme for all users in an organization.
{{< docs/list >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
{{< docs/shared "preferences/select-ui-theme-list.md" >}}
{{< /docs/list >}}
### Change team UI theme
Organization and team administrators can change the UI theme for all users in a team.
{{< docs/list >}}
{{< docs/shared "manage-users/view-team-list.md" >}}
1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
{{< docs/shared "preferences/select-ui-theme-list.md" >}}
{{< /docs/list >}}
### Change your personal UI theme
You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
{{< docs/shared "preferences/select-ui-theme-list.md" >}}
{{< /docs/list >}}
## Change the Grafana default timezone
By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
### Set server timezone
Grafana server administrators can choose a default timezone for all users on the server by setting the [default_timezone]({{< relref "../../setup-grafana/configure-grafana/#default-timezone" >}}) option in the Grafana configuration file.
### Set organization timezone
Organization administrators can choose a default timezone for their organization.
{{< docs/list >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
{{< docs/shared "preferences/select-timezone-list.md" >}}
{{< /docs/list >}}
### Set team timezone
Organization administrators and team administrators can choose a default timezone for all users in a team.
{{< docs/list >}}
{{< docs/shared "manage-users/view-team-list.md" >}}
1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
{{< docs/shared "preferences/select-timezone-list.md" >}}
{{< /docs/list >}}
### Set your personal timezone
You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
{{< docs/shared "preferences/select-timezone-list.md" >}}
{{< /docs/list >}}
## Change the default home dashboard
The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
### Navigate to the home dashboard
The home dashboard is the first dashboard a user sees when they sign in to Grafana. You can also navigate to the home dashboard manually.
1. Hover your cursor over the **Dashboards** (four squares) icon.
1. Click **Home**.
### Set the home dashboard for the server
Users with the Grafana Server Admin flag on their account or access to the configuration file can define a JSON file to use as the home dashboard for all users on the server.
#### [Optional] Convert an existing dashboard into a JSON file
1. Navigate to the page of the dashboard you want to use as the home dashboard.
1. Click the **Share dashboard** icon next to the dashboard title.
1. In the Export tab, click **Save to file**. Grafana converts the dashboard to a JSON file and saves it locally.
#### Use a JSON file as the home dashboard
1. Save your JSON file somewhere that Grafana can access it. For example, in the Grafana `data` folder of Grafana.
1. Update your configuration file to set the path to the JSON file. Refer to [default_home_dashboard_path]({{< relref "../../setup-grafana/configure-grafana/#default_home_dashboard_path" >}}) for more information about modifying the Grafana configuration files.
```ini
[dashboards]
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = data/main-dashboard.json
```
> **Note:** On Linux, Grafana uses `/usr/share/grafana/public/dashboards/home.json` as the default home dashboard location.
### Set the home dashboard for your organization
Organization administrators can choose a home dashboard for their organization.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
{{< /docs/list >}}
### Set home dashboard for your team
Organization administrators and Team Admins can choose a home dashboard for a team.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
{{< docs/shared "manage-users/view-team-list.md" >}}
1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
{{< /docs/list >}}
### Set your personal home dashboard
You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
{{< /docs/list >}}

203
docs/sources/administration/plugin-management/_index.md Normal file
View File

@@ -0,0 +1,203 @@
---
aliases:
- /docs/grafana/latest/plugins/
- /docs/grafana/latest/plugins/catalog/
- /docs/grafana/latest/plugins/installation/
- /docs/grafana/latest/plugins/plugin-signature-verification/
- /docs/grafana/latest/plugins/plugin-signatures/
title: Plugin management
weight: 600
---
# Plugin management
Besides the wide range of visualizations and data sources that are available immediately after you install Grafana, you can extend your Grafana experience with _plugins_.
You can [install]({{< relref "../plugins/installation/" >}}) one of the plugins built by the Grafana community, or [build one yourself]({{< relref "../../developers/plugins/" >}}).
Grafana supports three types of plugins: [panels](https://grafana.com/grafana/plugins?type=panel), [data sources](https://grafana.com/grafana/plugins?type=datasource), and [apps](https://grafana.com/grafana/plugins?type=app).
## Panel plugins
Add new visualizations to your dashboard with panel plugins, such as the [Worldmap Panel](https://grafana.com/grafana/plugins/grafana-worldmap-panel), [Clock](https://grafana.com/grafana/plugins/grafana-clock-panel), and [Pie Chart](https://grafana.com/grafana/plugins/grafana-piechart-panel).
Use panel plugins when you want to:
- Visualize data returned by data source queries.
- Navigate between dashboards.
- Control external systems, such as smart home devices.
## Data source plugins
Data source plugins add support for new databases, such as [Google BigQuery](https://grafana.com/grafana/plugins/doitintl-bigquery-datasource).
Data source plugins communicate with external sources of data and return the data in a format that Grafana understands. By adding a data source plugin, you can immediately use the data in any of your existing dashboards.
Use data source plugins when you want to import data from external systems.
## App plugins
Applications, or _app plugins_, bundle data sources and panels to provide a cohesive experience, such as the [Zabbix](https://grafana.com/grafana/plugins/alexanderzobnin-zabbix-app) app.
Apps can also add custom pages for things like control panels.
Use app plugins when you want to create an custom out-of-the-box monitoring experience.
## Plugin catalog
The Plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and organization administrators can access and use the plugin catalog. The following access rules apply depending on the user role:
| Org Admin | Server Admin | Permissions |
| --------- | ------------ | ------------------------------------------------------------------------------------------- |
| &check; | &check; | <ul><li>Can configure app plugins</li><li>Can install/uninstall/update plugins</li></ul> |
| &check; | &times; | <ul><li>Can configure app plugins</li><li>Cannot install/uninstall/update plugins</li></ul> |
| &times; | &check; | <ul><li>Cannot configure app plugins</li><li>Can install/uninstall/update plugins</li></ul> |
> **Note:** The Plugin catalog is designed to work with a single Grafana server instance only. Support for Grafana clusters will be added in future Grafana releases.
<div class="medium-6 columns">
<video width="700" height="600" controls>
<source src="/static/assets/videos/plugins-catalog-install-8-1.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
</div>
In order to be able to install / uninstall / update plugins using plugin catalog, you must enable it via the `plugin_admin_enabled` flag in the [configuration]({{< relref "../../../plugins/setup-grafana/configure-grafana/#plugin_admin_enabled" >}}) file.
Before following the steps below, make sure you are logged in as a Grafana administrator.
<a id="#plugin-catalog-entry"></a>
Currently, there are two entry points to the Plugin catalog.
- Grafana server administrators can find it at **Server Admin >
Plugins**.
- Organization administrators can find it at **Configuration > Plugins**.
### Browse plugins
To browse for available plugins:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Click the **All** filter to browse all available plugins.
1. Click the **Data sources**, **Panels**, or **Applications** buttons to filter by plugin type.
![Plugin catalog browse](/static/img/docs/plugins/plugins-catalog-browse-8-1.png)
### Install a plugin
To install a plugin:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Browse and find a plugin.
1. Click on the plugin logo.
1. Click **Install**.
When the update is complete, you see a confirmation message that the installation was successful.
![Plugin catalog install](/static/img/docs/plugins/plugins-catalog-install-8-1.png)
### Update a plugin
To update a plugin:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Click on the plugin logo.
1. Click **Update**.
When the update is complete, you see a confirmation message that the update was successful.
![Plugin catalog update](/static/img/docs/plugins/plugins-catalog-update-8-1.png)
### Uninstall a plugin
To uninstall a plugin:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Click on the plugin logo.
1. Click **Uninstall**.
When the update is complete, you see a confirmation message that the uninstall was successful.
![Plugin catalog uninstall](/static/img/docs/plugins/plugins-catalog-uninstall-8-1.png)
## Install Grafana plugins
Grafana supports data source, panel, and app plugins. Having panels as plugins makes it easy to create and add any kind of panel, to show your data, or improve your favorite dashboards. Apps enable the bundling of data sources, panels, dashboards, and Grafana pages into a cohesive experience.
1. In a web browser, navigate to the official [Grafana Plugins page](https://grafana.com/plugins) and find a plugin that you want to install.
1. Click the plugin, and then click the **Installation** tab.
### Install plugin on Grafana Cloud
On the Installation tab, in the **For** field, click the name of the Grafana instance that you want to install the plugin on.
Grafana Cloud handles the plugin installation automatically.
If you are logged in to Grafana Cloud when you add a plugin, log out and back in again to use the new plugin.
### Install plugin on local Grafana
Follow the instructions on the Install tab. You can either install the plugin with a Grafana CLI command or by downloading and uncompress a .zip file into the Grafana plugins directory. We recommend using Grafana CLI in most instances. The .zip option is available if your Grafana server does not have access to the internet.
For more information about Grafana CLI plugin commands, refer to [Plugin commands]({{< relref "../../../plugins/administration/cli/#plugins-commands" >}}).
As of Grafana v8.0, a plugin catalog app was introduced in order to make managing plugins easier. For more information, refer to [Plugin catalog]({{< relref "../../../plugins/installation/catalog/" >}}).
#### Install a packaged plugin
After the user has downloaded the archive containing the plugin assets, they can install it by extracting the archive into their plugin directory.
```
unzip my-plugin-0.2.0.zip -d YOUR_PLUGIN_DIR/my-plugin
```
The path to the plugin directory is defined in the configuration file. For more information, refer to [Configuration]({{< relref "../../../plugins/setup-grafana/configure-grafana/#plugins" >}}).
## Plugin signatures
Plugin signature verification (signing) is a security measure to make sure plugins haven't been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.
At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to **Configuration** -> **Plugins**.
Grafana also writes an error message to the server log:
```bash
WARN[05-26|12:00:00] Some plugin scanning errors were found errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"
```
If you are a plugin developer and want to know how to sign your plugin, refer to [Sign a plugin]({{< relref "../../../plugins/developers/plugins/sign-a-plugin/" >}}).
| Signature status | Description |
| ------------------ | ------------------------------------------------------------------------------- |
| Core | Core plugin built into Grafana. |
| Invalid signature | The plugin has a invalid signature. |
| Modified signature | The plugin has changed since it was signed. This may indicate malicious intent. |
| Unsigned | The plugin is not signed. |
| Signed | The plugin signature was successfully verified. |
### Plugin signature levels
All plugins is signed under a _signature level_. The signature level determines how the plugin can be distributed.
| **Plugin Level** | **Description** |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Private | <p>Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog.</p> |
| Community | <p>Community plugins have dependent technologies that are open source and not for profit.</p><p>Community plugins are published in the official Grafana catalog, and are available to the Grafana community.</p> |
| Commercial | <p>Commercial plugins have dependent technologies that are closed source or commercially backed.</p><p>Commercial Plugins are published on the official Grafana catalog, and are available to the Grafana community.</p> |
### Allow unsigned plugins
> **Note:** Unsigned plugins are not supported in Grafana Cloud.
We strongly recommend that you don't run unsigned plugins in your Grafana instance. If you're aware of the risks and you still want to load an unsigned plugin, refer to [Configuration]({{< relref "../../../plugins/setup-grafana/configure-grafana/#allow_loading_unsigned_plugins" >}}).
If you've allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log:
```bash
WARN[06-01|16:45:59] Running an unsigned plugin pluginID=<plugin id>
```
> **Note:** If you're developing a plugin, then you can enable development mode to allow all unsigned plugins.
## Learn more
- Browse the available [Plugins](https://grafana.com/grafana/plugins)

21
docs/sources/administration/preferences/_index.md
View File

@@ -1,21 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/preferences/
title: Preferences
weight: 50
---
# Grafana preferences
Grafana preferences are basic settings. They control the Grafana UI theme, home dashboard, time zone, and so on.
Preferences are sometimes confusing because they can be set at four different levels, listed from highest level to lowest:
- **Server -** Affects all users on the Grafana server. Set by a [Grafana server admin]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#grafana-server-administrators" >}}).
- **Organization -** Affects all users in an organization. Set by an [Organization admin]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#organization-roles" >}}).
- **Team -** Affects all users assigned to a team. Set by an Organization Admin or Team Admin. To learn more about these roles, refer to [Teams and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#teams-and-permissions" >}}).
- **User account -** Affects the individual user. Set by the user on their own account.
The lowest level always takes precedence. For example, if a user sets their theme to **Light**, then their visualization of Grafana displays the light theme. Nothing at any higher level can override that.
If the user is aware of the change and intended it, then that's great! But if the user is a Server Admin who made the change to their user preferences a long time ago, they might have forgotten they did that. Then, if that Server Admin is trying to change the theme at the server level, they'll get frustrated as none of their changes have any effect that they can see. (Also, the users on the server might be confused, because _they_ can see the server-level changes!)

62
docs/sources/administration/preferences/change-grafana-name.md
View File

@@ -1,62 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/preferences/change-grafana-name/
keywords:
- grafana
- configuration
- documentation
- home
title: Change name and email
weight: 100
---
# Change Grafana name and email
In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
## Change organization name
Grafana server administrators and organization administrators can change organization names.
### Grafana Server Admin change organization name
Follow these instructions if you are a Grafana Server Admin.
{{< docs/list >}}
{{< docs/shared "manage-users/view-server-org-list.md" >}}
1. In the organization list, click the name of the organization that you want to change.
1. In **Name**, enter the new organization name.
1. Click **Update**.
{{< /docs/list >}}
### Organization Admin change organization name
If you are an Organization Admin, follow these steps:
{{< docs/list >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
1. In **Organization name**, enter the new name.
1. Click **Update organization name**.
{{< /docs/list >}}
## Change team name or email
Organization administrators and team administrators can change team names and email addresses.
To change the team name or email, follow these steps:
1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
1. Click **Teams**. Grafana displays the team list.
1. In the team list, click the name of the team that you want to change.
1. Click the **Settings** tab.
1. In the Team Settings section, you can edit the following:
- **Name -** Edit this field to change the display name associated with the team.
- **Email -** Edit this field to change the email address associated with the team.
1. Click **Update**.
## Change user name or email
To learn how to edit your user information, refer to [Edit your profile]({{< relref "../manage-user-preferences/#edit-your-profile" >}}).

73
docs/sources/administration/preferences/change-grafana-theme.md
View File

@@ -1,73 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/preferences/change-grafana-theme/
description: How to set the Grafana UI theme
keywords:
- grafana
- configuration
- documentation
- home
title: Change UI theme
weight: 200
---
# Change Grafana UI theme
In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
## Theme options
The theme affects how Grafana displays graphs, menus, other UI elements.
### Default
**Default** is either the dark theme or the theme selected in a higher level. For example, if an Organization administrator set the **Light** theme, then that is the default for all the teams in that organization.
### Dark
Here is an example of the dark theme.
![Dark theme example](/static/img/docs/preferences/dark-theme-7-4.png)
### Light
Here is an example of the light theme.
![Light theme example](/static/img/docs/preferences/light-theme-7-4.png)
## Change server UI theme
Grafana server administrators can change the Grafana UI theme for all users on the server by setting the [default_theme]({{< relref "../../setup-grafana/configure-grafana/#default-theme" >}}) option in the Grafana configuration file.
To see what the current settings are, refer to [View server settings]({{< relref "../view-server/view-server-settings/" >}}).
## Change organization UI theme
Organization administrators can change the UI theme for all users in an organization.
{{< docs/list >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
{{< docs/shared "preferences/select-ui-theme-list.md" >}}
{{< /docs/list >}}
## Change team UI theme
Organization and team administrators can change the UI theme for all users in a team.
{{< docs/list >}}
{{< docs/shared "manage-users/view-team-list.md" >}}
1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
{{< docs/shared "preferences/select-ui-theme-list.md" >}}
{{< /docs/list >}}
## Change your personal UI theme
You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
{{< docs/shared "preferences/select-ui-theme-list.md" >}}
{{< /docs/list >}}

51
docs/sources/administration/preferences/change-grafana-timezone.md
View File

@@ -1,51 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/preferences/change-grafana-timezone/
description: How to change your Grafana timezone
keywords:
- grafana
- configuration
- documentation
- home
title: Change default timezone
weight: 400
---
# Change the Grafana default timezone
By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
## Set server timezone
Grafana server administrators can choose a default timezone for all users on the server by setting the [default_timezone]({{< relref "../../setup-grafana/configure-grafana/#default-timezone" >}}) option in the Grafana configuration file.
## Set organization timezone
Organization administrators can choose a default timezone for their organization.
{{< docs/list >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
{{< docs/shared "preferences/select-timezone-list.md" >}}
{{< /docs/list >}}
## Set team timezone
Organization administrators and team administrators can choose a default timezone for all users in a team.
{{< docs/list >}}
{{< docs/shared "manage-users/view-team-list.md" >}}
1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
{{< docs/shared "preferences/select-timezone-list.md" >}}
{{< /docs/list >}}
## Set your personal timezone
You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
{{< docs/shared "preferences/select-timezone-list.md" >}}
{{< /docs/list >}}

81
docs/sources/administration/preferences/change-home-dashboard.md
View File

@@ -1,81 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/change-home-dashboard/
- /docs/grafana/latest/administration/preferences/change-home-dashboard/
description: How to replace the default home dashboard
keywords:
- grafana
- configuration
- documentation
- home
title: Change home dashboard
weight: 300
---
# Change the default home dashboard
The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
## Navigate to the home dashboard
The home dashboard is the first dashboard a user sees when they sign in to Grafana. You can also navigate to the home dashboard manually.
1. Hover your cursor over the **Dashboards** (four squares) icon.
1. Click **Home**.
## Set the home dashboard for the server
Users with the Grafana Server Admin flag on their account or access to the configuration file can define a JSON file to use as the home dashboard for all users on the server.
### [Optional] Convert an existing dashboard into a JSON file
1. Navigate to the page of the dashboard you want to use as the home dashboard.
1. Click the **Share dashboard** icon next to the dashboard title.
1. In the Export tab, click **Save to file**. Grafana converts the dashboard to a JSON file and saves it locally.
### Use a JSON file as the home dashboard
1. Save your JSON file somewhere that Grafana can access it. For example, in the Grafana `data` folder of Grafana.
1. Update your configuration file to set the path to the JSON file. Refer to [default_home_dashboard_path]({{< relref "../../setup-grafana/configure-grafana/#default_home_dashboard_path" >}}) for more information about modifying the Grafana configuration files.
```ini
[dashboards]
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
default_home_dashboard_path = data/main-dashboard.json
```
> **Note:** On Linux, Grafana uses `/usr/share/grafana/public/dashboards/home.json` as the default home dashboard location.
## Set the home dashboard for your organization
Organization administrators can choose a home dashboard for their organization.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
{{< docs/shared "preferences/org-preferences-list.md" >}}
{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
{{< /docs/list >}}
## Set home dashboard for your team
Organization administrators and Team Admins can choose a home dashboard for a team.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
{{< docs/shared "manage-users/view-team-list.md" >}}
1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
{{< /docs/list >}}
## Set your personal home dashboard
You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
{{< docs/list >}}
{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
{{< /docs/list >}}

6
docs/sources/administration/provisioning.md → docs/sources/administration/provisioning/_index.md
View File

@@ -6,11 +6,11 @@ description: ''
keywords:
- grafana
- provisioning
title: Provisioning
weight: 800
title: Provision Grafana
weight: 600
---
# Provisioning Grafana
# Provision Grafana
In previous versions of Grafana, you could only use the API for provisioning data sources and dashboards. But that required the service to be running before you started creating dashboards and you also needed to set up credentials for the HTTP API. In v5.0 we decided to improve this experience by adding a new active provisioning system that uses config files. This will make GitOps more natural as data sources and dashboards can be defined via files that can be version controlled. We hope to extend this system to later add support for users, orgs and alerts as well.

26
docs/sources/administration/manage-users-and-permissions/about-users-and-permissions.md → docs/sources/administration/roles-and-permissions/_index.md
View File

@@ -5,11 +5,11 @@ aliases:
- /docs/grafana/latest/permissions/
- /docs/grafana/latest/permissions/organization_roles/
- /docs/grafana/latest/permissions/overview/
title: About users and permissions
weight: 100
title: Roles and permissions
weight: 300
---
# About users and permissions
# Roles and permissions
A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
@@ -31,7 +31,7 @@ A server administrator can perform the following tasks:
- Manage users and permissions
- Create, edit, and delete organizations
- View server-wide settings defined in the [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}) file
- View server-wide settings defined in the [Configuration]({{< relref "../setup-grafana/configure-grafana/" >}}) file
- View Grafana server statistics, including total users and active sessions
- Upgrade the server to Grafana Enterprise.
@@ -57,7 +57,7 @@ Permissions assigned to a user within an organization control the extent to whic
### Organization roles
Organization role-based permissions are global, which means that each permission level applies to all Grafana resources within an given organization. For example, an editor can see and update _all_ dashboards in an organization, unless those dashboards have been specifically restricted using [dashboard permissions]({{< relref "manage-dashboard-permissions/" >}}).
Organization role-based permissions are global, which means that each permission level applies to all Grafana resources within an given organization. For example, an editor can see and update _all_ dashboards in an organization, unless those dashboards have been specifically restricted using [dashboard permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/manage-dashboard-permissions/" >}}).
Grafana uses the following roles to control user access:
@@ -97,9 +97,9 @@ You can specify the following permissions to dashboards and folders.
- **Edit**: Can create and edit dashboards. Editors _cannot_ change folder or dashboard permissions, or add, edit, or delete folders.
- **View**: Can only view dashboards and folders.
For more information about assigning dashboard folder permissions, refer to [Grant dashboard folder permissions]({{< relref "manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}).
For more information about assigning dashboard folder permissions, refer to [Grant dashboard folder permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}).
For more information about assigning dashboard permissions, refer to [Grant dashboard permissions]({{< relref "manage-dashboard-permissions/#grant-dashboard-permissions" >}}).
For more information about assigning dashboard permissions, refer to [Grant dashboard permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/manage-dashboard-permissions/#grant-dashboard-permissions" >}}).
## Editors with administrator permissions
@@ -109,18 +109,18 @@ If you have access to the Grafana server, you can modify the default editor role
This setting can be used to enable self-organizing teams to administer their own dashboards.
For more information about assigning administrator permissions to editors, refer to [Grant editors administrator permissions]({{< relref "manage-server-users/grant-editor-admin-permissions/" >}}).
For more information about assigning administrator permissions to editors, refer to [Grant editors administrator permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/manage-server-users/grant-editor-admin-permissions/" >}}).
## Viewers with dashboard preview and Explore permissions
If you have access to the Grafana server, you can modify the default viewer role so that viewers can:
- Edit and preview dashboards, but cannot save their changes or create new dashboards.
- Access and use [Explore]({{< relref "../../explore/" >}}).
- Access and use [Explore]({{< relref "../explore/" >}}).
Extending the viewer role is useful for public Grafana installations where you want anonymous users to be able to edit panels and queries, but not be able to save or create new dashboards.
For more information about assigning dashboard preview permissions to viewers, refer to [Enable viewers to preview dashboards and use Explore]({{< relref "manage-dashboard-permissions/#enable-viewers-to-preview-dashboards-and-use-explore" >}}).
For more information about assigning dashboard preview permissions to viewers, refer to [Enable viewers to preview dashboards and use Explore]({{< relref "../manage-users-and-permissions/about-users-and-permissions/manage-dashboard-permissions/#enable-viewers-to-preview-dashboards-and-use-explore" >}}).
## Teams and permissions
@@ -131,7 +131,7 @@ You can assign a team member one of the following permissions:
- **Member**: Includes the user as a member of the team. Members do not have team administrator privileges.
- **Admin**: Administrators have permission to manage various aspects of the team, including team membership, permissions, and settings.
Because teams exist inside an organization, the organization administrator can manage all teams. When the `editors_can_admin` setting is enabled, editors can create teams and manage teams that they create. For more information about the `editors_can_admin` setting, refer to [Grant editors administrator permissions]({{< relref "manage-server-users/grant-editor-admin-permissions/" >}}).
Because teams exist inside an organization, the organization administrator can manage all teams. When the `editors_can_admin` setting is enabled, editors can create teams and manage teams that they create. For more information about the `editors_can_admin` setting, refer to [Grant editors administrator permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/manage-server-users/grant-editor-admin-permissions/" >}}).
## Grafana Enterprise user permissions features
@@ -146,13 +146,13 @@ Grafana Enterprise provides the following permissions-related features:
By default, a user can query any data source in an organization, even if the data source is not linked to the user's dashboards.
Data source permissions enable you to restrict data source query permissions to specific **Users** and **Teams**. For more information about assigning data source permissions, refer to [Data source permissions]({{< relref "../../enterprise/datasource_permissions/" >}}).
Data source permissions enable you to restrict data source query permissions to specific **Users** and **Teams**. For more information about assigning data source permissions, refer to [Data source permissions]({{< relref "../enterprise/datasource_permissions/" >}}).
### Role-based access control
RBAC provides you a way of granting, changing, and revoking user read and write access to Grafana resources, such as users, reports, and authentication.
For more information about RBAC, refer to [Role-based access control]({{< relref "../../enterprise/access-control/" >}}).
For more information about RBAC, refer to [Role-based access control]({{< relref "../manage-users-and-permissions/about-users-and-permissions/access-control/" >}}).
### Learn more

73
docs/sources/enterprise/access-control/about-rbac.md → docs/sources/administration/roles-and-permissions/access-control/_index.md
View File

@@ -1,17 +1,24 @@
---
aliases:
- /docs/grafana/latest/enterprise/access-control/
- /docs/grafana/latest/enterprise/access-control/
- /docs/grafana/latest/enterprise/access-control/about-rbac/
- /docs/grafana/latest/enterprise/access-control/roles/
description: Role-based access control (RBAC) provides a standardized way of granting,
changing, and revoking access so that users can view and modify Grafana resources,
such as users and reports.
menuTitle: About RBAC
title: About RBAC in Grafana
weight: 10
menuTitle: Role-based access control (RBAC)
title: Grafana Role-based access control (RBAC)
weight: 120
---
# About RBAC
# Role-based access control (RBAC)
RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings.
{{< section >}}
## About RBAC
Role-based access control (RBAC) provides a standardized way of granting, changing, and revoking access so that users can view and modify Grafana resources, such as users and reports.
RBAC extends Grafana basic roles that are included in Grafana OSS, and enables you more granular control of users actions.
@@ -29,7 +36,7 @@ RBAC roles contain multiple permissions, each of which has an action and a scope
- **Action:** `datasources:read`
- **Scope:** `datasources:*`
## Basic roles
### Basic roles
Basic roles are the standard roles that are available in Grafana OSS. If you have purchased a Grafana Enterprise license, you can still use basic roles.
@@ -51,43 +58,43 @@ Each basic role is comprised of a number of _permissions_. For example, the view
> **Note:** You can't have a Grafana user without a basic role assigned.
### Basic role modification
#### Basic role modification
You can use RBAC to modify the permissions associated with any basic role, which changes what viewers, editors, or admins can do. You can't delete basic roles.
Note that any modification to any of these basic role is not propagated to the other basic roles.
For example, if you modify Viewer basic role and grant additional permission, Editors or Admins won't have that additional grant.
For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "manage-rbac-roles/#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID.
For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "../../../../enterprise/access-control/about-rbac/rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "../../../../enterprise/access-control/about-rbac/manage-rbac-roles/#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID.
## Fixed roles
### Fixed roles
Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. This gives you fine-grained control over user permissions than you would have with basic roles alone. These roles are called "fixed" because you cannot change or delete fixed roles. You can also create _custom_ roles of your own; see more information in the [custom roles section]({{< relref "#custom-roles" >}}) below.
Assign fixed roles when the basic roles do not meet your permission requirements. For example, you might want a user with the basic viewer role to also edit dashboards. Or, you might want anyone with the editor role to also add and manage users. Fixed roles provide users more granular access to create, view, and update the following Grafana resources:
- [Alerting]({{< relref "../../alerting/" >}})
- [Annotations]({{< relref "../../dashboards/annotations/" >}})
- [API keys]({{< relref "../../administration/api-keys/" >}})
- [Dashboards and folders]({{< relref "../../dashboards/" >}})
- [Data sources]({{< relref "../../datasources/" >}})
- [Explore]({{< relref "../../explore/" >}})
- [Folders]({{< relref "../../dashboards/dashboard-folders/" >}})
- [LDAP]({{< relref "../../setup-grafana/configure-security/configure-authentication/ldap/" >}})
- [Licenses]({{< relref "../license/" >}})
- [Organizations]({{< relref "../../administration/manage-organizations/" >}})
- [Provisioning]({{< relref "../../administration/provisioning/" >}})
- [Reports]({{< relref "../reporting/" >}})
- [Roles]({{< relref "../../administration/manage-users-and-permissions/" >}})
- [Settings]({{< relref "../settings-updates/" >}})
- [Service accounts]({{< relref "../../administration/service-accounts/" >}})
- [Teams]({{< relref "../../administration/manage-users-and-permissions/manage-teams/" >}})
- [Users]({{< relref "../../administration/manage-users-and-permissions/manage-server-users/" >}})
- [Alerting]({{< relref "../../../../enterprise/alerting/" >}})
- [Annotations]({{< relref "../../../../enterprise/dashboards/annotations/" >}})
- [API keys]({{< relref "../../../../enterprise/administration/api-keys/" >}})
- [Dashboards and folders]({{< relref "../../../../enterprise/dashboards/" >}})
- [Data sources]({{< relref "../../../../enterprise/datasources/" >}})
- [Explore]({{< relref "../../../../enterprise/explore/" >}})
- [Folders]({{< relref "../../../../enterprise/dashboards/dashboard-folders/" >}})
- [LDAP]({{< relref "../../../../enterprise/setup-grafana/configure-security/configure-authentication/ldap/" >}})
- [Licenses]({{< relref "../../../../enterprise/access-control/license/" >}})
- [Organizations]({{< relref "../../../../enterprise/administration/manage-organizations/" >}})
- [Provisioning]({{< relref "../../../../enterprise/administration/provisioning/" >}})
- [Reports]({{< relref "../../../../enterprise/access-control/reporting/" >}})
- [Roles]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/" >}})
- [Settings]({{< relref "../../../../enterprise/access-control/settings-updates/" >}})
- [Service accounts]({{< relref "../../../../enterprise/administration/service-accounts/" >}})
- [Teams]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/manage-teams/" >}})
- [Users]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/manage-server-users/" >}})
To learn more about the permissions you can grant for each resource, refer to [RBAC role definitions]({{< relref "rbac-fixed-basic-role-definitions/" >}}).
To learn more about the permissions you can grant for each resource, refer to [RBAC role definitions]({{< relref "../../../../enterprise/access-control/about-rbac/rbac-fixed-basic-role-definitions/" >}}).
## Custom roles
### Custom roles
If you are a Grafana Enterprise customer, you can create custom roles to manage user permissions in a way that meets your security requirements.
@@ -97,15 +104,15 @@ A scope describes where an action can be performed. For example, the `teams:id:1
Consider creating a custom role when fixed roles do not meet your permissions requirements.
### Custom role creation
#### Custom role creation
You can use either of the following methods to create, assign, and manage custom roles:
- Grafana provisioning: You can use a YAML file to configure roles. For more information about using provisioning to create custom roles, refer to [Manage RBAC roles]({{< relref "manage-rbac-roles/" >}}). For more information about using provisioning to assign RBAC roles to users or teams, refer to [Assign RBAC roles]({{< relref "assign-rbac-roles/" >}}).
- RBAC API: As an alternative, you can use the Grafana HTTP API to create and manage roles. For more information about the HTTP API, refer to [RBAC API]({{< relref "../../developers/http_api/access_control/" >}}).
- Grafana provisioning: You can use a YAML file to configure roles. For more information about using provisioning to create custom roles, refer to [Manage RBAC roles]({{< relref "../../../../enterprise/access-control/about-rbac/manage-rbac-roles/" >}}). For more information about using provisioning to assign RBAC roles to users or teams, refer to [Assign RBAC roles]({{< relref "../../../../enterprise/access-control/about-rbac/assign-rbac-roles/" >}}).
- RBAC API: As an alternative, you can use the Grafana HTTP API to create and manage roles. For more information about the HTTP API, refer to [RBAC API]({{< relref "../../../../enterprise/developers/http_api/access_control/" >}}).
## Limitation
### Limitation
If you have created a folder with the name `General` or `general`, you cannot manage its permissions with RBAC.
If you set [folder permissions]({{< relref "../../administration/manage-users-and-permissions/manage-dashboard-permissions/" >}}) for a folder named `General` or `general`, the system disregards the folder when RBAC is enabled.
If you set [folder permissions]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/manage-dashboard-permissions/" >}}) for a folder named `General` or `general`, the system disregards the folder when RBAC is enabled.

38
docs/sources/enterprise/access-control/assign-rbac-roles.md → docs/sources/administration/roles-and-permissions/access-control/assign-rbac-roles.md
View File

@@ -28,10 +28,10 @@ In both cases, the assignment applies only to the user or team within the affect
**Before you begin:**
- [Plan your RBAC rollout strategy]({{< relref "plan-rbac-rollout-strategy/" >}}).
- [Plan your RBAC rollout strategy]({{< relref "../../../../enterprise/access-control/assign-rbac-roles/plan-rbac-rollout-strategy/" >}}).
- Identify the fixed roles that you want to assign to the user or team.
For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "rbac-fixed-basic-role-definitions/" >}}).
For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "../../../../enterprise/access-control/assign-rbac-roles/rbac-fixed-basic-role-definitions/" >}}).
- Ensure that your own user account has the correct permissions:
- If you are assigning permissions to a user or team within an organization, you must have organization administrator or server administrator permissions.
@@ -69,8 +69,8 @@ Instead of using the Grafana role picker, you can use file-based provisioning to
**Before you begin:**
- Refer to [Role provisioning]({{< relref "rbac-provisioning/#rbac-provisioning" >}})
- Ensure that the team to which you are adding the fixed role exists. For more information about creating teams, refer to [Manage teams]({{< relref "../../administration/manage-users-and-permissions/manage-teams/" >}})
- Refer to [Role provisioning]({{< relref "../../../../enterprise/access-control/assign-rbac-roles/rbac-provisioning/#rbac-provisioning" >}})
- Ensure that the team to which you are adding the fixed role exists. For more information about creating teams, refer to [Manage teams]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/manage-teams/" >}})
**To assign a role to a team:**
@@ -78,25 +78,25 @@ Instead of using the Grafana role picker, you can use file-based provisioning to
1. Refer to the following table to add attributes and values.
| Attribute | Description |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `roles` | Enter the custom role or custom roles you want to create/update. |
| `roles > name` | Enter the name of the custom role. |
| `roles > version` | Enter the custom role version number. Role assignments are independent of the role version number. |
| `roles > global` | Enter `true`. You can specify the `orgId` otherwise. |
| `roles > permissions` | Enter the permissions `action` and `scope` values. For more information about permissions actions and scopes, refer to [RBAC permissions, actions, and scopes]({{< relref "custom-role-actions-scopes/" >}}) |
| `teams` | Enter the team or teams to which you are adding the custom role. |
| `teams > orgId` | Because teams belong to organizations, you must add the `orgId` value. |
| `teams > name` | Enter the name of the team. |
| `teams > roles` | Enter the custom or fixed role or roles that you want to grant to the team. |
| `teams > roles > name` | Enter the name of the role. |
| `teams > roles > global` | Enter `true`, or specify `orgId` of the role you want to assign to the team. Fixed roles are global. |
| Attribute | Description |
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `roles` | Enter the custom role or custom roles you want to create/update. |
| `roles > name` | Enter the name of the custom role. |
| `roles > version` | Enter the custom role version number. Role assignments are independent of the role version number. |
| `roles > global` | Enter `true`. You can specify the `orgId` otherwise. |
| `roles > permissions` | Enter the permissions `action` and `scope` values. For more information about permissions actions and scopes, refer to [RBAC permissions, actions, and scopes]({{< relref "../../../../enterprise/access-control/assign-rbac-roles/custom-role-actions-scopes/" >}}) |
| `teams` | Enter the team or teams to which you are adding the custom role. |
| `teams > orgId` | Because teams belong to organizations, you must add the `orgId` value. |
| `teams > name` | Enter the name of the team. |
| `teams > roles` | Enter the custom or fixed role or roles that you want to grant to the team. |
| `teams > roles > name` | Enter the name of the role. |
| `teams > roles > global` | Enter `true`, or specify `orgId` of the role you want to assign to the team. Fixed roles are global. |
For more information about managing custom roles, refer to [Create custom roles using provisioning]({{< relref "manage-rbac-roles/#create-custom-roles-using-provisioning" >}}).
For more information about managing custom roles, refer to [Create custom roles using provisioning]({{< relref "../../../../enterprise/access-control/assign-rbac-roles/manage-rbac-roles/#create-custom-roles-using-provisioning" >}}).
1. Reload the provisioning configuration file.
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../enterprise/developers/http_api/admin/#reload-provisioning-configurations" >}}).
The following example creates the `custom:users:writer` role and assigns it to the `user writers` and `user admins` teams along with the `fixed:users:writer` role:

2
docs/sources/enterprise/access-control/configure-rbac.md → docs/sources/administration/roles-and-permissions/access-control/configure-rbac.md
View File

@@ -9,7 +9,7 @@ weight: 30
# Configure RBAC in Grafana
The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../setup-grafana/configure-grafana/#configure-with-environment-variables" >}}).
The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../../../enterprise/setup-grafana/configure-grafana/#configure-with-environment-variables" >}}).
| Setting | Required | Description | Default |
| ------------------ | -------- | ---------------------------------------------------------------------------- | ------- |

42
docs/sources/enterprise/access-control/custom-role-actions-scopes.md → docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes.md
View File

@@ -12,7 +12,7 @@ weight: 80
A permission is comprised of an action and a scope. When creating a custom role, consider the actions the user can perform and the resource(s) on which they can perform those actions.
To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "about-rbac/#fixed-roles" >}}).
To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "../../../../enterprise/access-control/custom-role-actions-scopes/about-rbac/#fixed-roles" >}}).
- **Action:** An action describes what tasks a user can perform on a resource.
- **Scope:** A scope describes where an action can be performed, such as reading a specific user profile. In this example, a permission is associated with the scope `users:<userId>` to the relevant role.
@@ -101,8 +101,8 @@ The following list contains role-based access control actions.
| `roles:write` | `permissions:type:delegate` | Create or update a custom role. |
| `roles:write` | `permissions:type:escalate` | Reset basic roles to their default permissions. |
| `server.stats:read` | n/a | Read Grafana instance statistics. |
| `settings:read` | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Read the [Grafana configuration settings]({{< relref "../../setup-grafana/configure-grafana/" >}}) |
| `settings:write` | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Update any Grafana configuration settings that can be [updated at runtime]({{< relref "../settings-updates/" >}}). |
| `settings:read` | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Read the [Grafana configuration settings]({{< relref "../../../../enterprise/setup-grafana/configure-grafana/" >}}) |
| `settings:write` | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Update any Grafana configuration settings that can be [updated at runtime]({{< relref "../../../../enterprise/access-control/settings-updates/" >}}). |
| `status:accesscontrol` | `services:accesscontrol` | Get access-control enabled status. |
| `teams.permissions:read` | `teams:*`<br>`teams:id:*` | Read members and External Group Synchronization setup for teams. |
| `teams.permissions:write` | `teams:*`<br>`teams:id:*` | Add, remove and update members and manage External Group Synchronization setup for teams. |
@@ -135,21 +135,21 @@ The following list contains role-based access control actions.
The following list contains role-based access control scopes.
| Scopes | Descriptions |
| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `annotations:*`<br>`annotations:type:*` | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
| `apikeys:*`<br>`apikeys:id:*` | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`. |
| `dashboards:*`<br>`dashboards:uid:*` | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`. |
| `datasources:*`<br>`datasources:uid:*` | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`. |
| `folders:*`<br>`folders:uid:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`. |
| `global.users:*` <br> `global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. |
| `orgs:*` <br> `orgs:id:*` | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. |
| `permissions:type:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
| `permissions:type:escalate` | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have. |
| `provisioners:*` | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "custom-role-actions-scopes/" >}}). |
| `reports:*` <br> `reports:id:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`. |
| `roles:*` <br> `roles:uid:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`. |
| `services:accesscontrol` | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions. |
| `settings:*` | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. |
| `teams:*` <br> `teams:id:*` | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`. |
| `users:*` <br> `users:id:*` | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`. |
| Scopes | Descriptions |
| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `annotations:*`<br>`annotations:type:*` | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
| `apikeys:*`<br>`apikeys:id:*` | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`. |
| `dashboards:*`<br>`dashboards:uid:*` | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`. |
| `datasources:*`<br>`datasources:uid:*` | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`. |
| `folders:*`<br>`folders:uid:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`. |
| `global.users:*` <br> `global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. |
| `orgs:*` <br> `orgs:id:*` | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. |
| `permissions:type:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
| `permissions:type:escalate` | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have. |
| `provisioners:*` | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "../../../../enterprise/access-control/custom-role-actions-scopes/custom-role-actions-scopes/" >}}). |
| `reports:*` <br> `reports:id:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`. |
| `roles:*` <br> `roles:uid:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`. |
| `services:accesscontrol` | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions. |
| `settings:*` | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. |
| `teams:*` <br> `teams:id:*` | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`. |
| `users:*` <br> `users:id:*` | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`. |

58
docs/sources/enterprise/access-control/manage-rbac-roles.md → docs/sources/administration/roles-and-permissions/access-control/manage-rbac-roles.md
View File

@@ -18,7 +18,7 @@ The following example includes the base64 username:password Basic Authorization.
### List permissions associated with roles
Use a `GET` command to see the actions and scopes associated with a role. For more information about seeing a list of permissions for each role, refer to [Get a role]({{< relref "../../developers/http_api/access_control/#get-a-role" >}}).
Use a `GET` command to see the actions and scopes associated with a role. For more information about seeing a list of permissions for each role, refer to [Get a role]({{< relref "../../../../enterprise/developers/http_api/access_control/#get-a-role" >}}).
To see the permissions associated with basic roles, refer to the following basic role UIDs:
@@ -76,7 +76,7 @@ curl --location --request GET '<grafana_url>/api/access-control/roles/qQui_LCMk'
}
```
Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#get-a-role" >}}) for more details.
Refer to the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#get-a-role" >}}) for more details.
## Create custom roles
@@ -86,9 +86,9 @@ Create a custom role when basic roles and fixed roles do not meet your permissio
**Before you begin:**
- [Plan your RBAC rollout strategy]({{< relref "plan-rbac-rollout-strategy/" >}}).
- Determine which permissions you want to add to the custom role. To see a list of actions and scope, refer to [RBAC permissions actions and scopes]({{< relref "custom-role-actions-scopes/" >}}).
- [Enable role provisioning]({{< relref "rbac-provisioning/" >}}).
- [Plan your RBAC rollout strategy]({{< relref "../../../../enterprise/access-control/manage-rbac-roles/plan-rbac-rollout-strategy/" >}}).
- Determine which permissions you want to add to the custom role. To see a list of actions and scope, refer to [RBAC permissions actions and scopes]({{< relref "../../../../enterprise/access-control/manage-rbac-roles/custom-role-actions-scopes/" >}}).
- [Enable role provisioning]({{< relref "../../../../enterprise/access-control/manage-rbac-roles/rbac-provisioning/" >}}).
- Ensure that you have permissions to create a custom role.
- By default, the Grafana Admin role has permission to create custom roles.
- A Grafana Admin can delegate the custom role privilege to another user by creating a custom role with the relevant permissions and adding the `permissions:type:delegate` scope.
@@ -101,25 +101,25 @@ File-based provisioning is one method you can use to create custom roles.
1. Refer to the following table to add attributes and values.
| Attribute | Description |
| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `name` | A human-friendly identifier for the role that helps administrators understand the purpose of a role. `name` is required and cannot be longer than 190 characters. We recommend that you use ASCII characters. Role names must be unique within an organization. |
| `uid` | A unique identifier associated with the role. The UID enables you to change or delete the role. You can either generate a UID yourself, or let Grafana generate one for you. You cannot use the same UID within the same Grafana instance. |
| `orgId` | Identifies the organization to which the role belongs. The [default org ID]({{< relref "../../setup-grafana/configure-grafana/#auto_assign_org_id" >}}) is used if you do not specify `orgId`. |
| `global` | Global roles are not associated with any specific organization, which means that you can reuse them across all organizations. This setting overrides `orgId`. |
| `displayName` | Human-friendly text that is displayed in the UI. Role display name cannot be longer than 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If you do not set a display name the display name replaces `':'` (a colon) with `' '` (a space). |
| `description` | Human-friendly text that describes the permissions a role provides. |
| `group` | Organizes roles in the role picker. |
| `version` | A positive integer that defines the current version of the role, which prevents overwriting newer changes. |
| `hidden` | Hidden roles do not appear in the role picker. |
| `state` | State of the role. Defaults to `present`, but if set to `absent` the role will be removed. |
| `force` | Can be used in addition to state `absent`, to force the removal of a role and all its assignments. |
| `from` | An optional list of roles from which you want to copy permissions. |
| `permissions` | Provides users access to Grafana resources. For a list of permissions, refer to [RBAC permissions actions and scopes]({{< relref "rbac-fixed-basic-role-definitions/" >}}). If you do not know which permissions to assign, you can create and assign roles without any permissions as a placeholder. Using the `from` attribute, you can specify additional permissions or permissions to remove by adding a `state` to your permission list. |
| Attribute | Description |
| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `name` | A human-friendly identifier for the role that helps administrators understand the purpose of a role. `name` is required and cannot be longer than 190 characters. We recommend that you use ASCII characters. Role names must be unique within an organization. |
| `uid` | A unique identifier associated with the role. The UID enables you to change or delete the role. You can either generate a UID yourself, or let Grafana generate one for you. You cannot use the same UID within the same Grafana instance. |
| `orgId` | Identifies the organization to which the role belongs. The [default org ID]({{< relref "../../../../enterprise/setup-grafana/configure-grafana/#auto_assign_org_id" >}}) is used if you do not specify `orgId`. |
| `global` | Global roles are not associated with any specific organization, which means that you can reuse them across all organizations. This setting overrides `orgId`. |
| `displayName` | Human-friendly text that is displayed in the UI. Role display name cannot be longer than 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If you do not set a display name the display name replaces `':'` (a colon) with `' '` (a space). |
| `description` | Human-friendly text that describes the permissions a role provides. |
| `group` | Organizes roles in the role picker. |
| `version` | A positive integer that defines the current version of the role, which prevents overwriting newer changes. |
| `hidden` | Hidden roles do not appear in the role picker. |
| `state` | State of the role. Defaults to `present`, but if set to `absent` the role will be removed. |
| `force` | Can be used in addition to state `absent`, to force the removal of a role and all its assignments. |
| `from` | An optional list of roles from which you want to copy permissions. |
| `permissions` | Provides users access to Grafana resources. For a list of permissions, refer to [RBAC permissions actions and scopes]({{< relref "../../../../enterprise/access-control/manage-rbac-roles/rbac-fixed-basic-role-definitions/" >}}). If you do not know which permissions to assign, you can create and assign roles without any permissions as a placeholder. Using the `from` attribute, you can specify additional permissions or permissions to remove by adding a `state` to your permission list. |
1. Reload the provisioning configuration file.
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../enterprise/developers/http_api/admin/#reload-provisioning-configurations" >}}).
The following example creates a local role:
@@ -188,7 +188,7 @@ roles:
### Create custom roles using the HTTP API
The following examples show you how to create a custom role using the Grafana HTTP API. For more information about the HTTP API, refer to [Create a new custom role]({{< relref "../../developers/http_api/access_control/#create-a-new-custom-role" >}}).
The following examples show you how to create a custom role using the Grafana HTTP API. For more information about the HTTP API, refer to [Create a new custom role]({{< relref "../../../../enterprise/developers/http_api/access_control/#create-a-new-custom-role" >}}).
> **Note:** You cannot create a custom role with permissions that you do not have. For example, if you only have `users:create` permissions, then you cannot create a role that includes other permissions.
@@ -237,7 +237,7 @@ curl --location --request POST '<grafana_url>/api/access-control/roles/' \
}
```
Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#create-a-new-custom-role" >}}) for more details.
Refer to the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#create-a-new-custom-role" >}}) for more details.
## Update basic role permissions
@@ -245,7 +245,7 @@ If the default basic role definitions do not meet your requirements, you can cha
**Before you begin:**
- Determine the permissions you want to add or remove from a basic role. For more information about the permissions associated with basic roles, refer to [RBAC role definitions]({{< relref "rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
- Determine the permissions you want to add or remove from a basic role. For more information about the permissions associated with basic roles, refer to [RBAC role definitions]({{< relref "../../../../enterprise/access-control/manage-rbac-roles/rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
**To change permissions from a basic role:**
@@ -263,7 +263,7 @@ If the default basic role definitions do not meet your requirements, you can cha
1. Reload the provisioning configuration file.
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../enterprise/developers/http_api/admin/#reload-provisioning-configurations" >}}).
The following example modifies the `Grafana Admin` basic role permissions.
@@ -302,7 +302,7 @@ roles:
> **Note**: You can add multiple `fixed`, `basic` or `custom` roles to the `from` section. Their permissions will be copied and added to the basic role.
> <br/> **Note**: Make sure to **increment** the role version for the changes to be accounted for.
You can also change basic roles' permissions using the API. Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#update-a-role" >}}) for more details.
You can also change basic roles' permissions using the API. Refer to the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#update-a-role" >}}) for more details.
## Reset basic roles to their default
@@ -327,7 +327,7 @@ This section describes how to reset the basic roles to their default:
scope: 'permissions:type:escalate'
```
1. As a `Grafana Admin`, call the API endpoint to reset the basic roles to their default. Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#reset-basic-roles-to-their-default" >}}) for more details.
1. As a `Grafana Admin`, call the API endpoint to reset the basic roles to their default. Refer to the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#reset-basic-roles-to-their-default" >}}) for more details.
## Delete a custom role using Grafana provisioning
@@ -353,7 +353,7 @@ Delete a custom role when you no longer need it. When you delete a custom role,
1. Reload the provisioning configuration file.
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../enterprise/developers/http_api/admin/#reload-provisioning-configurations" >}}).
The following example deletes a custom role:
@@ -368,4 +368,4 @@ roles:
force: true
```
You can also delete a custom role using the API. Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#delete-a-custom-role" >}}) for more details.
You can also delete a custom role using the API. Refer to the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#delete-a-custom-role" >}}) for more details.

19
docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md → docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy.md
View File

@@ -27,8 +27,8 @@ As a first step in determining your permissions rollout strategy, we recommend t
To learn more about basic roles and fixed roles, refer to the following documentation:
- [Basic role definitions]({{< relref "rbac-fixed-basic-role-definitions/#basic-role-assignments" >}})
- [Fixed role definitions]({{< relref "rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}})
- [Basic role definitions]({{< relref "../../../../enterprise/access-control/plan-rbac-rollout-strategy/rbac-fixed-basic-role-definitions/#basic-role-assignments" >}})
- [Fixed role definitions]({{< relref "../../../../enterprise/access-control/plan-rbac-rollout-strategy/rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}})
## User and team considerations
@@ -47,6 +47,7 @@ You can take advantage of your current authentication provider to manage user an
For example:
1. Map SAML, LDAP, or Oauth roles to Grafana basic roles (viewer, editor, or admin).
2. Use the Grafana Enterprise team sync feature to synchronize teams from your SAML, LDAP, or Oauth provider to Grafana. For more information about team sync, refer to [Team sync]({{< relref "../../setup-grafana/configure-security/configure-team-sync/" >}}).
3. Within Grafana, assign RBAC permissions to users and teams.
@@ -57,7 +58,7 @@ Consider the following guidelines when you determine if you should modify basic
- **Modify basic roles** when Grafana's definitions of what viewers, editors, and admins can do does not match your definition of these roles. You can add or remove permissions from any basic role.
> **Note:** Changes that you make to basic roles impact the role definition for all [organizations]({{< relref "../../administration/manage-organizations/" >}}) in the Grafana instance. For example, when you add the `fixed:users:writer` role's permissions to the viewer basic role, all viewers in any org in the Grafana instance can create users within that org.
> **Note:** Changes that you make to basic roles impact the role definition for all [organizations]({{< relref "../../../../enterprise/administration/manage-organizations/" >}}) in the Grafana instance. For example, when you add the `fixed:users:writer` role's permissions to the viewer basic role, all viewers in any org in the Grafana instance can create users within that org.
- **Create custom roles** when fixed role definitions don't meet you permissions requirements. For example, the `fixed:dashboards:writer` role allows users to delete dashboards. If you want some users or teams to be able to create and update but not delete dashboards, you can create a custom role with a name like `custom:dashboards:creator` that lacks the `dashboards:delete` permission.
@@ -80,13 +81,13 @@ We've compiled the following permissions rollout scenarios based on current Graf
1. In Grafana, create a team with the name `Internal employees`.
1. Assign the `fixed:datasources:querier` role to the `Internal employees` team.
1. Add internal employees to the `Internal employees` team, or map them from a SAML, LDAP, or Oauth team using [Team Sync]({{< relref "../../setup-grafana/configure-security/configure-team-sync/" >}}).
1. Add internal employees to the `Internal employees` team, or map them from a SAML, LDAP, or Oauth team using [Team Sync]({{< relref "../../../../enterprise/setup-grafana/configure-security/configure-team-sync/" >}}).
1. Assign the viewer role to both internal employees and contractors.
### Limit viewer, editor, or admin permissions
1. Review the list of permissions associated with the basic role.
1. [Change the permissions of the basic role]({{< relref "manage-rbac-roles/#update-basic-role-permissions" >}}).
1. [Change the permissions of the basic role]({{< relref "../../../../enterprise/access-control/plan-rbac-rollout-strategy/manage-rbac-roles/#update-basic-role-permissions" >}}).
### Allow only members of one team to manage Alerts
@@ -164,7 +165,7 @@ roles:
global: true
```
- Or add the following permissions to the `basic:editor` role, using provisioning or the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#update-a-role" >}}):
- Or add the following permissions to the `basic:editor` role, using provisioning or the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#update-a-role" >}}):
| action | scope |
| -------------- | --------------------------- |
@@ -194,9 +195,9 @@ roles:
global: true
```
> **Note:** The `fixed:reports:writer` role assigns more permissions than just creating reports. For more information about fixed role permission assignments, refer to [Fixed role definitions]({{< relref "rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}}).
> **Note:** The `fixed:reports:writer` role assigns more permissions than just creating reports. For more information about fixed role permission assignments, refer to [Fixed role definitions]({{< relref "../../../../enterprise/access-control/plan-rbac-rollout-strategy/rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}}).
- Add the following permissions to the `basic:viewer` role, using provisioning or the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#update-a-role" >}}):
- Add the following permissions to the `basic:viewer` role, using provisioning or the [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#update-a-role" >}}):
| Action | Scope |
| ---------------- | ------------------------------- |
@@ -237,4 +238,4 @@ roles:
state: 'absent'
```
- Or use [RBAC HTTP API]({{< relref "../../developers/http_api/access_control/#update-a-role" >}}).
- Or use [RBAC HTTP API]({{< relref "../../../../enterprise/developers/http_api/access_control/#update-a-role" >}}).

16
docs/sources/enterprise/access-control/rbac-fixed-basic-role-definitions.md → docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions.md
View File

@@ -15,12 +15,12 @@ The following tables list permissions associated with basic and fixed roles.
## Basic role assignments
| Basic role | Associated fixed roles | Description |
| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions/#grafana-server-administrators" >}}) assignments. |
| Admin | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:folders:reader`<br>`fixes:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}) assignments. |
| Editor | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer` | Default [Editor]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}) assignments. |
| Viewer | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader` | Default [Viewer]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}) assignments. |
| Basic role | Associated fixed roles | Description |
| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/about-users-and-permissions/#grafana-server-administrators" >}}) assignments. |
| Admin | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:folders:reader`<br>`fixes:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}) assignments. |
| Editor | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer` | Default [Editor]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}) assignments. |
| Viewer | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader` | Default [Viewer]({{< relref "../../../../enterprise/administration/manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}) assignments. |
## Fixed role definitions
@@ -81,7 +81,7 @@ The following tables list permissions associated with basic and fixed roles.
### Alerting roles
If alerting is [enabled]({{< relref "../../alerting/migrating-alerts/opt-out/" >}}), you can use predefined roles to manage user access to alert rules, alert instances, and alert notification settings and create custom roles to limit user access to alert rules in a folder.
If alerting is [enabled]({{< relref "../../../../enterprise/alerting/migrating-alerts/opt-out/" >}}), you can use predefined roles to manage user access to alert rules, alert instances, and alert notification settings and create custom roles to limit user access to alert rules in a folder.
Access to Grafana alert rules is an intersection of many permissions:
@@ -90,4 +90,4 @@ Access to Grafana alert rules is an intersection of many permissions:
There is only one exclusion at this moment. Role `fixed:alerting.provisioning:writer` does not require user to have any additional permissions and provides access to all aspects of the alerting configuration via special provisioning API.
For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder]({{< relref "plan-rbac-rollout-strategy/#create-a-custom-role-to-access-alerts-in-a-folder" >}}).
For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder]({{< relref "../../../../enterprise/access-control/rbac-fixed-basic-role-definitions/plan-rbac-rollout-strategy/#create-a-custom-role-to-access-alerts-in-a-folder" >}}).

6
docs/sources/enterprise/access-control/rbac-provisioning.md → docs/sources/administration/roles-and-permissions/access-control/rbac-provisioning.md
View File

@@ -10,7 +10,7 @@ weight: 60
# Grafana RBAC provisioning
You can create, change or remove [Custom roles]({{< relref "manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
You can create, change or remove [Custom roles]({{< relref "../../../../enterprise/access-control/rbac-provisioning/manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "../../../../enterprise/access-control/rbac-provisioning/assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
If you choose to use provisioning to assign and manage role, you must first enable it.
@@ -28,11 +28,11 @@ Grafana performs provisioning during startup. After you make a change to the con
3. Create a new YAML in the following folder: **provisioning/access-control**. For example, `provisioning/access-control/custom-roles.yml`
4. Add RBAC provisioning details to the configuration file. See [manage RBAC roles]({{< relref "manage-rbac-roles/" >}}) and [assign RBAC roles]({{< relref "assign-rbac-roles/" >}}) for instructions, and see this [example role provisioning file]({{< relref "rbac-provisioning/#example" >}}) for a complete example of a provisioning file.
4. Add RBAC provisioning details to the configuration file. See [manage RBAC roles]({{< relref "../../../../enterprise/access-control/rbac-provisioning/manage-rbac-roles/" >}}) and [assign RBAC roles]({{< relref "../../../../enterprise/access-control/rbac-provisioning/assign-rbac-roles/" >}}) for instructions, and see this [example role provisioning file]({{< relref "../../../../enterprise/access-control/rbac-provisioning/rbac-provisioning/#example" >}}) for a complete example of a provisioning file.
5. Reload the provisioning configuration file.
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../../enterprise/developers/http_api/admin/#reload-provisioning-configurations" >}}).
## Example role configuration file using Grafana provisioning

126
docs/sources/administration/service-accounts/_index.md
View File

@@ -1,17 +1,137 @@
---
aliases:
- /docs/grafana/latest/administration/service-accounts/
- /docs/grafana/latest/administration/service-accounts/about-service-accounts/
- /docs/grafana/latest/administration/service-accounts/add-service-account-token/
- /docs/grafana/latest/administration/service-accounts/create-service-account/
- /docs/grafana/latest/administration/service-accounts/enable-service-accounts/
description: This page contains information about service accounts in Grafana
keywords:
- API keys
- Service accounts
menuTitle: Service accounts
title: Service accounts in Grafana
weight: 300
title: Service accounts
weight: 800
---
# Service accounts in Grafana
# Service accounts
You can use service accounts to run automated or compute workloads.
{{< section >}}
## About service accounts
A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications like Terraform with the Grafana API.
> **Note:** Service accounts are available in Grafana 8.5+ as a beta feature. To enable service accounts, refer to [Enable service accounts]({{< relref "enable-service-accounts/#" >}}) section. Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
- Schedule reports for specific dashboards to be delivered on a daily/weekly/monthly basis
- Define alerts in your system to be used in Grafana
- Set up an external SAML authentication provider
- Interact with Grafana without signing in as a user
In [Grafana Enterprise]({{< relref "../../enterprise/" >}}), you can also use service accounts in combination with [role-based access control]({{< relref "../../enterprise/access-control/about-rbac/" >}}) to grant very specific permissions to applications that interact with Grafana.
> **Note:** Service accounts can only act in the organization they are created for. If you have the same task that is needed for multiple organizations, we recommend creating service accounts in each organization.
## Service account tokens
A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana's HTTP API.
When you create a service account, you can associate one or more access tokens with it. You can use service access tokens the same way as API Keys, for example to access Grafana HTTP API programmatically.
You can create multiple tokens for the same service account. You might want to do this if:
- multiple applications use the same permissions, but you would like to audit or manage their actions separately.
- you need to rotate or replace a compromised token.
Service account access tokens inherit permissions from the service account.
## Service account benefits
The added benefits of service accounts to API keys include:
- Service accounts resemble Grafana users and can be enabled/disabled, granted specific permissions, and remain active until they are deleted or disabled. API keys are only valid until their expiry date.
- Service accounts can be associated with multiple tokens.
- Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
- You can grant granular permissions to service accounts by leveraging [fine-grained access control]({{< relref "../../enterprise/access-control/" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
## Enable service accounts in Grafana
Service accounts are available behind the `serviceAccounts` feature toggle, available in Grafana 8.5+.
You can enable service accounts by:
- modifying the Grafana configuration file, or
- configuring an environment variable
### Enable service accounts in the Grafana configuration file
This topic shows you how to enable service accounts by modifying the Grafana configuration file.
1. Sign in to the Grafana server and locate the configuration file. For more information about finding the configuration file, refer to LINK.
2. Open the configuration file and locate the [feature toggles section]({{< relref "../../setup-grafana/configure-grafana/#feature_toggles" >}}). Add `serviceAccounts` as a [feature_toggle]({{< relref "../../setup-grafana/configure-grafana/#feature_toggle" >}}).
```
[feature_toggles]
# enable features, separated by spaces
enable = serviceAccounts
```
1. Save your changes, Grafana should recognize your changes; in case of any issues we recommend restarting the Grafana server.
### Enable service accounts with an environment variable
This topic shows you how to enable service accounts by setting environment variables before starting Grafana.
Follow the instructions to [override configuration with environment variables]({{< relref "../../setup-grafana/configure-grafana/#override-configuration-with-environment-variables" >}}). Set the following environment variable: `GF_FEATURE_TOGGLES_ENABLE = serviceAccounts`.
> **Note:** Environment variables override configuration file settings.
## Create a service account in Grafana
A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< relref "about-service-accounts/#" >}}).
For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account" >}}).
### Before you begin
- Ensure you have added the feature toggle for service accounts `serviceAccounts`. For more information about adding the feature toggle, refer to [Enable service accounts]({{< relref "enable-service-accounts/#" >}}).
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
### To create a service account
1. Sign in to Grafana and hover your cursor over the Configuration (cog) icon in the sidebar.
1. Click **Service accounts**.
1. Click **New service account**.
1. Enter a **Display name**.
1. The display name must be unique as it determines the ID associated with the service account.
- We recommend that you use a consistent naming convention when you name service accounts. A consistent naming convention can help you scale and maintain service accounts in the future.
- You can change the display name at any time.
1. Click **Create service account**.
## Add a token to a service account in Grafana
A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafanas HTTP API. For more information about service accounts, refer to [About service accounts in Grafana]({{< relref "about-service-accounts/" >}}).
You can create a service account token using the Grafana UI or via the API. For more information about creating a service account token via the API, refer to [Create service account tokens using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account-tokens" >}}).
### Before you begin
- Ensure you have added the `serviceAccounts` feature toggle to Grafana. For more information about adding the feature toggle, refer to [Enable service accounts]({{< relref "enable-service-accounts/#" >}}).
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
### To add a token to a service account
1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
1. Click **Service accounts**.
1. Click the service account to which you want to add a token.
1. Click **Add token**.
1. Enter a name for the token.
1. (recommended) Enter an expiry date and expiry date for the token or leave it on no expiry date option.
- The expiry date specifies how long you want the key to be valid.
- If you are unsure of an expiration date, we recommend that you set the token to expire after a short time, such as a few hours or less. This limits the risk associated with a token that is valid for a long time.
1. Click **Generate service account token**.

49
docs/sources/administration/service-accounts/about-service-accounts.md
View File

@@ -1,49 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/service-accounts/about-service-accounts/
description: This page contains detailed information about service accounts in Grafana
menuTitle: About service accounts
title: About service accounts
weight: 30
---
# About service accounts in Grafana
A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications like Terraform with the Grafana API.
> **Note:** Service accounts are available in Grafana 8.5+ as a beta feature. To enable service accounts, refer to [Enable service accounts]({{< relref "enable-service-accounts/#" >}}) section. Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
- Schedule reports for specific dashboards to be delivered on a daily/weekly/monthly basis
- Define alerts in your system to be used in Grafana
- Set up an external SAML authentication provider
- Interact with Grafana without signing in as a user
In [Grafana Enterprise]({{< relref "../../enterprise/" >}}), you can also use service accounts in combination with [role-based access control]({{< relref "../../enterprise/access-control/about-rbac/" >}}) to grant very specific permissions to applications that interact with Grafana.
> **Note:** Service accounts can only act in the organization they are created for. If you have the same task that is needed for multiple organizations, we recommend creating service accounts in each organization.
---
## Service account tokens
A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana's HTTP API.
When you create a service account, you can associate one or more access tokens with it. You can use service access tokens the same way as API Keys, for example to access Grafana HTTP API programmatically.
You can create multiple tokens for the same service account. You might want to do this if:
- multiple applications use the same permissions, but you would like to audit or manage their actions separately.
- you need to rotate or replace a compromised token.
Service account access tokens inherit permissions from the service account.
### Service accounts benefits
The added benefits of service accounts to API keys include:
- Service accounts resemble Grafana users and can be enabled/disabled, granted specific permissions, and remain active until they are deleted or disabled. API keys are only valid until their expiry date.
- Service accounts can be associated with multiple tokens.
- Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
- You can grant granular permissions to service accounts by leveraging [fine-grained access control]({{< relref "../../enterprise/access-control/" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#" >}}).

31
docs/sources/administration/service-accounts/add-service-account-token.md
View File

@@ -1,31 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/service-accounts/add-service-account-token/
description: This topic shows you how to add a token to a service account
menuTitle: Add a token to a service account
title: Add a token to a service account in Grafana
weight: 60
---
# Add a token to a service account in Grafana
A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafanas HTTP API. For more information about service accounts, refer to [About service accounts in Grafana]({{< relref "about-service-accounts/" >}}).
You can create a service account token using the Grafana UI or via the API. For more information about creating a service account token via the API, refer to [Create service account tokens using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account-tokens" >}}).
## Before you begin
- Ensure you have added the `serviceAccounts` feature toggle to Grafana. For more information about adding the feature toggle, refer to [Enable service accounts]({{< relref "enable-service-accounts/#" >}}).
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#" >}}).
## To add a token to a service account
1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
1. Click **Service accounts**.
1. Click the service account to which you want to add a token.
1. Click **Add token**.
1. Enter a name for the token.
1. (recommended) Enter an expiry date and expiry date for the token or leave it on no expiry date option.
- The expiry date specifies how long you want the key to be valid.
- If you are unsure of an expiration date, we recommend that you set the token to expire after a short time, such as a few hours or less. This limits the risk associated with a token that is valid for a long time.
1. Click **Generate service account token**.

32
docs/sources/administration/service-accounts/create-service-account.md
View File

@@ -1,32 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/service-accounts/create-service-account/
description: How to create a service account in Grafana
keywords:
- Service accounts
menuTitle: Create a service account
title: Create a service account in Grafana
weight: 50
---
# Create a service account in Grafana
A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< relref "about-service-accounts/#" >}}).
For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account" >}}).
## Before you begin
- Ensure you have added the feature toggle for service accounts `serviceAccounts`. For more information about adding the feature toggle, refer to [Enable service accounts]({{< relref "enable-service-accounts/#" >}}).
- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#" >}}).
## To create a service account
1. Sign in to Grafana and hover your cursor over the Configuration (cog) icon in the sidebar.
1. Click **Service accounts**.
1. Click **New service account**.
1. Enter a **Display name**.
1. The display name must be unique as it determines the ID associated with the service account.
- We recommend that you use a consistent naming convention when you name service accounts. A consistent naming convention can help you scale and maintain service accounts in the future.
- You can change the display name at any time.
1. Click **Create service account**.

44
docs/sources/administration/service-accounts/enable-service-accounts.md
View File

@@ -1,44 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/service-accounts/enable-service-accounts/
description: This topic shows you how to to enable the service accounts feature in
Grafana
keywords:
- Feature toggle
- Service accounts
menuTitle: Enable service accounts
title: Enable service accounts in Grafana
weight: 40
---
# Enable service accounts in Grafana
Service accounts are available behind the `serviceAccounts` feature toggle, available in Grafana 8.5+.
You can enable service accounts by:
- modifying the Grafana configuration file, or
- configuring an environment variable
## Enable service accounts in the Grafana configuration file
This topic shows you how to enable service accounts by modifying the Grafana configuration file.
1. Sign in to the Grafana server and locate the configuration file. For more information about finding the configuration file, refer to LINK.
2. Open the configuration file and locate the [feature toggles section]({{< relref "../../setup-grafana/configure-grafana/#feature_toggles" >}}). Add `serviceAccounts` as a [feature_toggle]({{< relref "../../setup-grafana/configure-grafana/#feature_toggle" >}}).
```
[feature_toggles]
# enable features, separated by spaces
enable = serviceAccounts
```
1. Save your changes, Grafana should recognize your changes; in case of any issues we recommend restarting the Grafana server.
## Enable service accounts with an environment variable
This topic shows you how to enable service accounts by setting environment variables before starting Grafana.
Follow the instructions to [override configuration with environment variables]({{< relref "../../setup-grafana/configure-grafana/#override-configuration-with-environment-variables" >}}). Set the following environment variable: `GF_FEATURE_TOGGLES_ENABLE = serviceAccounts`.
> **Note:** Environment variables override configuration file settings.

82
docs/sources/administration/stats-and-license/_index.md Normal file
View File

@@ -0,0 +1,82 @@
---
aliases:
- /docs/grafana/latest/administration/view-server/
- /docs/grafana/latest/admin/view-server-settings/
- /docs/grafana/latest/administration/view-server/view-server-settings/
- /docs/grafana/latest/admin/view-server-stats/
- /docs/grafana/latest/administration/view-server/view-server-stats/
description: How to view server settings in the Grafana UI
keywords:
- grafana
- configuration
- server
- settings
title: Stats and license
weight: 400
---
# View server statistics and license
This setting contains information about tools that Grafana Server Admins can use to learn more about their Grafana servers.
## View Grafana server settings
> Refer to [Role-based access control]({{< relref "../enterprise/access-control/" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
If you are a Grafana server administrator, use the Settings tab to view the settings that are applied to your Grafana server via the [Configuration]({{< relref "../setup-grafana/configure-grafana/#config-file-locations" >}}) file and any environmental variables.
> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [About users and permissions]({{< relref "../server-administration/manage-users-and-permissions/about-users-and-permissions/" >}}).
### View server settings
1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Settings** tab.
### Available settings
For a full list of server settings, refer to [Configuration]({{< relref "../setup-grafana/configure-grafana/" >}}).
## View Grafana server stats
> Refer to [Role-based access control]({{< relref "../enterprise/access-control/" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
If you are a Grafana server admin, then you can view useful statistics about your Grafana server in the Stats & Licensing tab.
> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [About users and permissions]({{< relref "../server-administration/manage-users-and-permissions/about-users-and-permissions/" >}}).
### View server stats
1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Stats & Licensing** tab.
### Available stats
The following statistics are displayed in the Stats tab:
- Total users
**Note:** Total users = Total admins + Total editors + Total viewers
- Total admins
- Total editors
- Total viewers
- Active users (seen last 30 days)
**Note:** Active users = Active admins + Active editors + Active viewers
- Active admins (seen last 30 days)
- Active editors (seen last 30 days)
- Active viewers (seen last 30 days)
- Active sessions
- Total dashboards
- Total orgs
- Total playlists
- Total snapshots
- Total dashboard tags
- Total starred dashboards
- Total alerts
### Counting users
If a user belongs to several organizations, then that user is counted once as a user in the highest organization role they are assigned, regardless of how many organizations the user belongs to.
For example, if Sofia is a Viewer in two organizations, an Editor in two organizations, and Admin in three organizations, then she would be reflected in the stats as:
- Total users 1
- Total admins 1

8
docs/sources/administration/manage-users-and-permissions/manage-teams/_index.md → docs/sources/administration/team-management/_index.md
View File

@@ -4,17 +4,17 @@ aliases:
- /docs/grafana/latest/manage-users/add-or-remove-user-from-team/
- /docs/grafana/latest/manage-users/create-or-remove-team/
- /docs/grafana/latest/manage-users/manage-teams/
title: Manage teams
weight: 600
title: Team management
weight: 400
---
# Manage teams
# Team management
A team is a group of users within an organization that have common dashboard and data source permission needs. For example, instead of assigning five users access to the same dashboard, you can create a team that consists of those users and assign dashboard permissions to the team. A user can belong to multiple teams.
A user can be a Member or an Administrator for a given team. Members of a team inherit permissions from the team, but they cannot edit the team itself. Team Administrators can add members to a team and update its settings, such as the team name, team member's team roles, UI preferences, and home dashboard.
For more information about teams, refer to [Teams and permissions]({{< relref "../about-users-and-permissions/#teams-and-permissions" >}}).
For more information about teams, refer to [Teams and permissions]({{< relref "../roles-and-permissions/#teams-and-permissions" >}}).
## Create a team

4
docs/sources/administration/manage-users-and-permissions/_index.md → docs/sources/administration/user-management/_index.md
View File

@@ -1,11 +1,11 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/
title: Manage users and permissions
title: User management
weight: 200
---
# Manage users and permissions
# User management
A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.

8
docs/sources/administration/manage-users-and-permissions/manage-dashboard-permissions/_index.md → docs/sources/administration/user-management/manage-dashboard-permissions/_index.md
View File

@@ -10,7 +10,7 @@ weight: 500
Dashboard and dasboard folder permissions enable you to grant a viewer the ability to edit and save dashboard changes, or limit an editor's permission to modify a dashboard.
For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../about-users-and-permissions/#dashboard-permissions" >}}).
For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../../roles-and-permissions/#dashboard-permissions" >}}).
## Grant dashboard folder permissions
@@ -19,7 +19,7 @@ When you grant user permissions for folders, that setting applies to all dashboa
### Before you begin
- Ensure you have organization administrator privileges
- Identify the dashboard folder permissions you want to modify and the users or teams to which you want to grant access. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../about-users-and-permissions/#dashboard-permissions" >}}).
- Identify the dashboard folder permissions you want to modify and the users or teams to which you want to grant access. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../../roles-and-permissions/#dashboard-permissions" >}}).
**To grant dashboard folder permissions**:
@@ -84,7 +84,7 @@ This modification is useful for public Grafana installations where you want anon
## Edit dashboard permissions
Edit dashboard permissions when you are want to enhance or restrict a user's access to a dashboard. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../about-users-and-permissions/#dashboard-permissions" >}}).
Edit dashboard permissions when you are want to enhance or restrict a user's access to a dashboard. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../../roles-and-permissions/#dashboard-permissions" >}}).
### Before you begin
@@ -144,4 +144,4 @@ Dashboard permissions settings:
Result: You receive an error message that cannot override a higher permission with a lower permission in the same dashboard. User1 has administrator permissions.
> Refer to [Role-based access Control]({{< relref "../../../enterprise/access-control/" >}}) in Grafana Enterprise to understand how to use RBAC permissions to restrict access to dashboards, folders, administrative functions, and other resources.
> Refer to [Role-based access Control]({{< relref "../../roles-and-permissions/access-control/" >}}) in Grafana Enterprise to understand how to use RBAC permissions to restrict access to dashboards, folders, administrative functions, and other resources.

146
docs/sources/administration/user-management/manage-org-users/_index.md Normal file
View File

@@ -0,0 +1,146 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/
- /docs/grafana/latest/manage-users/org-admin/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/view-list-org-users/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org/
title: Manage users in an organization
weight: 400
---
# Manage users in an organization
Organization administrators can invite users to join their organization. Organization users have access to organization resources based on their role, which is **Admin**, **Editor**, or **Viewer**. Permissions associated with each role determine the tasks a user can perform in the system.
For more information about organization user permissions, refer to [Organization users and permissions]({{< relref "../../roles-and-permissions/#organization-users-and-permissions" >}}).
{{< section >}}
## View a list of organization users
You can see a list of users with accounts in your Grafana organization. If necessary, you can use the search field to filter the list.
### Before you begin
- Ensure you have organization administrator privileges
**To view a list of organization users**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
![Org Admin user list](/static/img/docs/manage-users/org-user-list-7-3.png)
> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [view a global list of users]({{< relref "../../manage-users-and-permissions/manage-server-users/view-list-users/" >}}) in the Server Admin section of Grafana.
## Change a user's organization permissions
Update user permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}}).
### Before you begin
- Ensure you have organization administrator privileges
**To change the organization role of a user**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Find the user account for which you want to change the role.
If necessary, use the search field to filter the list.
1. Locate the user on the list and in the **Role** column, click the user role.
1. Select the role that you want to assign.
1. Click **Update**.
> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [change a user's organization permissions]({{< relref "../server-user-management/change-user-org-permissions/" >}}) in the Server Admin section.
## Invite a user to join an organization
When you invite users to join an organization, you assign the **Admin**, **Editor**, or **Viewer** role which controls user access to the dashboards and data sources owned by the organization. Users receive an email that prompts them to accept the invitation.
- If you know that the user already has access Grafana and you know their user name, then you issue an invitation by entering their user name.
- If the user is new to Grafana, then use their email address to issue an invitation. The system automatically creates the user account on first sign in.
> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also manually [add a user to an organization]({{< relref "../server-user-management/add-remove-user-to-org/" >}}).
### Before you begin
- Ensure you have organization administrator privileges.
- If the user already has access to Grafana, obtain their user name.
- Determine the permissions you want to assign to the user. For more information about organization permissions, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}}).
**To invite or add an existing user account to your organization**:
1. Sign in to Grafana as an organization administrator.
1. To switch to the organization to which you want to invite a user, hover your mouse over your profile and click **Switch organization** and select an organization.
> **Note**: It might be that you are currently in the proper organization and don't need to switch organizations.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Click **Invite**.
1. Enter the following information:
| Field | Description |
| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Email or username | Either the email or username that the user will use to sign in to Grafana. |
| Name | The user's name. |
| Role | Click the organization role to assign this user. For more information about organization roles, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}}).. |
| Send invite email | Switch to on if your organization has configured. The system sends an email to the user inviting them to sign in to Grafana and join the organization. Switch to off if you are not using email. The user can sign in to Grafana with the email or username you entered. |
1. Click **Submit**.
If the invitee is not already a user, the system adds them.
![Invite User](/static/img/docs/manage-users/org-invite-user-7-3.png).
## Manage a pending invitation
Periodically review invitations you have sent so that you can see a list of users that have not yet accepted the invitation or cancel a pending invitation.
> **Note:** The **Pending Invites** button is only visible if there are unanswered invitations.
### Before you begin
- Ensure you have organization administrator privileges
**To manage a pending invitation**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Click **Pending Invites**.
The **Pending Invites** button appears only when there are unaccepted invitations.
![Pending Invites button](/static/img/docs/manage-users/pending-invites-button-7-3.png)
To cancel an invitation, click the red **X** next to the invitation.
To copy an invitation link and send it directly to a user, click Copy Invite. You can then paste the invite link into a message.
![Pending Invites list](/static/img/docs/manage-users/pending-invites-list-7-3.png)
## Remove a user from an organization
You can remove a user from an organization when they no longer require access to the dashboard or data sources owned by the organization. No longer requiring access to an organization might occur when the user has left your company or has internally moved to another organization.
This action does not remove the user account from the Grafana server.
### Before you begin
- Ensure you have organization administrator privileges
**To remove a user from an organization**:
1. Sign in to Grafana as an organization administrator.
1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
1. Find the user account that you want to remove from the organization.
Use the search field to filter the list, if necessary.
1. Click the red **X** to remove the user from the organization.
> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [remove a user from an organization]({{< relref "../server-user-management/add-remove-user-to-org/#remove-a-user-from-an-organization" >}}) on the Users page of the Server Admin section.

147
docs/sources/administration/user-management/server-user-management/_index.md Normal file
View File

@@ -0,0 +1,147 @@
---
aliases:
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/
- /docs/grafana/latest/manage-users/server-admin/
- /docs/grafana/latest/manage-users/server-admin/server-admin-manage-users/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-list-users/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-user-account-details/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user/
- /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/force-user-logout/
title: Server user management
weight: 100
---
# Server user management
A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system.
If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions in Grafana, you can manage all users for a Grafana instance in the Server Admin section:
{{< section >}}
If you have [organization administrator]({{< relref "../../roles-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, refer to [Manage users in a organization]({{< relref "../manage-org-users/" >}}).
For more information about users and permissions, refer to [About users and permissions]({{< relref "../../roles-and-permissions/" >}}). For more information about managing users in general, see [User management]({{< relref "../" >}}).
## View a list of users
You can see a list of users with accounts on your Grafana server. This action might be useful when you want to know which role you assigned to each user.
### Before you begin
- Ensure you have Grafana server administrator privileges
**To view a list of users**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
![Server Admin user list](/static/img/docs/manage-users/server-user-list-7-3.png)
> **Note:** If you have [organization administrator]({{< relref "../../roles-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [view of list of users in a given organization]({{< relref "../../manage-users-and-permissions/manage-org-users/view-list-org-users/" >}}).
## View user details
View user details when you want to see login, and organizations and permissions settings associated with a user.
### Before you begin:
- Ensure you have Grafana server administrator privileges
**To view user details**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click a user.
A user account contains the following sections.
#### User information
This section contains basic user information, which users can update.
![Server Admin user information section](/static/img/docs/manage-users/server-admin-user-information-7-3.png)
#### Permissions
This indicates whether the user account has the Grafana administrator flag applied. If the flag is set to **Yes**, then the user is a Grafana server administrator.
![Server Admin Permissions section](/static/img/docs/manage-users/server-admin-permissions-7-3.png)
#### Organisations
This section lists the organizations the user belongs to and their assigned role.
![Server Admin Organizations section](/static/img/docs/manage-users/server-admin-organisations-7-3.png)
#### Sessions
This section includes recent user sessions and information about the time the user logged in and they system they used. You can force logouts, if necessary.
![Server Admin Sessions section](/static/img/docs/manage-users/server-admin-sessions-7-3.png)
## Edit a user account
Edit a user account when you want to modify user login credentials, or delete, disable, or enable a user.
### Before you begin
- Ensure you have Grafana server administrator privileges
**To edit a user account**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click a user.
1. Complete any of the following actions, as necessary.
| Action | Description |
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Update name, email, or username | **Is the user notified of these changes?**. Click **Save** after you make a change. |
| Change the user's password | The new password must be at least four characters long. Click **Save** after you make a change. |
| Delete a user | This action permanently removes the user from the Grafana server. The user can no longer sign in after you make this change. |
| Disable user account | This action prevents a user from signing in with this account, but does not delete the account. You might disable an account if a colleague goes on sabbatical. |
| Enable a user account | This action enables a user account. |
## Add a user
Add users when you want to manually provide individuals with access to Grafana.
When you create a user using this method, you must create their password. The user does not receive a notification by email. To invite a user to Grafana and allow them to create their own password, [invite a user to join an organization]({{< relref "../../manage-users-and-permissions/manage-org-users/invite-user-join-org/" >}}).
When you configure advanced authentication using Oauth, SAML, LDAP, or the Auth proxy, users are created automatically.
### Before you begin
- Ensure that you have Grafana server administrator privileges
**To add a user**:
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click **New user**.
1. Complete the fields and click **Create user**.
When you create a user, the system assigns the user viewer permissions in a default organization, which you can change. You can now [add a user to a second organization]({{< relref "add-remove-user-to-org/" >}}).
> **Note:** If you have [organization administrator]({{< relref "../../roles-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can still add users by [inviting a user to join an organization]({{< relref "../../manage-users-and-permissions/manage-org-users/invite-user-join-org/" >}}).
## Force a user to log out of Grafana
If you suspect a user account is compromised or is no longer authorized to access the Grafana server, then you can force the user to log out of Grafana.
The force logout action can apply to one device that is logged in to Grafana, or all devices logged in to Grafana.
### Before you begin
- Ensure you have Grafana server administrator privileges
1. Sign in to Grafana as a server administrator.
1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
1. Click a user.
1. Scroll down to the **Sessions** section.
1. Perform one of the following actions:
- Click **Force logout** next to the session entry that you want logged out of Grafana.
- Click **Force logout from all devices**.
1. Confirm the logout.

10
docs/sources/administration/manage-users-and-permissions/manage-server-users/add-remove-user-to-org.md → docs/sources/administration/user-management/server-user-management/add-remove-user-to-org.md
View File

@@ -14,8 +14,8 @@ You are required to specify an Admin role for each organization. The first user
## Before you begin
- [Create an organization]({{< relref "../../manage-organizations/" >}})
- [Add a user]({{< relref "add-user/" >}}) to Grafana
- [Create an organization]({{< relref "../../../manage-users-and-permissions/manage-organizations/" >}})
- [Add a user]({{< relref "../../../manage-users-and-permissions/manage-server-users/add-remove-user-to-org/add-user/" >}}) to Grafana
- Ensure you have Grafana server administrator privileges
**To add a user to an organization**:
@@ -26,13 +26,13 @@ You are required to specify an Admin role for each organization. The first user
1. In the **Organizations** section, click **Add user to organization**.
1. Select an organization and a role.
For more information about user permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
For more information about user permissions, refer to [Organization roles]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#organization-roles" >}}).
1. Click **Add to organization**.
The next time the user signs in, they will be able to navigate to their new organization using the Switch Organizations option in the user profile menu.
> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [invite a user to join an organization]({{< relref "../manage-org-users/invite-user-join-org/" >}}).
> **Note:** If you have [organization administrator]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [invite a user to join an organization]({{< relref "../../../manage-users-and-permissions/manage-server-users/manage-org-users/invite-user-join-org/" >}}).
# Remove a user from an organization
@@ -50,4 +50,4 @@ Remove a user from an organization when they no longer require access to the das
1. In the **Organization** section, click **Remove from organization** next to the organization from which you want to remove the user.
1. Click **Confirm removal**.
> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [remove a user from an organization]({{< relref "../manage-org-users/remove-user-from-org/" >}}) in the Users section of organization configuration.
> **Note:** If you have [organization administrator]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [remove a user from an organization]({{< relref "../../../manage-users-and-permissions/manage-server-users/manage-org-users/remove-user-from-org/" >}}) in the Users section of organization configuration.

4
docs/sources/administration/manage-users-and-permissions/manage-server-users/assign-remove-server-admin-privileges.md → docs/sources/administration/user-management/server-user-management/assign-remove-server-admin-privileges.md
View File

@@ -7,13 +7,13 @@ weight: 20
# Assign or remove Grafana server administrator privileges
Grafana server administrators are responsible for creating users, organizations, and managing permissions. For more information about the server administration role, refer to [Grafana server administrators]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}).
Grafana server administrators are responsible for creating users, organizations, and managing permissions. For more information about the server administration role, refer to [Grafana server administrators]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#grafana-server-administrators" >}}).
> **Note:** Server administrators are "super-admins" with full permissions to create, read, update, and delete all resources and users in all organizations, as well as update global settings such as licenses. Only grant this permission to trusted users.
## Before you begin
- [Add a user]({{< relref "add-user/" >}})
- [Add a user]({{< relref "../../../manage-users-and-permissions/manage-server-users/assign-remove-server-admin-privileges/add-user/" >}})
- Ensure you have Grafana server administrator privileges
**To assign or remove Grafana administrator privileges**:

4
docs/sources/administration/manage-users-and-permissions/manage-server-users/change-user-org-permissions.md → docs/sources/administration/user-management/server-user-management/change-user-org-permissions.md
View File

@@ -7,11 +7,11 @@ weight: 50
# Change a user's organization permissions
Update organization permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
Update organization permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../../../manage-users-and-permissions/manage-server-users/about-users-and-permissions/#organization-roles" >}}).
## Before you begin
- [Add a user to an organization]({{< relref "add-remove-user-to-org/" >}})
- [Add a user to an organization]({{< relref "../../../manage-users-and-permissions/manage-server-users/change-user-org-permissions/add-remove-user-to-org/" >}})
- Ensure you have Grafana server administrator privileges
**To change a user's organization permissions**:

0
docs/sources/administration/manage-users-and-permissions/manage-server-users/force-user-logout.md → docs/sources/administration/user-management/server-user-management/force-user-logout.md
View File

4
docs/sources/administration/manage-users-and-permissions/manage-server-users/grant-editor-admin-permissions.md → docs/sources/administration/user-management/server-user-management/grant-editor-admin-permissions.md
View File

@@ -13,8 +13,8 @@ This setting can be used to enable self-organizing teams to administer their own
When `editors_can_admin` is enabled:
- Users with the Editor role in an organization are Administrators for new dashboards and folders they create, meaning they can edit dashboard permissions. To learn more about dashboard permissions, refer to [Manage dashboard permissions]({{< relref "../manage-dashboard-permissions/" >}}).
- Users with the Editor role in an organization can create teams, and they are Administrators of the teams they create. To learn more about team permissions, refer to [Manage teams]({{< relref "../manage-teams/" >}})
- Users with the Editor role in an organization are Administrators for new dashboards and folders they create, meaning they can edit dashboard permissions. To learn more about dashboard permissions, refer to [Manage dashboard permissions]({{< relref "../../../manage-users-and-permissions/manage-server-users/manage-dashboard-permissions/" >}}).
- Users with the Editor role in an organization can create teams, and they are Administrators of the teams they create. To learn more about team permissions, refer to [Manage teams]({{< relref "../../../manage-users-and-permissions/manage-server-users/manage-teams/" >}})
> **Note**: If you use Grafana Enterprise and customize users' permissions using RBAC, the RBAC permissions override the functionality enabled by the `editors_can_admin` flag.

6
docs/sources/administration/manage-user-preferences/_index.md → docs/sources/administration/user-management/user-preferences/_index.md
View File

@@ -22,7 +22,7 @@ You can also view important information about your account, such as the organiza
You can change your Grafana password at any time.
> **Note**: If your Grafana instance uses an <!--[external authentication provider]({{< relref "../../setup-grafana/configure-security/configure-authentication/" >}})--> external authentication provider, then you might not be able to change your password in Grafana. Contact your Grafana administrator for more information.
> **Note**: If your Grafana instance uses an <!--[external authentication provider]({{< relref "../../../setup-grafana/configure-security/configure-authentication/" >}})--> external authentication provider, then you might not be able to change your password in Grafana. Contact your Grafana administrator for more information.
**To change your password**:
@@ -47,7 +47,7 @@ Your profile includes your name, user name, and email address, which you can upd
## Edit your preferences
You can choose the way you would like data to appear in Grafana, including the UI theme, home dashboard, timezone, and first day of the week. You can set these preferences for your own account, for a team, for an organization, or Grafana-wide using configuration settings. Your user preferences take precedence over team, organization, and Grafana default preferences. For more information, see [Grafana preferences]({{< relref "../preferences/" >}}).
You can choose the way you would like data to appear in Grafana, including the UI theme, home dashboard, timezone, and first day of the week. You can set these preferences for your own account, for a team, for an organization, or Grafana-wide using configuration settings. Your user preferences take precedence over team, organization, and Grafana default preferences. For more information, see [Grafana preferences]({{< relref "../../organization-preferences/" >}}).
- **UI theme** determines whether Grafana appears in light mode or dark mode. By default, UI theme is set to dark mode.
- **Home dashboard** refers to the dashboard you see when you sign in to Grafana. By default, this is set to the Home dashboard.
@@ -81,7 +81,7 @@ Every user is a member of at least one organization. You can have different role
1. Hover your cursor over the user icon in the lower-left corner of the page and click **Preferences**.
1. Scroll down to the **Organizations** section and review the following information:
- **Name**: The name of the organizations of which you are a member.
- **Role**: The role to which you are assigned in the organization. For more information about roles and permissions, refer to [Organization users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/#organization-users-and-permissions" >}}).
- **Role**: The role to which you are assigned in the organization. For more information about roles and permissions, refer to [Organization users and permissions]({{< relref "../../roles-and-permissions/#organization-users-and-permissions" >}}).
- **Current**: Grafana indicates the organization that you are currently signed into as _Current_. If you are a member of multiple organizations, you can click **Select** to switch to that organization.
## View your Grafana sessions

10
docs/sources/administration/view-server/_index.md
View File

@@ -1,10 +0,0 @@
---
aliases:
- /docs/grafana/latest/administration/view-server/
title: View server
weight: 100
---
# View server information
This setting contains information about tools that Grafana Server Admins can use to learn more about their Grafana servers.

30
docs/sources/administration/view-server/view-server-settings.md
View File

@@ -1,30 +0,0 @@
---
aliases:
- /docs/grafana/latest/admin/view-server-settings/
- /docs/grafana/latest/administration/view-server/view-server-settings/
description: How to view server settings in the Grafana UI
keywords:
- grafana
- configuration
- server
- settings
title: View server settings
weight: 300
---
# View Grafana server settings
> Refer to [Role-based access control]({{< relref "../../enterprise/access-control/" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
If you are a Grafana server administrator, use the Settings tab to view the settings that are applied to your Grafana server via the [Configuration]({{< relref "../../setup-grafana/configure-grafana/#config-file-locations" >}}) file and any environmental variables.
> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/" >}}).
## View server settings
1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Settings** tab.
## Available settings
For a full list of server settings, refer to [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}).

56
docs/sources/administration/view-server/view-server-stats.md
View File

@@ -1,56 +0,0 @@
---
aliases:
- /docs/grafana/latest/admin/view-server-stats/
- /docs/grafana/latest/administration/view-server/view-server-stats/
keywords:
- grafana
- server
- statistics
title: View server stats
weight: 400
---
# View Grafana server stats
> Refer to [Role-based access control]({{< relref "../../enterprise/access-control/" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
If you are a Grafana server admin, then you can view useful statistics about your Grafana server in the Stats & Licensing tab.
> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions/" >}}).
## View server stats
1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Stats & Licensing** tab.
## Available stats
The following statistics are displayed in the Stats tab:
- Total users
**Note:** Total users = Total admins + Total editors + Total viewers
- Total admins
- Total editors
- Total viewers
- Active users (seen last 30 days)
**Note:** Active users = Active admins + Active editors + Active viewers
- Active admins (seen last 30 days)
- Active editors (seen last 30 days)
- Active viewers (seen last 30 days)
- Active sessions
- Total dashboards
- Total orgs
- Total playlists
- Total snapshots
- Total dashboard tags
- Total starred dashboards
- Total alerts
## Counting users
If a user belongs to several organizations, then that user is counted once as a user in the highest organization role they are assigned, regardless of how many organizations the user belongs to.
For example, if Sofia is a Viewer in two organizations, an Editor in two organizations, and Admin in three organizations, then she would be reflected in the stats as:
- Total users 1
- Total admins 1

2
docs/sources/alerting/_index.md
View File

@@ -24,7 +24,7 @@ For new installations or existing installs without alerting configured, Grafana
Existing installations that upgrade to v9.0 will have Grafana Alerting enabled by default. For more information on migrating from legacy or the cloud alerting plugin, see [Migrating to Grafana Alerting]({{< relref "migrating-alerts/" >}}).
Before you begin, we recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "fundamentals/" >}}) of Grafana Alerting. Refer to [Role-based access control]({{< relref "../enterprise/access-control/" >}}) in Grafana Enterprise to learn more about controlling access to alerts using role-based permissions.
Before you begin, we recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "fundamentals/" >}}) of Grafana Alerting. Refer to [Role-based access control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) in Grafana Enterprise to learn more about controlling access to alerts using role-based permissions.
- [About alert rules]({{< relref "fundamentals/alert-rules/" >}})
- [Migrating legacy alerts]({{< relref "migrating-alerts/" >}})

2
docs/sources/alerting/contact-points/notifiers/webhook-notifier.md
View File

@@ -16,7 +16,7 @@ weight: 105
### Webhook
This topic helps you configure the Webhook notifier. It also discusses that [WeCom]({{< relref "./webhook-notifier/#wecom" >}}) contact points need a Webhook URL.
This topic helps you configure the Webhook notifier. It also discusses that [WeCom]({{< relref "webhook-notifier/#wecom" >}}) contact points need a Webhook URL.
Example JSON body:

6
docs/sources/administration/cli.md → docs/sources/cli.md
View File

@@ -137,7 +137,7 @@ grafana-cli --homepath "/usr/share/grafana" admin reset-admin-password <new pass
### Override config file
`--config value` overrides the default location where Grafana expects the configuration file. Refer to [Configuration]({{< relref "../setup-grafana/configure-grafana/" >}}) for more information about configuring Grafana and default configuration file locations.
`--config value` overrides the default location where Grafana expects the configuration file. Refer to [Configuration]({{< relref "../administration/setup-grafana/configure-grafana/" >}}) for more information about configuring Grafana and default configuration file locations.
**Example:**
@@ -147,7 +147,7 @@ grafana-cli --config "/etc/configuration/" admin reset-admin-password mynewpassw
## Plugins commands
Grafana CLI allows you to install, upgrade, and manage your Grafana plugins. For more information about installing plugins, refer to [plugins page]({{< relref "../plugins/installation/" >}}).
Grafana CLI allows you to install, upgrade, and manage your Grafana plugins. For more information about installing plugins, refer to [plugins page]({{< relref "../administration/plugin-management/" >}}).
All listed commands apply to the Grafana default repositories and directories. You can override the defaults with [Global Options](#global-options).
@@ -219,7 +219,7 @@ grafana-cli --homepath "/usr/share/grafana" admin reset-admin-password <new pass
If you have not lost the admin password, we recommend that you change the user password either in the User Preferences or in the Server Admin > User tab.
If you need to set the password in a script, then you can use the [Grafana User API]({{< relref "../developers/http_api/user/#change-password" >}}).
If you need to set the password in a script, then you can use the [Grafana User API]({{< relref "../administration/developers/http_api/user/#change-password" >}}).
### Migrate data and encrypt passwords

2
docs/sources/dashboards/_index.md
View File

@@ -8,7 +8,7 @@ weight: 80
# About Grafana dashboards
A dashboard is a set of one or more [panels]({{< relref "../panels/" >}}) organized and arranged into one or more rows. Grafana ships with a variety of panels making it easy to construct the right queries, and customize the visualization so that you can create the perfect dashboard for your need. Each panel can interact with data from any configured Grafana [data source]({{< relref "../datasources/" >}}).
A dashboard is a set of one or more [panels]({{< relref "../panels/" >}}) organized and arranged into one or more rows. Grafana ships with a variety of panels making it easy to construct the right queries, and customize the visualization so that you can create the perfect dashboard for your need. Each panel can interact with data from any configured Grafana [data source]({{< relref "../administration/data-source-management/" >}}).
Dashboard snapshots are static . Queries and expressions cannot be re-executed from snapshots. As a result, if you update any variables in your query or expression, it will not change your dashboard data.

28
docs/sources/datasources/_index.md
View File

@@ -8,7 +8,7 @@ weight: 60
# Data sources
Grafana supports many different storage backends for your time series data (data source). Refer to [Add a data source]({{< relref "add-a-data-source/" >}}) for instructions on how to add a data source to Grafana. Only users with the organization admin role can add data sources.
Grafana supports many different storage backends for your time series data (data source). Refer to [Add a data source]({{< relref "../../administration/datasources/add-a-data-source/" >}}) for instructions on how to add a data source to Grafana. Only users with the organization admin role can add data sources.
## Querying
@@ -18,23 +18,23 @@ Each data source has a specific Query Editor that is customized for the features
The following data sources are officially supported:
- [Alertmanager]({{< relref "alertmanager/" >}})
- [Alertmanager]({{< relref "../../datasources/alertmanager/" >}})
- [AWS CloudWatch]({{< relref "aws-cloudwatch/" >}})
- [Azure Monitor]({{< relref "azuremonitor/" >}})
- [Elasticsearch]({{< relref "elasticsearch/" >}})
- [Elasticsearch]({{< relref "../../datasources/elasticsearch/" >}})
- [Google Cloud Monitoring]({{< relref "google-cloud-monitoring/" >}})
- [Graphite]({{< relref "graphite/" >}})
- [Graphite]({{< relref "../../datasources/graphite/" >}})
- [InfluxDB]({{< relref "influxdb/" >}})
- [Loki]({{< relref "loki/" >}})
- [Microsoft SQL Server (MSSQL)]({{< relref "mssql/" >}})
- [MySQL]({{< relref "mysql/" >}})
- [OpenTSDB]({{< relref "opentsdb/" >}})
- [PostgreSQL]({{< relref "postgres/" >}})
- [Prometheus]({{< relref "prometheus/" >}})
- [Jaeger]({{< relref "jaeger/" >}})
- [Zipkin]({{< relref "zipkin/" >}})
- [Tempo]({{< relref "tempo/" >}})
- [Testdata]({{< relref "testdata/" >}})
- [Loki]({{< relref "../../datasources/loki/" >}})
- [Microsoft SQL Server (MSSQL)]({{< relref "../../datasources/mssql/" >}})
- [MySQL]({{< relref "../../datasources/mysql/" >}})
- [OpenTSDB]({{< relref "../../datasources/opentsdb/" >}})
- [PostgreSQL]({{< relref "../../datasources/postgres/" >}})
- [Prometheus]({{< relref "../../datasources/prometheus/" >}})
- [Jaeger]({{< relref "../../datasources/jaeger/" >}})
- [Zipkin]({{< relref "../../datasources/zipkin/" >}})
- [Tempo]({{< relref "../../datasources/tempo/" >}})
- [Testdata]({{< relref "../../datasources/testdata/" >}})
In addition to the data sources that you have configured in your Grafana, there are three special data sources available:

2
docs/sources/datasources/add-a-data-source.md
View File

@@ -32,4 +32,4 @@ To add a data source:
1. Click **Select**. The data source configuration page opens.
1. Configure the data source following instructions specific to that data source. See [Data sources]({{< relref "_index.md" >}}) for links to configuration instructions for all supported data sources.
1. Configure the data source following instructions specific to that data source. See [Data sources]({{< relref "../administration/data-source-management/_index.md" >}}) for links to configuration instructions for all supported data sources.

2
docs/sources/enterprise/datasource_permissions.md → docs/sources/datasources/datasource_permissions.md
View File

@@ -20,7 +20,7 @@ weight: 500
Data source permissions allow you to restrict access for users to query a data source. For each data source there is a permission page that allows you to enable permissions and restrict query permissions to specific **Users** and **Teams**.
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
## Enable data source permissions

2
docs/sources/developers/plugins/_index.md
View File

@@ -8,7 +8,7 @@ weight: 200
# Build a plugin
For more information on the types of plugins you can build, refer to the [Plugin Overview]({{< relref "../../plugins/" >}}).
For more information on the types of plugins you can build, refer to the [Plugin Overview]({{< relref "../../administration/plugin-management/" >}}).
## Get started

4
docs/sources/developers/plugins/migration-guide.md
View File

@@ -552,7 +552,7 @@ For plugins prior to Grafana 7.0, all options are considered _Display options_.
While backend plugins were available as an experimental feature in previous versions of Grafana, the support has been greatly improved for Grafana 7. Backend plugins for Grafana 7.0 are backwards-compatible and will continue to work. However, the old backend plugin system has been deprecated, and we recommend that you use the new SDK for backend plugins.
Since Grafana 7.0 introduced [signing of backend plugins](../../plugins/plugin-signatures.md), community plugins wont load by default if theyre unsigned.
Since Grafana 7.0 introduced [signing of backend plugins](../../administration/plugins), community plugins wont load by default if theyre unsigned.
To learn more, refer to [Backend plugins](backend/_index.md).
@@ -646,4 +646,4 @@ For more information, refer to [Data frames](data-frames.md).
### Troubleshoot plugin migration
As of Grafana 7.0, backend plugins can now be cryptographically signed to verify their origin. By default, Grafana ignores unsigned plugins. For more information, refer to [Allow unsigned plugins](../../plugins/plugin-signatures.md#allow-unsigned-plugins).
As of Grafana 7.0, backend plugins can now be cryptographically signed to verify their origin. By default, Grafana ignores unsigned plugins. For more information, refer to [Allow unsigned plugins](../../administration/plugins/#allow-unsigned-plugins).

4
docs/sources/developers/plugins/sign-a-plugin.md
View File

@@ -6,7 +6,7 @@ title: Sign a plugin
# Sign a plugin
Signing a plugin allows Grafana to verify the authenticity of the plugin with [signature verification]({{< relref "../../plugins/plugin-signatures/" >}}). This gives users a way to make sure plugins haven't been tampered with. All Grafana Labs-authored backend plugins, including Enterprise plugins, are signed.
Signing a plugin allows Grafana to verify the authenticity of the plugin with [signature verification]({{< relref "../plugin-signatures/" >}}). This gives users a way to make sure plugins haven't been tampered with. All Grafana Labs-authored backend plugins, including Enterprise plugins, are signed.
> **Important:** Future versions of Grafana will require all plugins to be signed.
@@ -14,7 +14,7 @@ Before you can sign your plugin, you need to decide whether you want to sign it
If you want to make your plugin publicly available outside of your organization, you need to sign your plugin under a _community_ or _commercial_ [signature level](#plugin-signature-levels). Public plugins are available from [grafana.com/plugins](https://grafana.com/plugins) and can be installed by anyone.
For more information on how to install public plugin, refer to [Install Grafana plugins]({{< relref "../../plugins/installation/" >}}).
For more information on how to install public plugin, refer to [Install Grafana plugins]({{< relref "../installation/" >}}).
If you intend to only use the plugin within your organization, you can to sign it under a _private_ [signature level](#plugin-signature-levels).

4
docs/sources/enterprise/_index.md
View File

@@ -58,8 +58,8 @@ With [enhanced LDAP integration]({{< relref "../setup-grafana/configure-security
Grafana Enterprise adds the following features:
- [Role-based access control]({{< relref "access-control/" >}}) to control access with role-based permissions.
- [Data source permissions]({{< relref "datasource_permissions/" >}}) to restrict query access to specific teams and users.
- [Role-based access control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) to control access with role-based permissions.
- [Data source permissions]({{< relref "../administration/data-source-management/" >}}) to restrict query access to specific teams and users.
- [Data source query caching]({{< relref "query-caching/" >}}) to temporarily store query results in Grafana to reduce data source load and rate limiting.
- [Reporting]({{< relref "reporting/" >}}) to generate a PDF report from any dashboard and set up a schedule to have it emailed to whoever you choose.
- [Export dashboard as PDF]({{< relref "export-pdf/" >}})

16
docs/sources/enterprise/access-control/_index.md
View File

@@ -1,16 +0,0 @@
---
aliases:
- /docs/grafana/latest/enterprise/access-control/
description: RBAC provides a standardized way of granting, changing, and revoking
access when it comes to viewing and modifying Grafana resources, such as users and
reports.
menuTitle: Role-based access control (RBAC)
title: Grafana Role-based access control (RBAC)
weight: 120
---
# Role-based access control (RBAC)
RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings.
{{< section >}}

2
docs/sources/enterprise/export-pdf.md
View File

@@ -15,7 +15,7 @@ weight: 1400
You can generate and save PDF files from any of your dashboards.
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}).
1. In the upper right corner of the dashboard that you want to export as PDF, click the **Share dashboard** icon.
1. On the PDF tab, select the layout option for exported dashboard: **Portrait** or **Landscape**.

21
docs/sources/enterprise/license/_index.md
View File

@@ -1,21 +0,0 @@
---
aliases:
- /docs/grafana/latest/enterprise/license/
description: Enterprise license
keywords:
- grafana
- licensing
- enterprise
title: Grafana Enterprise license
weight: 10
---
# Grafana Enterprise license
When you become a Grafana Enterprise customer, you gain access to Grafana's premium observability features, including enterprise data source plugins, reporting, and role-based access control. In order to use these [enhanced features of Grafana Enterprise]({{< relref "../" >}}), you must purchase and activate a Grafana Enterprise license.
To purchase a license directly from Grafana Labs, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise). To activate an Enterprise license purchased from Grafana Labs, refer to [Activate an Enterprise license]({{< relref "activate-license/" >}}).
You can also purchase a Grafana Enterprise license through the AWS Marketplace. To learn more about activating a license purchased through AWS, refer to [Activate a Grafana Enterprise license purchased through AWS Marketplace]({{< relref "activate-aws-marketplace-license/" >}}).
{{< section >}}

19
docs/sources/enterprise/license/activate-aws-marketplace-license/_index.md
View File

@@ -1,19 +0,0 @@
---
aliases:
- /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/
description: Activate Enterprise license purchased through AWS Marketplace
keywords:
- grafana
- aws
- marketplace
- enterprise
- license
title: Activate a Grafana Enterprise license purchased through AWS Marketplace
weight: 400
---
# Activate a Grafana Enterprise license purchased through AWS Marketplace
AWS Marketplace is a convenient place for AWS customers to buy and manage a license for Grafana Enterprise versions 8.3.0 and later.
{{< section >}}

86
docs/sources/enterprise/license/activate-license.md
View File

@@ -1,86 +0,0 @@
---
aliases:
- /docs/grafana/latest/enterprise/activate-license/
- /docs/grafana/latest/enterprise/license/activate-license/
description: Activate an Enterprise license
keywords:
- grafana
- licensing
- enterprise
title: Activate an Enterprise license
weight: 100
---
# Activate an Enterprise license
Follow these steps to activate your Grafana Enterprise license:
## Step 1. Download your license file
To download your Grafana Enterprise license:
1. Sign in to your [Grafana Cloud](https://grafana.com) account.
1. Go to **My Account** and select an organization from the drop-down menu at the top left of the page. On the Overview page for each organization, you can see a section for Grafana Enterprise licenses. Click **Details** next to a license.
1. At the bottom of the license details page, select **Download token** to download the `license.jwt` file that contains your license.
## Step 2. Add your license to a Grafana instance
There is more than one way to add the license to a Grafana instance:
### Upload the license file via the Grafana server administrator page
This is the preferred option for single instance installations of Grafana Enterprise.
1. Sign in as a Grafana server administrator.
1. Navigate to **Server Admin > Upgrade** within Grafana.
1. Click **Upload license token file**.
1. Select your license file, and upload it.
### Put the `license.jwt` file into the data directory of Grafana
On Linux systems, the data directory is usually at `/var/lib/grafana`.
You can also configure a custom location for the license file using the grafana.ini setting:
```bash
[enterprise]
license_path = /company/secrets/license.jwt
```
This setting can also be set with an environment variable, which is useful if you're running Grafana with Docker and have a custom volume where you have placed the license file. In this case, set the environment variable `GF_ENTERPRISE_LICENSE_PATH` to point to the location of your license file.
### Set the content of the license file as a configuration option
You can add a license by pasting the content of the `license.jwt`
to the grafana.ini configuration file:
```bash
[enterprise]
license_text = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aGlzIjoiaXMiLCJub3QiOiJhIiwidmFsaWQiOiJsaWNlbnNlIn0.bxDzxIoJlYMwiEYKYT_l2s42z0Y30tY-6KKoyz9RuLE
```
This option can be set using the `GF_ENTERPRISE_LICENSE_TEXT`
environment variable.
## Step 3. Ensure that the license file's root URL matches the root_url configuration option
Update the [`root_url`]({{< relref "../../setup-grafana/configure-grafana/#root-url" >}}) in your configuration. It should be the URL that users type in their browsers to access the frontend, not the node hostname(s).
This is important, because as part of the validation checks at startup, Grafana compares the license URL to the [`root_url`]({{< relref "../../setup-grafana/configure-grafana/#root-url" >}}) in your configuration.
In your configuration file:
```
[server]
root_url = https://grafana.example.com/
```
Or with an environment variable:
```
GF_SERVER_ROOT_URL=https://grafana.example.com/
```
## Step 4. Restart Grafana
To finalize the installation of Grafana Enterprise, restart Grafana to enable all Grafana Enterprise features. Refer to [restart Grafana]({{< relref "../../setup-grafana/restart-grafana/" >}}) for more information.

92
docs/sources/enterprise/license/license-expiration.md
View File

@@ -1,92 +0,0 @@
---
aliases:
- /docs/grafana/latest/enterprise/license-expiration/
- /docs/grafana/latest/enterprise/license/license-expiration/
description: ''
keywords:
- grafana
- licensing
title: License expiration
weight: 200
---
# License expiration
If your license has expired, most of Grafana keeps working as normal. Some enterprise functionality stops or runs with reduced functionality and Grafana displays a banner informing the users that Grafana is running on an expired license. Your Grafana admin needs to upload a new license file to restore full functionality.
> Replace your license as soon as possible. Running Grafana Enterprise with an expired license is unsupported and can lead to unexpected consequences.
## Update your license
1. Locate your current `license.jwt` file. In a standard installation it is stored inside the Grafana data directory, which on a typical Linux installation is in `/var/lib/grafana/data`. This location might be overridden in the ini file [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}).
```ini
[enterprise]
license_path = /path/to/your/license.jwt
```
The configuration file's location may also be overridden by the `GF_ENTERPRISE_LICENSE_PATH` environment variable.
2. Log in to your [Grafana Cloud Account](https://grafana.com/login) and make sure you're in the correct organization in the dropdown at the top of the page.
3. Under the **Grafana Enterprise** section in the menu bar to the left, choose licenses and download the currently valid license with which you want to run Grafana. If you cannot see a valid license on Grafana.com, please contact your account manager at Grafana Labs to renew your subscription.
4. Replace the current `license.jwt`-file with the one you've just downloaded.
5. [Restart Grafana]({{< relref "../../setup-grafana/restart-grafana/" >}}).
## If your license expires
If your Grafana Enterprise license expires, you can expect the following changes in feature behavior.
### Data source permissions
Your current data source permissions will keep working as expected, but you'll be unable to add new data source permissions until the license has been renewed.
### LDAP authentication
- LDAP synchronization is not affected by an expired license.
- Team sync debugging is unavailable.
### SAML authentication
SAML authentication is not affected by an expired license.
### Role-based access control (RBAC)
- Creating, updating and deleting custom roles is not available.
- Modifying permissions for custom roles is not available.
### Reporting
- You're unable to configure new reports or generate previews.
- Existing reports continue to be sent.
### Enterprise plugins
Enterprise plugins might stop working.
### White labeling
The white labeling feature is turned off, meaning that any white labeling options will not have any effect.
### Usage insights
Exporting usage insights logs to Loki will be turned off for licenses expired for more than 7 days.
All the other usage insights features are turned off as soon as the license expires, meaning that you will not be able to see dashboard usage, presence indicators, or use improved search. Grafana continues to collect usage data and you will have access to it as soon as you update your license.
### Vault integration
Vault integration is not affected by an expired license.
### Auditing
Auditing is not affected by an expired license.
### License restrictions
The concurrent session limit remains active for seven days after the expiration date, after which it will be turned off.
The active users limit is turned off immediately.
### Settings updates at runtime
Settings updates at runtime are not affected by an expired license.

75
docs/sources/enterprise/license/license-restrictions.md
View File

@@ -1,75 +0,0 @@
---
aliases:
- /docs/grafana/latest/enterprise/license-restrictions/
- /docs/grafana/latest/enterprise/license/license-restrictions/
description: Grafana Enterprise license restrictions
keywords:
- grafana
- licensing
- enterprise
title: License restrictions
weight: 300
---
# Grafana Enterprise license restrictions
When you become a Grafana Enterprise customer, you receive a license that governs your use of Grafana Enterprise.
## Active users limit
Your Grafana license includes a maximum number of active users.
- An _active user_ is a user who has signed in to Grafana within the last 30 days. This is a rolling window that is updated daily.
- When you reach the maximum number of active users, only currently active users (users who have signed in over the past 30 days) can sign in. When a new user or a previously-inactive user tries to sign in, the user will see an error message indicating that Grafana has reached its license limit.
- The user's role, number of dashboards that a user can view or edit, and the number of organizations that they can access does not affect the active user count.
- A license limit banner appears to administrators when Grafana reaches its active user limit; editors and viewers do not see the banner.
### Determine the number of active users
To determine the number of active users:
1. Sign in to Grafana Enterprise as a System Administrator.
1. Click **Server Admin** (the shield icon).
1. Click **Statistics and licensing**.
1. Review the utilization count on the **Utilization** panel.
## Tiered licensing (deprecated)
A tiered license defines dashboard viewers, and dashboard editors and administrators, as two distinct user types that each have their own user limit.
As of Grafana Enterprise version 9.0, Grafana only counts and enforces the _total_ number of active users in your Grafana instance. For example, if you purchase 150 active users, you can have 20 admins, 70 editors, and 60 viewers, or you can have 150 admins. Grafana will enforce the total number of active users even if you use a license that grants a specific number of admins or editors and a certain number of viewers. This is a more permissive policy than before, which gives you the flexibility to change users' roles.
If you are running a pre-9.0 version of Grafana Enterprise, please refer to the documentation for that version to learn more about license enforcement in your current version.
## Additional license restrictions
Your license is controlled by the following rules:
**License expiration date:** The license includes an expiration date, which is the date when a license becomes inactive.
As the license expiration date approaches, you will see a banner in Grafana that encourages you to renew. To learn about how to renew your license and what happens in Grafana when a license expires, refer to [License expiration]({{< relref "license-expiration/" >}}).
**Grafana License URL:** Your license does not work with an instance of Grafana with a different root URL.
The License URL is the complete URL of your Grafana instance, for example `https://grafana.your-company.com/`. It is defined in the [root_url]({{< relref "../../setup-grafana/configure-grafana/#root_url">}}) configuration setting.
**Concurrent sessions limit**: As of Grafana Enterprise 7.5, users can initiate up to three concurrent sessions of Grafana.
The system creates a session when a user signs in to Grafana from a new device, a different browser, or an incognito window. If a user signs in to Grafana from another tab or window within the same browser, only one session is used.
When a user reaches the session limit, the fourth connection succeeds and the longest inactive session is signed out.
## Request usage billing
You can request Grafana Labs to activate usage billing which allows an unlimited number of active users. When usage billing is enabled, Grafana does not enforce active user limits or display warning banners. Instead, you are charged for active users that exceed the limit, according to your customer contract.
Usage billing involves a contractual agreement between you and Grafana Labs, and it is only available if Grafana Enterprise is configured to [automatically refresh its license token]({{< relref "../../setup-grafana/configure-grafana/enterprise-configuration/#auto_refresh_license" >}}).
## Request a change to your license
To increase the number of licensed users within Grafana, extend a license, or change your licensed URL, contact [Grafana support](https://grafana.com/profile/org#support) or your Grafana Labs account team. They will update your license, which you can activate from within Grafana.
For instructions about how to activate your license after it is updated, refer to [Activate an Enterprise license]({{< relref "activate-license/" >}}).

2
docs/sources/enterprise/query-caching.md
View File

@@ -17,7 +17,7 @@ When query caching is enabled, Grafana temporarily stores the results of data so
Query caching works for all backend data sources, and queries sent through the data source proxy. You can enable the cache globally and configure the cache duration (also called Time to Live, or TTL).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
The following cache backends are available: in-memory, Redis, and Memcached.

2
docs/sources/enterprise/recorded-queries.md
View File

@@ -17,7 +17,7 @@ Recorded queries allow you to see trends over time by taking a snapshot of a dat
For our plugins that do not return time series, it might be useful to plot historical data. For example, you might want to query ServiceNow to see a history of request response times but it can only return current point-in-time metrics.
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}).
## How recorded queries work

20
docs/sources/enterprise/reporting.md
View File

@@ -65,7 +65,7 @@ Only organization admins can create reports by default. You can customize who ca
### Choose template variables
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 7.5 and later behind the `reportVariables` feature flag, Grafana Enterprise version 8.0 and later without a feature flag, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 7.5 and later behind the `reportVariables` feature flag, Grafana Enterprise version 8.0 and later without a feature flag, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
You can configure report-specific template variables for the dashboard on the report page. The variables that you select will override the variables from the dashboard, and they are used when rendering a PDF file of the report. For detailed information about using template variables, refer to the [Templates and variables]({{< relref "../variables/" >}}) section.
@@ -73,7 +73,7 @@ You can configure report-specific template variables for the dashboard on the re
### Render a report with panels or rows set to repeat by a variable
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 8.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 8.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
You can include dynamic dashboards with panels or rows, set to repeat by a variable, into reports. For detailed information about setting up repeating panels or rows in dashboards, refer to the [Repeat panels or rows]({{< relref "../panels/add-panels-dynamically/" >}}) section.
@@ -85,7 +85,7 @@ You can include dynamic dashboards with panels or rows, set to repeat by a varia
### Report time range
> **Note:** You can set custom report time ranges in [Grafana Enterprise]({{< relref "../enterprise" >}}) 7.2+ and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** You can set custom report time ranges in [Grafana Enterprise]({{< relref "../enterprise/" >}}) 7.2+ and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
By default, reports use the saved time range of the dashboard. Changing the time range of the report can be done by:
@@ -109,7 +109,7 @@ If the time zone is set differently between your Grafana server and its remote i
### CSV export
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) 8+ with the [Grafana image renderer plugin](https://grafana.com/grafana/plugins/grafana-image-renderer) v3.0+, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) 8+ with the [Grafana image renderer plugin](https://grafana.com/grafana/plugins/grafana-image-renderer) v3.0+, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
You can attach a CSV file to the report email for each table panel on the selected dashboard, along with the PDF report. By default, CSVs larger than 10Mb won't be sent to avoid email servers to reject the email. You can increase or decrease this limit in the [reporting configuration]({{< relref "#rendering-configuration" >}}).
@@ -121,7 +121,7 @@ A background job runs every 10 minutes and removes temporary CSV files. You can
### Scheduling
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 8.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 8.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> The scheduler was significantly changed in Grafana Enterprise version 8.1.
Scheduled reports can be sent once, or repeated on an hourly, daily, weekly, or monthly basis, or sent at custom intervals. You can also disable scheduling by selecting **Never**, for example to send the report via the API.
@@ -144,7 +144,7 @@ When you schedule a report with a monthly frequency, and set the start date betw
### Send a test email
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 7.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 7.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
1. In the report, click **Send test email**.
1. In the Email field, enter the email address or addresses that you want to test, separated by semicolon.
@@ -157,19 +157,19 @@ The last saved version of the report will be sent to selected emails. You can us
### Pause a report
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 8.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 8.0 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
You can pause sending of reports from the report list view by clicking the pause icon. The report will not be sent according to its schedule until it is resumed by clicking the resume button on the report row.
### Add multiple dashboards to a report
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 9.0 and later, and [Grafana Cloud Pro and Advanced]({{< relref "/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 9.0 and later, and [Grafana Cloud Pro and Advanced]({{< relref "grafana-cloud/" >}}).
You can add more than one dashboard to a report. Additional dashboards will be rendered as new pages in the same PDF file, or additional images if you chose to embed images in your report email. Note: you cannot add the same dashboard to a report twice.
### Embed a dashboard as an image into a report
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 9.0 and later, and [Grafana Cloud Pro and Advanced]({{< relref "/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 9.0 and later, and [Grafana Cloud Pro and Advanced]({{< relref "grafana-cloud/" >}}).
You can send a report email with an image of the dashboard embedded in the email itself, instead of attached as a PDF. In this case, the email recipients can see the dashboard at a glance instead of having to open the PDF.
@@ -212,7 +212,7 @@ font_italic = DejaVuSansCondensed-Oblique.ttf
## Report settings
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise" >}}) version 7.2 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
> **Note:** Available in [Grafana Enterprise]({{< relref "../enterprise/" >}}) version 7.2 and later, and [Grafana Cloud Pro and Advanced]({{< ref "/docs/grafana-cloud" >}}).
You can configure organization-wide report settings in the **Settings** tab on the **Reporting** page. Settings are applied to all the reports for current organization.

6
docs/sources/explore/_index.md
View File

@@ -14,7 +14,7 @@ weight: 90
Grafana's dashboard UI is all about building dashboards for visualization. Explore strips away the dashboard and panel options so that you can focus on the query. It helps you iterate until you have a working query and then think about building a dashboard.
> Refer to [Role-based access control]({{< relref "../enterprise/access-control/" >}}) in Grafana Enterprise to understand how you can control access with role-based permissions.
> Refer to [Role-based access control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) in Grafana Enterprise to understand how you can control access with role-based permissions.
If you just want to explore your data and do not want to create a dashboard, then Explore makes this much easier. If your data source supports graph and table data, then Explore shows the results both as a graph and a table. This allows you to see trends in the data and more details at the same time. See also:
@@ -25,9 +25,9 @@ If you just want to explore your data and do not want to create a dashboard, the
## Start exploring
> Refer to [Role-based access Control]({{< relref "../enterprise/access-control/" >}}) in Grafana Enterprise to understand how you can manage Explore with role-based permissions.
> Refer to [Role-based access Control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) in Grafana Enterprise to understand how you can manage Explore with role-based permissions.
In order to access Explore, you must have an editor or an administrator role, unless the [viewers_can_edit option]({{< relref "../setup-grafana/configure-grafana/#viewers_can_edit" >}}) is enabled. Refer to [About users and permissions]({{< relref "../administration/manage-users-and-permissions/about-users-and-permissions/" >}}) for more information on what each role has access to.
In order to access Explore, you must have an editor or an administrator role, unless the [viewers_can_edit option]({{< relref "../setup-grafana/configure-grafana/#viewers_can_edit" >}}) is enabled. Refer to [About users and permissions]({{< relref "../administration/roles-and-permissions/" >}}) for more information on what each role has access to.
To access Explore:

2
docs/sources/getting-started/_index.md
View File

@@ -8,6 +8,6 @@ weight: 15
# Get started
This section provides guidance on how build your first dashboard after you have installed Grafana. It also provides step-by-step instructions on how to add a Prometheus, InfluxDB, or an MS SQL Server data source. Refer to [Data sources]({{< relref "../datasources/" >}}) for a list of all supported data sources.
This section provides guidance on how build your first dashboard after you have installed Grafana. It also provides step-by-step instructions on how to add a Prometheus, InfluxDB, or an MS SQL Server data source. Refer to [Data sources]({{< relref "../administration/data-source-management/" >}}) for a list of all supported data sources.
{{< section >}}

8
docs/sources/introduction/_index.md
View File

@@ -11,7 +11,7 @@ weight: 5
[Grafana open source software](https://grafana.com/oss/) enables you to query, visualize, alert on, and explore your metrics, logs, and traces wherever they are stored. Grafana OSS provides you with tools to turn your time-series database (TSDB) data into insightful graphs and visualizations.
After you have [installed Grafana]({{< relref "../setup-grafana/installation/" >}}) and set up your first dashboard using instructions in [Getting started with Grafana]({{< relref "../getting-started/build-first-dashboard.md" >}}), you will have many options to choose from depending on your requirements. For example, if you want to view weather data and statistics about your smart home, then you can create a [playlist]({{< relref "../dashboards/playlist.md" >}}). If you are the administrator for an enterprise and are managing Grafana for multiple teams, then you can set up [provisioning]({{< relref "../administration/provisioning.md" >}}) and [authentication]({{< relref "../setup-grafana/configure-security/configure-authentication/" >}}).
After you have [installed Grafana]({{< relref "../setup-grafana/installation/" >}}) and set up your first dashboard using instructions in [Getting started with Grafana]({{< relref "../getting-started/build-first-dashboard.md" >}}), you will have many options to choose from depending on your requirements. For example, if you want to view weather data and statistics about your smart home, then you can create a [playlist]({{< relref "../dashboards/playlist.md" >}}). If you are the administrator for an enterprise and are managing Grafana for multiple teams, then you can set up [provisioning]({{< relref "../administration/server-administration/provisioning.md" >}}) and [authentication]({{< relref "../setup-grafana/configure-security/configure-authentication/" >}}).
The following sections provide an overview of Grafana features and links to product documentation to help you learn more. For more guidance and ideas, check out our [Grafana Community forums](https://community.grafana.com/).
@@ -39,7 +39,7 @@ Templating allows you to drill down into your data, say, from all data to North
## Configure Grafana
If you're a Grafana administrator, then you'll want to thoroughly familiarize yourself with [Grafana configuration options]({{< relref "../setup-grafana/configure-grafana/" >}}) and the [Grafana CLI]({{< relref "../administration/cli.md" >}}).
If you're a Grafana administrator, then you'll want to thoroughly familiarize yourself with [Grafana configuration options]({{< relref "../setup-grafana/configure-grafana/" >}}) and the [Grafana CLI]({{< relref "../cli.md" >}}).
Configuration covers both config files and environment variables. You can set up default ports, logging levels, email IP addresses, security, and more.
@@ -57,11 +57,11 @@ In Grafana Enterprise, you can also map users to teams: If your company has its
While it's easy to click, drag, and drop to create a single dashboard, power users in need of many dashboards will want to automate the setup with a script. You can script anything in Grafana.
For example, if you're spinning up a new Kubernetes cluster, you can also spin up a Grafana automatically with a script that would have the right server, IP address, and data sources preset and locked in so users cannot change them. It's also a way of getting control over a lot of dashboards. Refer to [Provisioning]({{< relref "../administration/provisioning.md" >}}) for more information.
For example, if you're spinning up a new Kubernetes cluster, you can also spin up a Grafana automatically with a script that would have the right server, IP address, and data sources preset and locked in so users cannot change them. It's also a way of getting control over a lot of dashboards. Refer to [Provisioning]({{< relref "../administration/server-administration/provisioning.md" >}}) for more information.
## Permissions
When organizations have one Grafana and multiple teams, they often want the ability to both keep things separate and share dashboards. You can create a team of users and then set permissions on [folders and dashboards]({{< relref "../administration/manage-users-and-permissions/manage-dashboard-permissions/_index.md" >}}), and down to the [data source level]({{< relref "../enterprise/datasource_permissions.md" >}}) if you're using [Grafana Enterprise]({{< relref "../enterprise/_index.md" >}}).
When organizations have one Grafana and multiple teams, they often want the ability to both keep things separate and share dashboards. You can create a team of users and then set permissions on [folders and dashboards]({{< relref "../administration/user-management/manage-dashboard-permissions/_index.md" >}}), and down to the [data source level]({{< relref "../administration/data-source-management/datasource-permissions.md" >}}) if you're using [Grafana Enterprise]({{< relref "../enterprise/_index.md" >}}).
## Other Grafana Labs OSS Projects

2
docs/sources/introduction/grafana-enterprise.md
View File

@@ -50,7 +50,7 @@ With [enhanced LDAP integration]({{< relref "../setup-grafana/configure-security
Grafana Enterprise adds the following features:
- [Role-based access control]({{< relref "../enterprise/access-control/" >}}) to control access with role-based permissions.
- [Data source permissions]({{< relref "../enterprise/datasource_permissions.md" >}}) to restrict query access to specific teams and users.
- [Data source permissions]({{< relref "../administration/data-source-management/datasource-permissions.md" >}}) to restrict query access to specific teams and users.
- [Data source query caching]({{< relref "../enterprise/query-caching.md" >}}) to temporarily store query results in Grafana to reduce data source load and rate limiting.
- [Reporting]({{< relref "../enterprise/reporting.md" >}}) to generate a PDF report from any dashboard and set up a schedule to have it emailed to whoever you choose.
- [Export dashboard as PDF]({{< relref "../enterprise/export-pdf.md" >}})

2
docs/sources/panels/_index.md
View File

@@ -14,6 +14,6 @@ The _panel_ is the basic visualization building block in Grafana. Each panel has
There are a wide variety of styling and formatting options for each panel. Panels can be dragged and dropped and rearranged on the dashboard. They can also be resized.
Before you begin, ensure that you have configured a data source. For more information about data sources, refer to [Data Sources]({{< relref "../datasources/" >}}).
Before you begin, ensure that you have configured a data source. For more information about data sources, refer to [Data Sources]({{< relref "../administration/data-source-management/" >}}).
{{< section >}}

46
docs/sources/plugins/_index.md
View File

@@ -1,46 +0,0 @@
---
aliases:
- /docs/grafana/latest/plugins/
title: Plugins
weight: 160
---
# Plugins
Besides the wide range of visualizations and data sources that are available immediately after you install Grafana, you can extend your Grafana experience with _plugins_.
You can [install]({{< relref "installation/" >}}) one of the plugins built by the Grafana community, or [build one yourself]({{< relref "../developers/plugins/" >}}).
Grafana supports three types of plugins: [panels](https://grafana.com/grafana/plugins?type=panel), [data sources](https://grafana.com/grafana/plugins?type=datasource), and [apps](https://grafana.com/grafana/plugins?type=app).
## Panel plugins
Add new visualizations to your dashboard with panel plugins, such as the [Worldmap Panel](https://grafana.com/grafana/plugins/grafana-worldmap-panel), [Clock](https://grafana.com/grafana/plugins/grafana-clock-panel), and [Pie Chart](https://grafana.com/grafana/plugins/grafana-piechart-panel).
Use panel plugins when you want to:
- Visualize data returned by data source queries.
- Navigate between dashboards.
- Control external systems, such as smart home devices.
## Data source plugins
Data source plugins add support for new databases, such as [Google BigQuery](https://grafana.com/grafana/plugins/doitintl-bigquery-datasource).
Data source plugins communicate with external sources of data and return the data in a format that Grafana understands. By adding a data source plugin, you can immediately use the data in any of your existing dashboards.
Use data source plugins when you want to import data from external systems.
## App plugins
Applications, or _app plugins_, bundle data sources and panels to provide a cohesive experience, such as the [Zabbix](https://grafana.com/grafana/plugins/alexanderzobnin-zabbix-app) app.
Apps can also add custom pages for things like control panels.
Use app plugins when you want to create an custom out-of-the-box monitoring experience.
## Learn more
- [Install plugins]({{< relref "installation/" >}})
- [Plugin signatures]({{< relref "plugin-signatures/" >}})
- Browse the available [Plugins](https://grafana.com/grafana/plugins)

82
docs/sources/plugins/catalog.md
View File

@@ -1,82 +0,0 @@
---
aliases:
- /docs/grafana/latest/plugins/catalog/
title: Plugin catalog
weight: 1
---
# Plugin catalog
The Plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and organization administrators can access and use the plugin catalog. The following access rules apply depending on the user role:
| Org Admin | Server Admin | Permissions |
| --------- | ------------ | ------------------------------------------------------------------------------------------- |
| &check; | &check; | <ul><li>Can configure app plugins</li><li>Can install/uninstall/update plugins</li></ul> |
| &check; | &times; | <ul><li>Can configure app plugins</li><li>Cannot install/uninstall/update plugins</li></ul> |
| &times; | &check; | <ul><li>Cannot configure app plugins</li><li>Can install/uninstall/update plugins</li></ul> |
> **Note:** The Plugin catalog is designed to work with a single Grafana server instance only. Support for Grafana clusters will be added in future Grafana releases.
<div class="medium-6 columns">
<video width="700" height="600" controls>
<source src="/static/assets/videos/plugins-catalog-install-8-1.mp4" type="video/mp4">
Your browser does not support the video tag.
</video>
</div>
In order to be able to install / uninstall / update plugins using plugin catalog, you must enable it via the `plugin_admin_enabled` flag in the [configuration]({{< relref "../setup-grafana/configure-grafana/#plugin_admin_enabled" >}}) file.
Before following the steps below, make sure you are logged in as a Grafana administrator.
<a id="#plugin-catalog-entry"></a>
Currently, there are two entry points to the Plugin catalog.
- Grafana server administrators can find it at **Server Admin >
Plugins**.
- Organization administrators can find it at **Configuration > Plugins**.
## Browse plugins
To browse for available plugins:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Click the **All** filter to browse all available plugins.
1. Click the **Data sources**, **Panels**, or **Applications** buttons to filter by plugin type.
![Plugin catalog browse](/static/img/docs/plugins/plugins-catalog-browse-8-1.png)
## Install a plugin
To install a plugin:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Browse and find a plugin.
1. Click on the plugin logo.
1. Click **Install**.
When the update is complete, you see a confirmation message that the installation was successful.
![Plugin catalog install](/static/img/docs/plugins/plugins-catalog-install-8-1.png)
## Update a plugin
To update a plugin:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Click on the plugin logo.
1. Click **Update**.
When the update is complete, you see a confirmation message that the update was successful.
![Plugin catalog update](/static/img/docs/plugins/plugins-catalog-update-8-1.png)
## Uninstall a plugin
To uninstall a plugin:
1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
1. Click on the plugin logo.
1. Click **Uninstall**.
When the update is complete, you see a confirmation message that the uninstall was successful.
![Plugin catalog uninstall](/static/img/docs/plugins/plugins-catalog-uninstall-8-1.png)

39
docs/sources/plugins/installation.md
View File

@@ -1,39 +0,0 @@
---
aliases:
- /docs/grafana/latest/plugins/installation/
title: Install plugins
weight: 1
---
# Install Grafana plugins
Grafana supports data source, panel, and app plugins. Having panels as plugins makes it easy to create and add any kind of panel, to show your data, or improve your favorite dashboards. Apps enable the bundling of data sources, panels, dashboards, and Grafana pages into a cohesive experience.
1. In a web browser, navigate to the official [Grafana Plugins page](https://grafana.com/plugins) and find a plugin that you want to install.
1. Click the plugin, and then click the **Installation** tab.
## Install plugin on Grafana Cloud
On the Installation tab, in the **For** field, click the name of the Grafana instance that you want to install the plugin on.
Grafana Cloud handles the plugin installation automatically.
If you are logged in to Grafana Cloud when you add a plugin, log out and back in again to use the new plugin.
## Install plugin on local Grafana
Follow the instructions on the Install tab. You can either install the plugin with a Grafana CLI command or by downloading and uncompress a .zip file into the Grafana plugins directory. We recommend using Grafana CLI in most instances. The .zip option is available if your Grafana server does not have access to the internet.
For more information about Grafana CLI plugin commands, refer to [Plugin commands]({{< relref "../administration/cli/#plugins-commands" >}}).
As of Grafana v8.0, a plugin catalog app was introduced in order to make managing plugins easier. For more information, refer to [Plugin catalog]({{< relref "catalog/" >}}).
### Install a packaged plugin
After the user has downloaded the archive containing the plugin assets, they can install it by extracting the archive into their plugin directory.
```
unzip my-plugin-0.2.0.zip -d YOUR_PLUGIN_DIR/my-plugin
```
The path to the plugin directory is defined in the configuration file. For more information, refer to [Configuration]({{< relref "../setup-grafana/configure-grafana/#plugins" >}}).

53
docs/sources/plugins/plugin-signatures.md
View File

@@ -1,53 +0,0 @@
---
aliases:
- /docs/grafana/latest/plugins/plugin-signature-verification/
- /docs/grafana/latest/plugins/plugin-signatures/
title: Plugin signatures
type: docs
---
# Plugin signatures
Plugin signature verification (signing) is a security measure to make sure plugins haven't been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.
At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to **Configuration** -> **Plugins**.
Grafana also writes an error message to the server log:
```bash
WARN[05-26|12:00:00] Some plugin scanning errors were found errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"
```
If you are a plugin developer and want to know how to sign your plugin, refer to [Sign a plugin]({{< relref "../developers/plugins/sign-a-plugin/" >}}).
| Signature status | Description |
| ------------------ | ------------------------------------------------------------------------------- |
| Core | Core plugin built into Grafana. |
| Invalid signature | The plugin has a invalid signature. |
| Modified signature | The plugin has changed since it was signed. This may indicate malicious intent. |
| Unsigned | The plugin is not signed. |
| Signed | The plugin signature was successfully verified. |
## Plugin signature levels
All plugins is signed under a _signature level_. The signature level determines how the plugin can be distributed.
| **Plugin Level** | **Description** |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Private | <p>Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog.</p> |
| Community | <p>Community plugins have dependent technologies that are open source and not for profit.</p><p>Community plugins are published in the official Grafana catalog, and are available to the Grafana community.</p> |
| Commercial | <p>Commercial plugins have dependent technologies that are closed source or commercially backed.</p><p>Commercial Plugins are published on the official Grafana catalog, and are available to the Grafana community.</p> |
## Allow unsigned plugins
> **Note:** Unsigned plugins are not supported in Grafana Cloud.
We strongly recommend that you don't run unsigned plugins in your Grafana instance. If you're aware of the risks and you still want to load an unsigned plugin, refer to [Configuration]({{< relref "../setup-grafana/configure-grafana/#allow_loading_unsigned_plugins" >}}).
If you've allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log:
```bash
WARN[06-01|16:45:59] Running an unsigned plugin pluginID=<plugin id>
```
> **Note:** If you're developing a plugin, then you can enable development mode to allow all unsigned plugins.

8
docs/sources/release-notes/_index.md
View File

@@ -10,12 +10,12 @@ weight: 10000
Here you can find detailed release notes that list everything that is included in every release as well as notices
about deprecations, breaking changes as well as changes that relate to plugin development.
- [Release notes for 9.0.0]({{< relref "release-notes-9-0-0" >}})
- [Release notes for 9.0.0-beta3]({{< relref "release-notes-9-0-0-beta3" >}})
- [Release notes for 9.0.0]({{< relref "release-notes-9-0-0/" >}})
- [Release notes for 9.0.0-beta3]({{< relref "release-notes-9-0-0-beta3/" >}})
- [Release notes for 9.0.0-beta2]({{< relref "release-notes-9-0-0-beta2/" >}})
- [Release notes for 9.0.0-beta1]({{< relref "release-notes-9-0-0-beta1/" >}})
- [Release notes for 8.5.6]({{< relref "release-notes-8-5-6" >}})
- [Release notes for 8.5.5]({{< relref "release-notes-8-5-5" >}})
- [Release notes for 8.5.6]({{< relref "release-notes-8-5-6/" >}})
- [Release notes for 8.5.5]({{< relref "release-notes-8-5-5/" >}})
- [Release notes for 8.5.4]({{< relref "release-notes-8-5-4/" >}})
- [Release notes for 8.5.3]({{< relref "release-notes-8-5-3/" >}})
- [Release notes for 8.5.2]({{< relref "release-notes-8-5-2/" >}})

8
docs/sources/administration/configure-docker.md → docs/sources/setup-grafana/configure-docker.md
View File

@@ -8,13 +8,13 @@ keywords:
- configuration
- documentation
- docker
title: Configure Grafana Docker image
weight: 200
title: Configure Docker image
weight: 1800
---
# Configure a Grafana Docker image
If you are running Grafana in a Docker image, then you configure Grafana using [environment variables]({{< relref "../setup-grafana/configure-grafana/#configure-with-environment-variables" >}}) rather than directly editing the configuration file. If you want to save your data, then you also need to designate persistent storage or bind mounts for the Grafana container.
If you are running Grafana in a Docker image, then you configure Grafana using [environment variables]({{< relref "../../administration/setup-grafana/configure-grafana/#configure-with-environment-variables" >}}) rather than directly editing the configuration file. If you want to save your data, then you also need to designate persistent storage or bind mounts for the Grafana container.
> **Note:** These examples use the Grafana Enterprise docker image. You can use the Grafana Open Source edition by changing the docker image to `grafana/grafana-oss`.
@@ -59,7 +59,7 @@ The following settings are hard-coded when launching the Grafana Docker containe
## Logging
Logs in the Docker container go to standard out by default, as is common in the Docker world. Change this by setting a different [log mode]({{< relref "../setup-grafana/configure-grafana/#mode" >}}).
Logs in the Docker container go to standard out by default, as is common in the Docker world. Change this by setting a different [log mode]({{< relref "../../administration/setup-grafana/configure-grafana/#mode" >}}).
Example:

12
docs/sources/setup-grafana/configure-grafana/_index.md
View File

@@ -26,7 +26,7 @@ If you installed Grafana using the `deb` or `rpm` packages, then your configurat
### Docker
Refer to [Configure a Grafana Docker image]({{< relref "../../administration/configure-docker/" >}}) for information about environmental variables, persistent storage, and building custom Docker images.
Refer to [Configure a Grafana Docker image]({{< relref "../configure-docker/" >}}) for information about environmental variables, persistent storage, and building custom Docker images.
### Windows
@@ -170,7 +170,7 @@ Override log path using the command line argument `cfg:default.paths.logs`:
### plugins
Directory where Grafana automatically scans and looks for plugins. For information about manually or automatically installing plugins, refer to [Install Grafana plugins]({{< relref "../../plugins/installation/" >}}).
Directory where Grafana automatically scans and looks for plugins. For information about manually or automatically installing plugins, refer to [Install Grafana plugins]({{< relref "../../administration/plugins/installation/" >}}).
**macOS:** By default, the Mac plugin location is: `/usr/local/var/lib/grafana/plugins`.
@@ -1269,7 +1269,7 @@ The interval string is a possibly signed sequence of decimal numbers, followed b
## [unified_alerting.screenshots]
For more information about screenshots, refer to [Images in notifications]({{< relref "../../alerting/images-in-notifications" >}}).
For more information about screenshots, refer to [Images in notifications]({{< relref "../../alerting/images-in-notifications/" >}}).
### capture
@@ -1722,13 +1722,13 @@ Set to `true` if you want to test alpha plugins that are not yet ready for gener
Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
We do _not_ recommend using this option. For more information, refer to [Plugin signatures]({{< relref "../../plugins/plugin-signatures/" >}}).
We do _not_ recommend using this option. For more information, refer to [Plugin signatures]({{< relref "../../administration/plugin-management/" >}}).
### plugin_admin_enabled
Available to Grafana administrators only, enables installing / uninstalling / updating plugins directly from the Grafana UI. Set to `true` by default. Setting it to `false` will hide the install / uninstall / update controls.
For more information, refer to [Plugin catalog]({{< relref "../../plugins/catalog/" >}}).
For more information, refer to [Plugin catalog]({{< relref "../../administration/plugins/catalog/" >}}).
### plugin_admin_external_manage_enabled
@@ -2000,4 +2000,4 @@ Refer to the [dashboards previews]({{< relref "../../dashboards/previews/" >}})
## [rbac]
Refer to [Role-based access control]({{< relref "../../enterprise/access-control/about-rbac/" >}}) for more information.
Refer to [Role-based access control]({{< relref "../../administration/roles-and-permissions/access-control/about-rbac/" >}}) for more information.

2
docs/sources/setup-grafana/configure-grafana/enterprise-configuration.md
View File

@@ -9,7 +9,7 @@ weight: 100
# Configure Grafana Enterprise
This page describes Grafana Enterprise-specific configuration options that you can specify in a `.ini` configuration file or using environment variables. Refer to [Configuration]({{< relref "./" >}}) for more information about available configuration options.
This page describes Grafana Enterprise-specific configuration options that you can specify in a `.ini` configuration file or using environment variables. Refer to [Configuration]({{< relref "/" >}}) for more information about available configuration options.
## [enterprise]

2
docs/sources/setup-grafana/configure-security/_index.md
View File

@@ -42,7 +42,7 @@ Users with the Viewer role can enter _any possible query_ in _any_ of the data s
To address this vulnerability, you can restrict data source query access in the following ways:
- Create multiple data sources with some restrictions added in data source configuration that restrict access (like database name or credentials). Then use the [Data Source Permissions]({{< relref "../../enterprise/datasource_permissions/" >}}) Enterprise feature to restrict user access to the data source in Grafana.
- Create multiple data sources with some restrictions added in data source configuration that restrict access (like database name or credentials). Then use the [Data Source Permissions]({{< relref "../../administration/data-source-management/datasource-permissions/" >}}) Enterprise feature to restrict user access to the data source in Grafana.
- Create a separate Grafana organization, and in that organization, create a separate data source. Make sure the data source has some option/user/credentials setting that limits access to a subset of the data. Not all data sources have an option to limit access.
## Implications of enabling anonymous access to dashboards

2
docs/sources/setup-grafana/configure-security/configure-authentication/auth-proxy.md
View File

@@ -308,4 +308,4 @@ a login token and cookie. You only have to configure your auth proxy to provide
Requests via other routes will be authenticated using the cookie.
Use settings `login_maximum_inactive_lifetime_duration` and `login_maximum_lifetime_duration` under `[auth]` to control session
lifetime. [Read more about login tokens]({{< relref "./#login-and-short-lived-tokens" >}})
lifetime. [Read more about login tokens]({{< relref "/#login-and-short-lived-tokens" >}})

2
docs/sources/setup-grafana/configure-security/configure-database-encryption/_index.md
View File

@@ -18,7 +18,7 @@ Grafana encrypts these secrets before they are written to the database, by using
Since Grafana v9.0, it uses [envelope encryption](#envelope-encryption) by default, which adds a layer of indirection to the
encryption process that represents an [**implicit breaking change**](#implicit-breaking-change) for older versions of Grafana.
For further details about how to operate a Grafana instance with envelope encryption, see the [Operational work]({{< relref "./#operational-work" >}}) section below.
For further details about how to operate a Grafana instance with envelope encryption, see the [Operational work]({{< relref "/#operational-work" >}}) section below.
> **Note:** In Grafana Enterprise, you can also choose to [encrypt secrets in AES-GCM mode]({{< relref "#changing-your-encryption-mode-to-aes-gcm" >}}) instead of AES-CFB.

2
docs/sources/setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-aws-kms.md
View File

@@ -25,7 +25,7 @@ You can use an encryption key from AWS Key Management Service to encrypt secrets
3. Create a [programmatic credential](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys) (access key ID and secret access key), which has permission to view the key that you created.
<br><br>In AWS, you can control access to your KMS keys by using [key policies](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html), [IAM policies](https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html), and [grants](https://docs.aws.amazon.com/kms/latest/developerguide/grants.html). You can also create [temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html), which must provide a session token along with an access key ID and a secret access key.
4. From within Grafana, turn on [envelope encryption]({{< relref "./#envelope-encryption" >}}).
4. From within Grafana, turn on [envelope encryption]({{< relref "/#envelope-encryption" >}}).
5. Add your AWS KMS details to the Grafana configuration file; depending on your operating system, it is usually named `grafana.ini`:
<br><br>a. Add a new section to the configuration file, with a name in the format of `[security.encryption.awskms.<KEY-NAME>]`, where `<KEY-NAME>` is any name that uniquely identifies this key among other provider keys.
<br><br>b. Fill in the section with the following values:

2
docs/sources/setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-azure-key-vault.md
View File

@@ -26,7 +26,7 @@ You can use an encryption key from Azure Key Vault to encrypt secrets in the Gra
5. In the Key Permissions section, set encrypt and decrypt permissions, and click **Save**.
6. From within Grafana, turn on [envelope encryption]({{< relref "./" >}}).
6. From within Grafana, turn on [envelope encryption]({{< relref "/" >}}).
7. Add your Azure Key Vault details to the Grafana configuration file; depending on your operating system, is usually named `grafana.ini`:
<br><br>a. Add a new section to the configuration file, with a name in the format of `[security.encryption.azurekv.<KEY-NAME>]`, where `<KEY-NAME>` is any name that uniquely identifies this key among other provider keys.

2
docs/sources/setup-grafana/configure-security/configure-database-encryption/encrypt-secrets-using-google-cloud-kms.md
View File

@@ -24,7 +24,7 @@ You can use an encryption key from Google Cloud Key Management Service to encryp
4. [Create a service account key and save its JSON file](https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating) to you computer, for example, as `~/.config/gcloud/sample-project-credentials.json`.
5. From within Grafana, turn on [envelope encryption]({{< relref "./#envelope-encryption" >}}).
5. From within Grafana, turn on [envelope encryption]({{< relref "/#envelope-encryption" >}}).
6. Add your Google Cloud KMS details to the Grafana configuration file; depending on your operating system, is usually named `grafana.ini`:
<br><br>a. Add a new section to the configuration file, with a name in the format of `[security.encryption.azurekv.<KEY-NAME>]`, where `<KEY-NAME>` is any name that uniquely identifies this key among other provider keys.

Some files were not shown because too many files have changed in this diff Show More