IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Role mapping: Add new query parameter to docs (#94413)

Browse Source 
* small doc addition

* swagger gen

* pr feedback
This commit is contained in:
Ieva 2024-10-08 17:53:21 +01:00 committed by GitHub
parent 19844220db
commit 8cade5c550
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/sources/developers/http_api/access_control.md
View File

@ -566,6 +566,7 @@ Lists the roles that have been directly assigned to a given user. The list does
Query Parameters:
- `includeHidden`: Optional. Set to `true` to include roles that are `hidden`.
- `includeMapped`: Optional. Set to `true` to include roles that have been mapped through the group attribute sync feature.
#### Required permissions

4
public/api-enterprise-spec.json
View File

@ -228,7 +228,7 @@
},
"/access-control/roles/{roleUID}/assignments": {
"get": {
"description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.",
"description": "Get role assignments for the role with the given UID.\nDoes not include role assignments mapped through group attribute sync.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.",
"tags": [
"access_control",
"enterprise"
@ -582,7 +582,7 @@
}
},
"put": {
"description": "Update the users role assignments to match the provided set of UIDs. This will remove any assigned roles that arent in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they wont be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.",
"description": "Update the users role assignments to match the provided set of UIDs. This will remove any assigned roles that arent in the request and add roles that are in the set but are not already assigned to the user.\nRoles mapped through group attribute sync are not impacted.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they wont be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.",
"tags": [
"access_control",
"enterprise"

4
public/api-merged.json
View File

@ -228,7 +228,7 @@
},
"/access-control/roles/{roleUID}/assignments": {
"get": {
"description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.",
"description": "Get role assignments for the role with the given UID.\nDoes not include role assignments mapped through group attribute sync.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.",
"tags": [
"access_control",
"enterprise"
@ -582,7 +582,7 @@
}
},
"put": {
"description": "Update the users role assignments to match the provided set of UIDs. This will remove any assigned roles that arent in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they wont be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.",
"description": "Update the users role assignments to match the provided set of UIDs. This will remove any assigned roles that arent in the request and add roles that are in the set but are not already assigned to the user.\nRoles mapped through group attribute sync are not impacted.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they wont be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.",
"tags": [
"access_control",
"enterprise"

4
public/openapi3.json
View File

@ -13325,7 +13325,7 @@
},
"/access-control/roles/{roleUID}/assignments": {
"get": {
"description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.",
"description": "Get role assignments for the role with the given UID.\nDoes not include role assignments mapped through group attribute sync.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.",
"operationId": "getRoleAssignments",
"parameters": [
{
@ -13748,7 +13748,7 @@
]
},
"put": {
"description": "Update the users role assignments to match the provided set of UIDs. This will remove any assigned roles that arent in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they wont be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.",
"description": "Update the users role assignments to match the provided set of UIDs. This will remove any assigned roles that arent in the request and add roles that are in the set but are not already assigned to the user.\nRoles mapped through group attribute sync are not impacted.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they wont be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.",
"operationId": "setUserRoles",
"parameters": [
{