Documentation for teams with FGAC (#45321)

* docs for teams with FGAC * Update docs/sources/enterprise/access-control/fine-grained-access-control-references.md Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2022-02-11 17:00:13 +00:00
parent 6fbf346747
commit 9ac4843df1
4 changed files with 136 additions and 17 deletions
--- a/docs/sources/http_api/external_group_sync.md
+++ b/docs/sources/http_api/external_group_sync.md
@@ -9,10 +9,21 @@ aliases = ["/docs/grafana/latest/http_api/external_group_sync/"]

 > External Group Synchronization is only available in Grafana Enterprise. Read more about [Grafana Enterprise]({{< relref "../enterprise" >}}).

+> If you have [Fine-grained access control]({{< relref "../enterprise/access-control/_index.md" >}}) enabled, access to endpoints will be controlled by Fine-grained access control permissions.
+> Refer to specific endpoints to understand what permissions are required.
+
 ## Get External Groups

 `GET /api/teams/:teamId/groups`

+#### Required permissions
+
+See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
+
+| Action                 | Scope    |
+| ---------------------- | -------- |
+| teams.permissions:read | teams:\* |
+
 **Example Request**:

 ```http
@@ -47,6 +58,14 @@ Status Codes:
 | Action                  | Scope    |
 | ----------------------- | -------- |
 | teams.permissions:write | teams:\* |
+
+**Example Request**:
+
+```http
+POST /api/teams/1/members HTTP/1.1
+Accept: application/json
+Content-Type: application/json
+Authorization: Basic YWRtaW46YWRtaW4=

 ```

@@ -81,6 +100,14 @@ Status Codes:
 **Example Request**:

 ```http
+DELETE /api/teams/1/groups/cn=editors,ou=groups,dc=grafana,dc=org HTTP/1.1
+Accept: application/json
+Content-Type: application/json
+Authorization: Basic YWRtaW46YWRtaW4=
+```
+
+**Example Response**:
+
 ```http
 HTTP/1.1 200
 Content-Type: application/json
--- a/docs/sources/http_api/team.md
+++ b/docs/sources/http_api/team.md
@@ -15,6 +15,9 @@ Access to these API endpoints is restricted as follows:
 - Organization Admins are able to manage all teams and team members.
 - If the `editors_can_admin` configuration flag is enabled, Organization Editors are able to view details of all teams and to manage teams that they are Admin members of.

+> If you are running Grafana Enterprise and have [Fine-grained access control]({{< relref "../enterprise/access-control/_index.md" >}}) enabled, access to endpoints will be controlled by Fine-grained access control permissions.
+> Refer to specific endpoints to understand what permissions are required.
+
 ## Team Search With Paging

 `GET /api/teams/search?perpage=50&page=1&query=myteam`
@@ -23,25 +26,23 @@ or

 `GET /api/teams/search?name=myteam`

+#### Required permissions
+
+See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
+
+| Action     | Scope    |
+| ---------- | -------- |
+| teams:read | teams:\* |
+
+**Example Request**:
+
 ```http
-GET /api/teams/search?perpage=10&page=1&query=myteam HTTP/1.1
+GET /api/teams/search?perpage=10&page=1&query=mytestteam HTTP/1.1
 Accept: application/json
 Content-Type: application/json
 Authorization: Basic YWRtaW46YWRtaW4=
 ```

-### Using the query parameter
-
-Default value for the `perpage` parameter is `1000` and for the `page` parameter is `1`.
-
-The `totalCount` field in the response can be used for pagination of the teams list E.g. if `totalCount` is equal to 100 teams and the `perpage` parameter is set to 10 then there are 10 pages of teams.
-
-The `query` parameter is optional and it will return results where the query value is contained in the `name` field. Query values with spaces need to be URL encoded e.g. `query=my%20team`.
-
-### Using the name parameter
-
-The `name` parameter returns a single team if the parameter matches the `name` field.
-
 **Example Response**:

 ```http
@@ -65,7 +66,19 @@ Content-Type: application/json
 #### Status Codes:

 - **200** - Ok
-Accept: application/json
+- **401** - Unauthorized
+- **403** - Permission denied
+- **404** - Team not found (if searching by name)
+
+## Get Team By Id
+
+`GET /api/teams/:id`
+
+#### Required permissions
+
+See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
+
+| Action     | Scope    |
 | ---------- | -------- |
 | teams:read | teams:\* |

@@ -76,6 +89,14 @@ Status Codes:
 Accept: application/json
 Content-Type: application/json
 Authorization: Basic YWRtaW46YWRtaW4=
+```
+
+**Example Response**:
+
+```http
+HTTP/1.1 200
+Content-Type: application/json
+
 ```

 Status Codes:
@@ -114,6 +135,14 @@ The Team `name` needs to be unique. `name` is required and `email`,`orgId` is op
 ```http
 HTTP/1.1 200
 Content-Type: application/json
+
+```
+
+Status Codes:
+
+- **200** - Ok
+- **401** - Unauthorized
+- **403** - Permission denied
 - **409** - Team name is taken

 ## Update Team
@@ -151,6 +180,14 @@ There are two fields that can be updated for a team: `name` and `email`.
 Status Codes:

 - **200** - Ok
+- **401** - Unauthorized
+- **403** - Permission denied
+- **404** - Team not found
+- **409** - Team name is taken
+
+## Delete Team By Id
+
+`DELETE /api/teams/:id`

 #### Required permissions

@@ -186,6 +223,14 @@ Status Codes:

 ## Get Team Members

+`GET /api/teams/:teamId/members`
+
+#### Required permissions
+
+See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
+
+| Action                 | Scope    |
+| ---------------------- | -------- |
 | teams.permissions:read | teams:\* |

 **Example Request**:
@@ -215,6 +260,14 @@ Status Codes:

 `POST /api/teams/:teamId/members`

+#### Required permissions
+
+See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
+
+| Action                  | Scope    |
+| ----------------------- | -------- |
+| teams.permissions:write | teams:\* |
+
 **Example Request**:

 ```http
@@ -260,6 +313,14 @@ Status Codes:
 Accept: application/json
 Content-Type: application/json
 Authorization: Basic YWRtaW46YWRtaW4=
+```
+
+**Example Response**:
+
+```http
+HTTP/1.1 200
+Content-Type: application/json
+
 ```

 Status Codes:
@@ -294,6 +355,14 @@ Status Codes:

 ```http
 HTTP/1.1 200
+Content-Type: application/json
+
+```
+
+## Update Team Preferences
+
+`PUT /api/teams/:teamId/preferences`
+
 #### Required permissions

 See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
@@ -323,6 +392,14 @@ Status Codes:
 **Example Response**:

 ```http
+HTTP/1.1 200
+Content-Type: text/plain; charset=utf-8
+
+```
+| Action     | Scope    |
+| ---------- | -------- |
+| teams:read | teams:\* |
+
 **Example Request**:

 ```http
@@ -349,6 +426,14 @@ Content-Type: application/json

 `PUT /api/teams/:teamId/preferences`

+#### Required permissions
+
+See note in the [introduction]({{< ref "#team-api" >}}) for an explanation.
+
+| Action      | Scope    |
+| ----------- | -------- |
+| teams:write | teams:\* |
+
 **Example Request**:

 ```http