diff --git a/docs/sources/enterprise/access-control/fine-grained-access-control-references.md b/docs/sources/enterprise/access-control/fine-grained-access-control-references.md
index 7feab2737ab..dd9d0eaf087 100644
--- a/docs/sources/enterprise/access-control/fine-grained-access-control-references.md
+++ b/docs/sources/enterprise/access-control/fine-grained-access-control-references.md
@@ -35,16 +35,16 @@ The reference information that follows complements conceptual information about
| `fixed:licensing:reader` | `licensing:read`
`licensing.reports:read` | Read licensing information and licensing reports. |
| `fixed:licensing:writer` | All permissions from `fixed:licensing:viewer` and
`licensing:update`
`licensing:delete` | Read licensing information and licensing reports, update and delete the license token. |
| `fixed:provisioning:writer` | `provisioning:reload` | Reload provisioning. |
-| `fixed:orgs:reader` | `orgs:read`
`orgs.quotas:read` | Read the organization and its quotas. |
-| `fixed:orgs:writer` | All permissions from `fixed:orgs:reader` and
`orgs:write`
`orgs:delete`
`orgs.quotas:write` | Create, read, write, or delete an organization. Read or write its quotas. |
-| `fixed:current.org:reader` | `orgs:read`
`orgs.quotas:read` | Read the current organization, such as its ID, name, address, or quotas. |
-| `fixed:current.org:writer` | All permissions from `fixed:current.orgs:reader` and
`orgs:write`
`orgs.quotas:write`
`orgs.preferences:read`
`orgs.preferences:write` | Read the current organization, its quotas, or its preferences. Update the current organization properties, or its preferences. |
+| `fixed:organization:reader` | `orgs:read`
`orgs.quotas:read` | Read an organization and its quotas. |
+| `fixed:organization:writer` | All permissions from `fixed:organization:reader` and
`orgs:write`
`orgs.preferences:read`
`orgs.preferences:write` | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences. |
+| `fixed:organization:maintainer` | All permissions from `fixed:organization:reader` and
`orgs:write`
`orgs:create`
`orgs:delete`
`orgs.quotas:write` | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally. |
+| |
## Default built-in role assignments
-| Built-in role | Associated role | Description |
-| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-| Grafana Admin | `fixed:roles:reader`
`fixed:roles:writer`
`fixed:users:reader`
`fixed:users:writer`
`fixed:org.users:reader`
`fixed:org.users:writer`
`fixed:ldap:reader`
`fixed:ldap:writer`
`fixed:stats:reader`
`fixed:settings:reader`
`fixed:settings:writer`
`fixed:provisioning:writer`
`fixed:orgs:reader`
`fixed:orgs:writer`
`fixed:licensing:reader`
`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
-| Admin | `fixed:reports:reader`
`fixed:reports:writer`
`fixed:datasources:reader`
`fixed:datasources:writer`
`fixed:current.org:writer`
`fixed:datasources.permissions:reader`
`fixed:datasources.permissions:writer`
| Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
-| Editor | `fixed:datasources:explorer` | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
-| Viewer | `fixed:datasources:id:reader` | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
+| Built-in role | Associated role | Description |
+| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
+| Grafana Admin | `fixed:roles:reader`
`fixed:roles:writer`
`fixed:users:reader`
`fixed:users:writer`
`fixed:org.users:reader`
`fixed:org.users:writer`
`fixed:ldap:reader`
`fixed:ldap:writer`
`fixed:stats:reader`
`fixed:settings:reader`
`fixed:settings:writer`
`fixed:provisioning:writer`
`fixed:organization:reader`
`fixed:organization:maintainer`
`fixed:licensing:reader`
`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
+| Admin | `fixed:reports:reader`
`fixed:reports:writer`
`fixed:datasources:reader`
`fixed:datasources:writer`
`fixed:organization:writer`
`fixed:datasources.permissions:reader`
`fixed:datasources.permissions:writer`
| Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
+| Editor | `fixed:datasources:explorer` | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
+| Viewer | `fixed:datasources:id:reader`
`fixed:organization:reader` | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
diff --git a/docs/sources/http_api/org.md b/docs/sources/http_api/org.md
index 16da11450dc..f2d963d7bac 100644
--- a/docs/sources/http_api/org.md
+++ b/docs/sources/http_api/org.md
@@ -20,6 +20,14 @@ the admin of all organizations API only works with basic authentication, see [Ad
`GET /api/org/`
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope |
+| --------- | ----- |
+| orgs:read | N/A |
+
**Example Request**:
```http
@@ -94,6 +102,14 @@ Accessible to users with org admin role, admin in any folder or admin of any tea
Mainly used by Grafana UI for providing list of users when adding team members and
when editing folder/dashboard permissions.
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope |
+| -------------- | -------- |
+| org.users:read | users:\* |
+
**Example Request**:
```http
@@ -186,6 +202,14 @@ Content-Type: application/json
`PUT /api/org`
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope |
+| ---------- | ----- |
+| orgs:write | N/A |
+
**Example Request**:
```http
@@ -259,6 +283,14 @@ is called `admin` and has permission to use this API).
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope |
+| --------- | ----- |
+| orgs:read | N/A |
+
**Example Request**:
```http
@@ -293,6 +325,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope | Note |
+| --------- | ----- | ------------------------------ |
+| orgs:read | N/A | Needs to be assigned globally. |
+
**Example Request**:
```http
@@ -327,6 +367,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope | Note |
+| ----------- | ----- | ------------------------------ |
+| orgs:create | N/A | Needs to be assigned globally. |
+
**Example Request**:
```http
@@ -362,6 +410,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope | Note |
+| --------- | ----- | ------------------------------ |
+| orgs:read | N/A | Needs to be assigned globally. |
+
**Example Request**:
```http
@@ -396,6 +452,14 @@ Content-Type: application/json
Update Organization, fields _Address 1_, _Address 2_, _City_ are not implemented yet.
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope |
+| ---------- | ----- |
+| orgs:write | N/A |
+
**Example Request**:
```http
@@ -423,6 +487,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
+#### Required permissions
+
+See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
+
+| Action | Scope |
+| ----------- | ----- |
+| orgs:delete | N/A |
+
**Example Request**:
```http