IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Document orgs roles and orgs endpoints (#42171)

Browse Source 
* AccessControl: Document `orgs` roles and `orgs` endpoints

* Use maintainer instead of manager
This commit is contained in:
Gabriel MABILLE 2021-11-24 10:08:55 +01:00 committed by GitHub
parent eea0e6a6c0
commit a93e649af5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 82 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/sources/enterprise/access-control/fine-grained-access-control-references.md
View File

@ -35,16 +35,16 @@ The reference information that follows complements conceptual information about
| `fixed:licensing:reader` | `licensing:read`<br>`licensing.reports:read` | Read licensing information and licensing reports. | | `fixed:licensing:reader` | `licensing:read`<br>`licensing.reports:read` | Read licensing information and licensing reports. |
| `fixed:licensing:writer` | All permissions from `fixed:licensing:viewer` and <br>`licensing:update`<br>`licensing:delete` | Read licensing information and licensing reports, update and delete the license token. | | `fixed:licensing:writer` | All permissions from `fixed:licensing:viewer` and <br>`licensing:update`<br>`licensing:delete` | Read licensing information and licensing reports, update and delete the license token. |
| `fixed:provisioning:writer` | `provisioning:reload` | Reload provisioning. | | `fixed:provisioning:writer` | `provisioning:reload` | Reload provisioning. |
| `fixed:orgs:reader` | `orgs:read`<br>`orgs.quotas:read` | Read the organization and its quotas. | | `fixed:organization:reader` | `orgs:read`<br>`orgs.quotas:read` | Read an organization and its quotas. |
| `fixed:orgs:writer` | All permissions from `fixed:orgs:reader` and <br> `orgs:write`<br>`orgs:delete`<br>`orgs.quotas:write` | Create, read, write, or delete an organization. Read or write its quotas. | | `fixed:organization:writer` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write` | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences. |
| `fixed:current.org:reader` | `orgs:read`<br>`orgs.quotas:read` | Read the current organization, such as its ID, name, address, or quotas. | | `fixed:organization:maintainer` | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write` | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally. |
| `fixed:current.org:writer` | All permissions from `fixed:current.orgs:reader` and <br> `orgs:write`<br>`orgs.quotas:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write` | Read the current organization, its quotas, or its preferences. Update the current organization properties, or its preferences. | | |
## Default built-in role assignments ## Default built-in role assignments
| Built-in role | Associated role | Description | | Built-in role | Associated role | Description |
| ------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:orgs:reader`<br>`fixed:orgs:writer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. | | Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
| Admin | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:current.org:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br> | Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. | | Admin | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br> | Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Editor | `fixed:datasources:explorer` | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. | | Editor | `fixed:datasources:explorer` | Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Viewer | `fixed:datasources:id:reader` | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. | | Viewer | `fixed:datasources:id:reader`<br>`fixed:organization:reader` | Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |

72
docs/sources/http_api/org.md
View File

@ -20,6 +20,14 @@ the admin of all organizations API only works with basic authentication, see [Ad
`GET /api/org/` `GET /api/org/`
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| --------- | ----- |
| orgs:read | N/A |
**Example Request**: **Example Request**:
```http ```http
@ -94,6 +102,14 @@ Accessible to users with org admin role, admin in any folder or admin of any tea
Mainly used by Grafana UI for providing list of users when adding team members and Mainly used by Grafana UI for providing list of users when adding team members and
when editing folder/dashboard permissions. when editing folder/dashboard permissions.
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| -------------- | -------- |
| org.users:read | users:\* |
**Example Request**: **Example Request**:
```http ```http
@ -186,6 +202,14 @@ Content-Type: application/json
`PUT /api/org` `PUT /api/org`
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| ---------- | ----- |
| orgs:write | N/A |
**Example Request**: **Example Request**:
```http ```http
@ -259,6 +283,14 @@ is called `admin` and has permission to use this API).
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api). Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| --------- | ----- |
| orgs:read | N/A |
**Example Request**: **Example Request**:
```http ```http
@ -293,6 +325,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api). Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope | Note |
| --------- | ----- | ------------------------------ |
| orgs:read | N/A | Needs to be assigned globally. |
**Example Request**: **Example Request**:
```http ```http
@ -327,6 +367,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api). Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope | Note |
| ----------- | ----- | ------------------------------ |
| orgs:create | N/A | Needs to be assigned globally. |
**Example Request**: **Example Request**:
```http ```http
@ -362,6 +410,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api). Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope | Note |
| --------- | ----- | ------------------------------ |
| orgs:read | N/A | Needs to be assigned globally. |
**Example Request**: **Example Request**:
```http ```http
@ -396,6 +452,14 @@ Content-Type: application/json
Update Organization, fields _Address 1_, _Address 2_, _City_ are not implemented yet. Update Organization, fields _Address 1_, _Address 2_, _City_ are not implemented yet.
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api). Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| ---------- | ----- |
| orgs:write | N/A |
**Example Request**: **Example Request**:
```http ```http
@ -423,6 +487,14 @@ Content-Type: application/json
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api). Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
#### Required permissions
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.
| Action | Scope |
| ----------- | ----- |
| orgs:delete | N/A |
**Example Request**: **Example Request**:
```http ```http