IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-29 04:04:00 -06:00
Code Issues Packages Projects Releases Wiki Activity

update RBAC for OnCall documentation (#80828)

Browse Source 
* update RBAC for OnCall documentation

* Update docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* fix typo

---------

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
This commit is contained in:
Joey Orlando 2024-01-22 11:18:39 -05:00 committed by GitHub
parent cf13cb9f70
commit afc3380a38
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md
View File

@ -128,37 +128,7 @@ You can enable feature toggles through configuration file or environment variabl
{{% /admonition %}}
If you are using [Grafana OnCall](https://grafana.com/docs/oncall/latest/get-started/), you can try out the integration between Grafana OnCall and RBAC.
This will allow you to control access to different OnCall features using the following RBAC roles:
| Fixed role | Permissions | Description |
| --------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- |
| `plugins:grafana-oncall-app:reader` | `plugins.app:access`<br>`grafana-oncall-app.alert-groups:read`<br>`grafana-oncall-app.integrations:read`<br>`grafana-oncall-app.escalation-chains:read`<br>`grafana-oncall-app.schedules:read`<br>`grafana-oncall-app.chatops:read`<br>`grafana-oncall-app.outgoing-webhooks:read`<br>`grafana-oncall-app.maintenance:read`<br>`grafana-oncall-app.notification-settings:read`<br>`grafana-oncall-app.user-settings:read`<br>`grafana-oncall-app.other-settings:read` | Read everything in OnCall. |
| `plugins:grafana-oncall-app:oncaller` | All permissions from `plugins:grafana-oncall-app:reader` and `grafana-oncall-app.alert-groups:write`<br>`grafana-oncall-app.schedules:write` | Read everything in OnCall and edit alert groups and schedules. |
| `plugins:grafana-oncall-app:editor` | All permissions from `plugins:grafana-oncall-app:oncaller` and `grafana-oncall-app.notifications:read`<br>`grafana-oncall-app.integrations:test`<br>`grafana-oncall-app.schedules:export`<br>`grafana-oncall-app.chatops:write`<br>`grafana-oncall-app.maintenance:write`<br>`grafana-oncall-app.notification-settings:write`<br>`grafana-oncall-app.user-settings:write` | Read everything in OnCall and edit alert groups, schedules, ChatOps, maintenance, notification settings, and user's own settings. |
| `plugins:grafana-oncall-app:admin` | All permissions from `plugins:grafana-oncall-app:editor` and `grafana-oncall-app.integrations:write`<br>`grafana-oncall-app.escalation-chains:write`<br>`grafana-oncall-app.chatops:update-settings:write`<br>`grafana-oncall-app.outgoing-webhooks:write`<br>`grafana-oncall-app.api-keys:write`<br>`grafana-oncall-app.user-settings:admin`<br>`grafana-oncall-app.other-settings:write` | Read and edit everything in OnCall. |
| `plugins:grafana-oncall-app:alert-groups-reader` | `plugins.app:access`<br>`grafana-oncall-app.alert-groups:read` | Read OnCall alert groups. |
| `plugins:grafana-oncall-app:alert-groups-editor` | `plugins.app:access`<br>`grafana-oncall-app.alert-groups:read`<br>`grafana-oncall-app.alert-groups:write` | Create, read, update and delete OnCall alert groups. |
| `plugins:grafana-oncall-app:integrations-reader` | `plugins.app:access`<br>`grafana-oncall-app.integrations:read` | Read OnCall integrations. |
| `plugins:grafana-oncall-app:integrations-editor` | `plugins.app:access`<br>`grafana-oncall-app.integrations:read`<br>`grafana-oncall-app.integrations:write`<br>`grafana-oncall-app.integrations:test` | Create, read, update and delete OnCall integrations. |
| `plugins:grafana-oncall-app:escalation-chains-reader` | `plugins.app:access`<br>`grafana-oncall-app.escalation-chains:read` | Read OnCall escalation chains. |
| `plugins:grafana-oncall-app:escalation-chains-editor` | `plugins.app:access`<br>`grafana-oncall-app.escalation-chains:read`<br>`grafana-oncall-app.escalation-chains:write` | Create, read, update and delete OnCall escalation chains. |
| `plugins:grafana-oncall-app:schedules-reader` | `plugins.app:access`<br>`grafana-oncall-app.schedules:read` | Read OnCall schedules. |
| `plugins:grafana-oncall-app:schedules-editor` | `plugins.app:access`<br>`grafana-oncall-app.schedules:read`<br>`grafana-oncall-app.schedules:write`<br>`grafana-oncall-app.schedules:export` | Create, read, update and delete OnCall schedules. |
| `plugins:grafana-oncall-app:chatops-reader` | `plugins.app:access`<br>`grafana-oncall-app.chatops:read` | Read OnCall ChatOps. |
| `plugins:grafana-oncall-app:chatops-editor` | `plugins.app:access`<br>`grafana-oncall-app.chatops:read`<br>`grafana-oncall-app.chatops:write`<br>`grafana-oncall-app.chatops:update-settings` | Read and update OnCall ChatOps. |
| `plugins:grafana-oncall-app:outgoing-webhooks-reader` | `plugins.app:access`<br>`grafana-oncall-app.outgoing-webhooks:read` | Read OnCall outgoing webhooks. |
| `plugins:grafana-oncall-app:outgoing-webhooks-editor` | `plugins.app:access`<br>`grafana-oncall-app.outgoing-webhooks:read`<br>`grafana-oncall-app.outgoing-webhooks:write` | Create, read, update and delete OnCall outgoing webhooks. |
| `plugins:grafana-oncall-app:maintenance-reader` | `plugins.app:access`<br>`grafana-oncall-app.maintenance:read` | Read OnCall maintenance. |
| `plugins:grafana-oncall-app:maintenance-editor` | `plugins.app:access`<br>`grafana-oncall-app.maintenance:read`<br>`grafana-oncall-app.maintenance:write` | Read and update OnCall maintenance. |
| `plugins:grafana-oncall-app:api-keys-reader` | `plugins.app:access`<br>`grafana-oncall-app.api-keys:read` | Read OnCall API keys. |
| `plugins:grafana-oncall-app:api-keys-editor` | `plugins.app:access`<br>`grafana-oncall-app.api-keys:read`<br>`grafana-oncall-app.api-keys:write` | Create, read, update and delete OnCall API keys. Also grants access to be able to consume the OnCall API. |
| `plugins:grafana-oncall-app:notification-settings-reader` | `plugins.app:access`<br>`grafana-oncall-app.notification-settings:read` | Read OnCall notification settings. |
| `plugins:grafana-oncall-app:notification-settings-editor` | `plugins.app:access`<br>`grafana-oncall-app.notification-settings:read`<br>`grafana-oncall-app.notification-settings:write` | Read and update OnCall notification settings. |
| `plugins:grafana-oncall-app:user-settings-reader` | `plugins.app:access`<br>`grafana-oncall-app.user-settings:read` | Read user's own OnCall user settings. |
| `plugins:grafana-oncall-app:user-settings-editor` | `plugins.app:access`<br>`grafana-oncall-app.user-settings:read`<br>`grafana-oncall-app.user-settings:write` | Read and update user's own OnCall user settings. |
| `plugins:grafana-oncall-app:user-settings-admin` | `plugins.app:access`<br>`grafana-oncall-app.user-settings:read`<br>`grafana-oncall-app.user-settings:write`<br>`grafana-oncall-app.user-settings:admin` | Read and update OnCall user settings for all users. |
| `plugins:grafana-oncall-app:settings-reader` | `plugins.app:access`<br>`grafana-oncall-app.other-settings:read` | Read OnCall settings. |
| `plugins:grafana-oncall-app:settings-editor` | `plugins.app:access`<br>`grafana-oncall-app.other-settings:read`<br>`grafana-oncall-app.other-settings:write` | Read and update OnCall settings. |
For a detailed list of the available OnCall RBAC roles, refer to the table in [Available Grafana OnCall RBAC roles and granted actions](https://grafana.com/docs/oncall/latest/user-and-team-management/#available-grafana-oncall-rbac-roles--granted-actions).
The following table lists the default RBAC OnCall role assignments to the basic roles: