IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Alerting: Update documentation to include new permissions for routes (#95437)

Browse Source 
* update documentation

* Update index.md
This commit is contained in:
Yuri Tseretyan 2024-10-30 05:09:32 -04:00 committed by GitHub
parent 5673fafbfb
commit c5bad9f843
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 42 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md
View File

@ -201,23 +201,25 @@ The following list contains role-based access control actions used by Grafana Ad
### Grafana Alerting Notification action definitions ### Grafana Alerting Notification action definitions
To enable these permissions, enable the `alertingApiServer` feature toggle. To use these permissions, enable the `alertingApiServer` feature toggle.
| Action | Applicable scopes | Description | | Action | Applicable scopes | Description |
| -------------------------------------------- | ---------------------------------- | --------------------------------------------------------------------------------------------------------------- | | -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- |
| `alert.notifications.receivers:read` | `receivers:*`<br>`receivers:uid:*` | Read contact points. None | | `alert.notifications.receivers:read` | `receivers:*`<br>`receivers:uid:*` | Read contact points. |
| `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*` | Export contact points with decrypted secrets.None | | `alert.notifications.receivers.secrets:read` | `receivers:*`<br>`receivers:uid:*` | Export contact points with decrypted secrets. |
| `alert.notifications.receivers:create` | None | Create a new contact points. The creator is automatically granted full access to the created contact point.None | | `alert.notifications.receivers:create` | None | Create a new contact points. The creator is automatically granted full access to the created contact point. |
| `alert.notifications.receivers:write` | `receivers:*`<br>`receivers:uid:*` | Update existing contact points.None | | `alert.notifications.receivers:write` | `receivers:*`<br>`receivers:uid:*` | Update existing contact points. |
| `alert.notifications.receivers:delete` | `receivers:*`<br>`receivers:uid:*` | Update and delete existing contact points.None | | `alert.notifications.receivers:delete` | `receivers:*`<br>`receivers:uid:*` | Update and delete existing contact points. |
| `receivers.permissions:read` | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points.None | | `receivers.permissions:read` | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points. |
| `receivers.permissions:write` | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points.None | | `receivers.permissions:write` | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points. |
| `alert.notifications.time-intervals:read` | None | Read mute time intervals.None | | `alert.notifications.time-intervals:read` | None | Read mute time intervals. |
| `alert.notifications.time-intervals:write` | None | Create new or update existing mute time intervals.None | | `alert.notifications.time-intervals:write` | None | Create new or update existing mute time intervals. |
| `alert.notifications.time-intervals:delete` | None | Delete existing time intervals.None | | `alert.notifications.time-intervals:delete` | None | Delete existing time intervals. |
| `alert.notifications.templates:read` | None | Read templates. | | `alert.notifications.templates:read` | None | Read templates. |
| `alert.notifications.templates:write` | None | Create new or update existing templates.None | | `alert.notifications.templates:write` | None | Create new or update existing templates. |
| `alert.notifications.templates:delete` | None | Delete existing templates.None | | `alert.notifications.templates:delete` | None | Delete existing templates. |
| `alert.notifications.routes:read` | None | Read notification policies. |
| `alert.notifications.routes:write` | None | Create new, update or delete notification policies |
## Scope definitions ## Scope definitions

11
docs/sources/alerting/set-up/configure-rbac/_index.md
View File

@ -52,7 +52,7 @@ Grafana Alerting has the following permissions.
| `alert.provisioning:write` | n/a | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required. | | `alert.provisioning:write` | n/a | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and data source are not required. |
| `alert.provisioning.provenance:write` | n/a | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources | | `alert.provisioning.provenance:write` | n/a | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources |
Contact point permissions. To enable these permissions, enable the `alertingApiServer` feature toggle. Contact point permissions. To enable API and user interface that use these permissions, enable the `alertingApiServer` feature toggle.
| Action | Applicable scope | Description | | Action | Applicable scope | Description |
| -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- | | -------------------------------------------- | ---------------------------------- | ----------------------------------------------------------------------------------------------------------- |
@ -64,7 +64,7 @@ Contact point permissions. To enable these permissions, enable the `alertingApiS
| `receivers.permissions:read` | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points. | | `receivers.permissions:read` | `receivers:*`<br>`receivers:uid:*` | Read permissions for contact points. |
| `receivers.permissions:write` | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points. | | `receivers.permissions:write` | `receivers:*`<br>`receivers:uid:*` | Manage permissions for contact points. |
Mute time interval permissions. To enable these permissions, enable the `alertingApiServer` feature toggle. Mute time interval permissions. To enable API and user interface that use these permissions, enable the `alertingApiServer` feature toggle.
| Action | Applicable scope | Description | | Action | Applicable scope | Description |
| ------------------------------------------- | ---------------- | -------------------------------------------------- | | ------------------------------------------- | ---------------- | -------------------------------------------------- |
@ -80,4 +80,11 @@ Notification template permissions. To enable these permissions, enable the `aler
| `alert.notifications.templates:write` | n/a | Create new or update existing templates. | | `alert.notifications.templates:write` | n/a | Create new or update existing templates. |
| `alert.notifications.templates:delete` | n/a | Delete existing templates. | | `alert.notifications.templates:delete` | n/a | Delete existing templates. |
Notification policies permissions. To enable API and user interface that use these permissions, enable the `alertingApiServer` feature toggle.
| Action | Applicable scope | Description |
| ---------------------------------- | ---------------- | ---------------------------------------------------- |
| `alert.notifications.routes:read` | n/a | Read notification policies. |
| `alert.notifications.routes:write` | n/a | Create new, update and update notification policies. |
To help plan your RBAC rollout strategy, refer to [Plan your RBAC rollout strategy](https://grafana.com/docs/grafana/next/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/). To help plan your RBAC rollout strategy, refer to [Plan your RBAC rollout strategy](https://grafana.com/docs/grafana/next/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/).

8
docs/sources/alerting/set-up/configure-rbac/access-roles/index.md
View File

@ -44,11 +44,11 @@ Fixed roles provide users more granular access to create, view, and update Alert
Details of the fixed roles and the access they provide for Grafana Alerting are below. Details of the fixed roles and the access they provide for Grafana Alerting are below.
| Display name in UI / Fixed role | Permissions | Description | | Display name in UI / Fixed role | Permissions | Description |
| ---------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | ---------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Silences Writer: `fixed:alerting.instances:writer` | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*` | Add and update silences in Grafana and external providers. | | Silences Writer: `fixed:alerting.instances:writer` | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*` | Add and update silences in Grafana and external providers. |
| Instances and Silences Reader: `fixed:alerting.instances:reader` | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*` | Read alert instances and silences in Grafana and external providers. | | Instances and Silences Reader: `fixed:alerting.instances:reader` | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*` | Read alert instances and silences in Grafana and external providers. |
| Notifications Writer: `fixed:alerting.notifications:writer` | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*` | Add, update, and delete notification policies and contact points in Grafana and external providers. | | Notifications Writer: `fixed:alerting.notifications:writer` | All permissions from `fixed:alerting.routes:writer`,<br> `fixed:alerting.receivers:creator`,<br> `fixed:alerting.receivers:writer`,<br> `fixed:alerting.templates:writer`,<br> `fixed:alerting.time-intervals:writer`and<br> `alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*` | Add, update, and delete notification policies and contact points in Grafana and external providers. |
| Notifications Reader: `fixed:alerting.notifications:reader` | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*` | Read notification policies and contact points in Grafana and external providers. | | Notifications Reader: `fixed:alerting.notifications:reader` | All permissions from `fixed:alerting.routes:reader`,<br> `fixed:alerting.receivers:reader`,<br> `fixed:alerting.templates:reader`,<br> `fixed:alerting.time-intervals:reader`and<br> `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*` | Read notification policies and contact points in Grafana and external providers. |
| Rules Writer: `fixed:alerting.rules:writer` | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all alert rules and manage rule-specific silences. | | Rules Writer: `fixed:alerting.rules:writer` | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` <br> `alert.silences:create` <br> `alert.silences:write` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*` | Create, update, and delete all alert rules and manage rule-specific silences. |
| Rules Reader: `fixed:alerting.rules:reader` | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list` | Read all alert rules and rule-specific silences in Grafana and external providers. | | Rules Reader: `fixed:alerting.rules:reader` | `alert.rule:read`, `alert.silences:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*` <br> `alert.notifications.time-intervals:read` <br> `alert.notifications.receivers:list` | Read all alert rules and rule-specific silences in Grafana and external providers. |
| Full access: `fixed:alerting:writer` | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer` | Add, update, and delete alert rules, silences, contact points, and notification policies in Grafana and external providers. | | Full access: `fixed:alerting:writer` | All permissions from `fixed:alerting.rules:writer` <br>`fixed:alerting.instances:writer`<br>`fixed:alerting.notifications:writer` | Add, update, and delete alert rules, silences, contact points, and notification policies in Grafana and external providers. |
@ -68,6 +68,8 @@ If you have enabled the `alertingApiServer` feature toggle, an additional set of
| Templates Writer: `fixed:alerting.templates:writer` | `alert.notifications.templates:read`, `alert.notifications.templates:write`, `alert.notifications.templates:delete` | Create new and manage existing notification templates. | | Templates Writer: `fixed:alerting.templates:writer` | `alert.notifications.templates:read`, `alert.notifications.templates:write`, `alert.notifications.templates:delete` | Create new and manage existing notification templates. |
| Time Intervals Reader: `fixed:alerting.time-intervals:reader` | `alert.notifications.time-intervals:read` | Read all time intervals. | | Time Intervals Reader: `fixed:alerting.time-intervals:reader` | `alert.notifications.time-intervals:read` | Read all time intervals. |
| Time Intervals Writer: `fixed:alerting.time-intervals:writer` | `alert.notifications.time-intervals:read`, `alert.notifications.time-intervals:write`, `alert.notifications.time-intervals:delete` | Create new and manage existing time intervals. | | Time Intervals Writer: `fixed:alerting.time-intervals:writer` | `alert.notifications.time-intervals:read`, `alert.notifications.time-intervals:write`, `alert.notifications.time-intervals:delete` | Create new and manage existing time intervals. |
| Notification Policies Reader: `fixed:alerting.routes:reader` | `alert.notifications.routes:read` | Read all time intervals. |
| Notification Policies Writer: `fixed:alerting.routes:writer` | `alert.notifications.routes:read` `alert.notifications.routes:write` | Create new and manage existing time intervals. |
## Create custom roles ## Create custom roles