IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AccessControl: Document role display name (#40068)

Browse Source 
* docs: role displayname

* Update docs/sources/enterprise/access-control/roles.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* Update docs/sources/enterprise/access-control/roles.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* refactor: update accesscontrol based on fixed roles

* update displayname text

* Update docs/sources/enterprise/access-control/roles.md

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>

* updated group

Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
Co-authored-by: eleijonmarck <eleijonmarck@Erics-MBP.home>
This commit is contained in:
Eric Leijonmarck
2021-11-29 14:06:10 +00:00
committed by GitHub
parent e1a3b6a386
commit d997e051c2
3 changed files with 47 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/sources/enterprise/access-control/roles.md
View File

@@ -44,13 +44,17 @@ Role names must be unique within an organization.
Roles with names prefixed by `fixed:` are fixed roles created by Grafana and cannot be created or modified by users.
### Role display name
A roles display name is human friendly text that is displayed in the UI. When you create a display name for a role, use up to 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If the display name has not been set the display name replace any `:` (a colon) with ` ` (a space).
### Display name
A role's display name is intended as a human friendly identifier for the role, helping users understand the purpose of a role. The display name of the role is displayed in the role picker in the UI.
A roles display name is a human-friendly identifier for the role, so that users more easily understand the purpose of a role. You can see the display name in the role picker in the UI.
### Group
A role's group is used to organize roles in the role picker in the UI.
A roles group organizes roles in the role picker in the UI.
### Role version

36
docs/sources/enterprise/access-control/usage-scenarios.md
View File

@@ -33,8 +33,9 @@ Example response:
{
"version": 2,
"uid": "qQui_LCMk",
"name": "fixed:users:org:edit",
"description": "Allows every read action for user organizations and in addition allows to administer user organizations.",
"name": "fixed:users:org:writer",
"displayName": "Users Organization writer",
"description": "Within a single organization, add a user, invite a user, read information about a user and their role, remove a user from that organization, or change the role of a user.",
"global": true,
"updated": "2021-05-17T20:49:18+02:00",
"created": "2021-05-13T16:24:26+02:00"
@@ -42,8 +43,9 @@ Example response:
{
"version": 1,
"uid": "Kz9m_YjGz",
"name": "fixed:reporting:admin:edit",
"description": "Gives access to edit any report or the organization's general reporting settings.",
"name": "fixed:reports:writer",
"displayName": "Report writer",
"description": "Create, read, update, or delete all reports and shared report settings.",
"global": true,
"updated": "2021-05-13T16:24:26+02:00",
"created": "2021-05-13T16:24:26+02:00"
@@ -55,8 +57,9 @@ Example response:
{
"version": 2,
"uid": "qQui_LCMk",
"name": "fixed:users:org:edit",
"description": "Allows every read action for user organizations and in addition allows to administer user organizations.",
"name": "fixed:users:writer",
"displayName": "User writer",
"description": "Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a users authentication token, or update quotas for all users.",
"global": true,
"updated": "2021-05-17T20:49:18+02:00",
"created": "2021-05-13T16:24:26+02:00"
@@ -64,17 +67,9 @@ Example response:
{
"version": 2,
"uid": "ajum_YjGk",
"name": "fixed:users:admin:read",
"description": "Allows to list and get users and related information.",
"global": true,
"updated": "2021-05-17T20:49:17+02:00",
"created": "2021-05-13T16:24:26+02:00"
},
{
"version": 2,
"uid": "K3um_LCMk",
"name": "fixed:users:admin:edit",
"description": "Allows every read action for users and in addition allows to administer users.",
"name": "fixed:users:reader",
"displayName": "User reader",
"description": "Allows every read action for user organizations and in addition allows to administer user organizations.",
"global": true,
"updated": "2021-05-17T20:49:17+02:00",
"created": "2021-05-13T16:24:26+02:00"
@@ -98,8 +93,9 @@ Example response:
{
"version": 2,
"uid": "qQui_LCMk",
"name": "fixed:users:org:edit",
"description": "Allows every read action for user organizations and in addition allows to administer user organizations.",
"name": "fixed:users:writer",
"displayName": "User writer",
"description": "Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a users authentication token, or update quotas for all users.",
"global": true,
"permissions": [
{
@@ -151,6 +147,7 @@ curl --location --request POST '<grafana_url>/api/access-control/roles/' \
"version": 1,
"uid": "jZrmlLCkGksdka",
"name": "custom:users:admin",
"displayName": "custom users admin",
"description": "My custom role which gives users permissions to create users",
"global": true,
"permissions": [
@@ -168,6 +165,7 @@ Example response:
"version": 1,
"uid": "jZrmlLCkGksdka",
"name": "custom:users:admin",
"displayName": "custom users admin",
"description": "My custom role which gives users permissions to create users",
"global": true,
"permissions": [

43
docs/sources/http_api/access_control.md
View File

@@ -97,16 +97,14 @@ Content-Type: application/json; charset=UTF-8
Get a role for the given UID.
#### Required permissions
| Action | Scope |
| ---------- | -------- |
| roles:read | roles:\* |
#### Example request
```http
GET /api/access-control/roles/PYnDO3rMk
#### Required permissions
| Action | Scope |
| ---------- | -------- |
| roles:read | roles:\* |
#### Example request
```http
GET /api/access-control/roles/PYnDO3rMk
Accept: application/json
@@ -235,6 +233,7 @@ Content-Type: application/json
"description": "My custom role which gives users permissions to delete and write roles",
"group":"My Group",
"displayName": "My Custom Role",
"global": false,
"permissions": [
{
"action": "roles:delete",
@@ -278,6 +277,7 @@ Content-Type: application/json; charset=UTF-8
| Code | Description |
| ---- | ---------------------------------------------------------------------------------- |
| 200 | Role is updated. |
| 400 | Bad request (invalid json, missing content-type, missing or invalid fields, etc.). |
| 403 | Access denied |
| 404 | Role was not found to update. |
@@ -329,6 +329,7 @@ Content-Type: application/json
| 500 | Unexpected error. Refer to body and/or server logs for more details. |
## Create and remove user role assignments
### List roles assigned to a user
`GET /api/access-control/users/:userId/roles`
@@ -374,6 +375,7 @@ Content-Type: application/json; charset=UTF-8
| Action | Scope |
| ---------------------- | -------------------- |
| users.permissions:list | users:id:`<user ID>` |
#### Example request
@@ -759,18 +761,20 @@ Content-Type: application/json; charset=UTF-8
{
"version": 1,
"uid": "qQui_LCMk",
"name": "fixed:users:org:edit",
"description": "",
"global": false,
"name": "fixed:users:writer",
"name": "User writer",
"description": "Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a users authentication token, or update quotas for all users",
"global": true,
"updated": "2021-05-13T16:24:26+02:00",
"created": "2021-05-13T16:24:26+02:00"
},
{
"version": 1,
"uid": "PeXmlYjMk",
"name": "fixed:users:org:read",
"description": "",
"global": false,
"name": "fixed:users:reader",
"displayName": "User reader",
"description": "Allows every read action for user organizations and in addition allows to administer user organizations",
"global": true,
"updated": "2021-05-13T16:24:26+02:00",
"created": "2021-05-13T16:24:26+02:00"
}
@@ -779,9 +783,10 @@ Content-Type: application/json; charset=UTF-8
{
"version": 1,
"uid": "qQui_LCMk",
"name": "fixed:users:org:edit",
"description": "",
"global": false,
"name": "fixed:users:writer",
"displayName": "User writer",
"description": "Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a users authentication token, or update quotas for all users",
"global": true,
"updated": "2021-05-13T16:24:26+02:00",
"created": "2021-05-13T16:24:26+02:00"
}