mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
AccessControl: Alerting role grants folder read on all folders to viewers (#47278)
This commit is contained in:
Gabriel MABILLE
GitHub
parent
110d4661d7
commit
e430f5021d
@ -16,16 +16,12 @@ var (
|
|||||||
DisplayName: "Rules Reader",
|
DisplayName: "Rules Reader",
|
||||||
Description: "Can read alert rules in all Grafana folders and external providers",
|
Description: "Can read alert rules in all Grafana folders and external providers",
|
||||||
Group: AlertRolesGroup,
|
Group: AlertRolesGroup,
|
||||||
Version: 1,
|
Version: 2,
|
||||||
Permissions: []accesscontrol.Permission{
|
Permissions: []accesscontrol.Permission{
|
||||||
{
|
{
|
||||||
Action: accesscontrol.ActionAlertingRuleRead,
|
Action: accesscontrol.ActionAlertingRuleRead,
|
||||||
Scope: dashboards.ScopeFoldersAll,
|
Scope: dashboards.ScopeFoldersAll,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
Action: dashboards.ActionFoldersRead,
|
|
||||||
Scope: dashboards.ScopeFoldersAll,
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
Action: accesscontrol.ActionAlertingRuleExternalRead,
|
Action: accesscontrol.ActionAlertingRuleExternalRead,
|
||||||
Scope: datasources.ScopeAll,
|
Scope: datasources.ScopeAll,
|
||||||
@ -40,7 +36,7 @@ var (
|
|||||||
DisplayName: "Rules Editor",
|
DisplayName: "Rules Editor",
|
||||||
Description: "Can add, update, and delete rules in any Grafana folder and external providers",
|
Description: "Can add, update, and delete rules in any Grafana folder and external providers",
|
||||||
Group: AlertRolesGroup,
|
Group: AlertRolesGroup,
|
||||||
Version: 1,
|
Version: 2,
|
||||||
Permissions: accesscontrol.ConcatPermissions(rulesReaderRole.Role.Permissions, []accesscontrol.Permission{
|
Permissions: accesscontrol.ConcatPermissions(rulesReaderRole.Role.Permissions, []accesscontrol.Permission{
|
||||||
{
|
{
|
||||||
Action: accesscontrol.ActionAlertingRuleCreate,
|
Action: accesscontrol.ActionAlertingRuleCreate,
|
||||||
@ -154,7 +150,7 @@ var (
|
|||||||
DisplayName: "Full read-only access",
|
DisplayName: "Full read-only access",
|
||||||
Description: "Can read alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
|
Description: "Can read alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
|
||||||
Group: AlertRolesGroup,
|
Group: AlertRolesGroup,
|
||||||
Version: 1,
|
Version: 2,
|
||||||
Permissions: accesscontrol.ConcatPermissions(rulesReaderRole.Role.Permissions, instancesReaderRole.Role.Permissions, notificationsReaderRole.Role.Permissions),
|
Permissions: accesscontrol.ConcatPermissions(rulesReaderRole.Role.Permissions, instancesReaderRole.Role.Permissions, notificationsReaderRole.Role.Permissions),
|
||||||
},
|
},
|
||||||
Grants: []string{string(models.ROLE_VIEWER)},
|
Grants: []string{string(models.ROLE_VIEWER)},
|
||||||
@ -166,7 +162,7 @@ var (
|
|||||||
DisplayName: "Full access",
|
DisplayName: "Full access",
|
||||||
Description: "Can add,update and delete alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
|
Description: "Can add,update and delete alert rules, instances, silences, contact points, and notification policies in Grafana and all external providers",
|
||||||
Group: AlertRolesGroup,
|
Group: AlertRolesGroup,
|
||||||
Version: 1,
|
Version: 2,
|
||||||
Permissions: accesscontrol.ConcatPermissions(rulesEditorRole.Role.Permissions, instancesEditorRole.Role.Permissions, notificationsEditorRole.Role.Permissions),
|
Permissions: accesscontrol.ConcatPermissions(rulesEditorRole.Role.Permissions, instancesEditorRole.Role.Permissions, notificationsEditorRole.Role.Permissions),
|
||||||
},
|
},
|
||||||
Grants: []string{string(models.ROLE_EDITOR)},
|
Grants: []string{string(models.ROLE_EDITOR)},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user