mirror of
https://github.com/grafana/grafana.git
synced 2025-02-20 11:48:34 -06:00
71c6d7285e
* document licensing permissions and roles * Update docs/sources/enterprise/access-control/fine-grained-access-control-references.md Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * Update docs/sources/enterprise/access-control/permissions.md Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> * update action name for "licensing.reports:read" * put licensing editor role back in, more table formatting Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
14 KiB
14 KiB
+++ title = "Fine-grained access control references" description = "Refer to fine-grained access control references" keywords = ["grafana", "fine-grained-access-control", "roles", "fixed-roles", "built-in-role-assignments", "permissions", "enterprise"] weight = 130 +++
Fine-grained access control references
The reference information that follows complements conceptual information about [Roles]({{< relref "./roles.md" >}}).
Fine-grained access fixed roles
| Fixed roles | Permissions | Descriptions |
|---|---|---|
fixed:permissions:admin:read |
roles:readroles:listroles.builtin:list |
Allows to list and get available roles and built-in role assignments. |
fixed:permissions:admin:edit |
All permissions from fixed:permissions:admin:read and roles:writeroles:deleteroles.builtin:addroles.builtin:remove |
Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments. |
fixed:provisioning:admin |
provisioning:reload |
Allow provisioning configurations to be reloaded. |
fixed:reporting:admin:read |
reports:readreports:sendreports.settings:read |
Allows to read reports and report settings. |
fixed:reporting:admin:edit |
All permissions from fixed:reporting:admin:read and reports.admin:writereports:deletereports.settings:write |
Allows every read action for reports and in addition allows to administer reports. |
fixed:users:admin:read |
users.authtoken:listusers.quotas:listusers:readusers.teams:read |
Allows to list and get users and related information. |
fixed:users:admin:edit |
All permissions from fixed:users:admin:read and users.password:updateusers:writeusers:createusers:deleteusers:enableusers:disableusers.permissions:updateusers:logoutusers.authtoken:updateusers.quotas:update |
Allows every read action for users and in addition allows to administer users. |
fixed:users:org:read |
org.users:read |
Allows to get user organizations. |
fixed:users:org:edit |
All permissions from fixed:users:org:read and org.users:addorg.users:removeorg.users.role:update |
Allows every read action for user organizations and in addition allows to administer user organizations. |
fixed:ldap:admin:read |
ldap.user:readldap.status:read |
Allows to read LDAP information and status. |
fixed:ldap:admin:edit |
All permissions from fixed:ldap:admin:read and ldap.user:syncldap.config:reload |
Allows every read action for LDAP and in addition allows to administer LDAP. |
fixed:server:admin:read |
server.stats:read |
Read server stats |
fixed:settings:admin:read |
settings:read |
Read settings |
fixed:settings:admin:edit |
All permissions from fixed:settings:admin:read andsettings:write |
Update settings |
fixed:datasources:editor:read |
datasources:explore |
Allows to access the Explore tab |
fixed:datasources:admin |
datasources:readdatasources:createdatasources:writedatasources:delete |
Allows to create, read, update, delete data sources. |
fixed:datasources:id:viewer |
datasources.id:read |
Allows to read data source IDs. |
fixed:datasources:permissions:admin |
datasources.permissions:createdatasources.permissions:readdatasources.permissions:deletedatasources.permissions:toggle |
Allows to create, read, delete, enable, or disable data source permissions |
fixed:licensing:viewer |
licensing:readlicensing.reports:read |
Read licensing information and custom permission reports. |
fixed:licensing:editor |
All permissions from fixed:licensing:viewer and licensing:updatelicensing:delete |
Read licensing information and custom permission reports, and update and delete the license token. |
Default built-in role assignments
| Built-in role | Associated role | Description |
|---|---|---|
| Grafana Admin | fixed:permissions:admin:editfixed:permissions:admin:readfixed:provisioning:adminfixed:reporting:admin:editfixed:reporting:admin:readfixed:users:admin:editfixed:users:admin:readfixed:users:org:editfixed:users:org:readfixed:ldap:admin:editfixed:ldap:admin:readfixed:server:admin:readfixed:settings:admin:readfixed:settings:admin:editfixed:licensing:editor |
Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments. |
| Admin | fixed:users:org:editfixed:users:org:readfixed:reporting:admin:editfixed:reporting:admin:readfixed:datasources:adminfixed:datasources:permissions:admin |
Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Editor | fixed:datasources:editor:read |
Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |
| Viewer | fixed:datasources:id:viewer |
Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments. |