IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
c72881a8b1
grafana/docs/sources/enterprise/access-control/_index.md
Christopher Moyer 46360ca0c3
Docs: refactored manage users and permissions content (#44343) 
* initial refactor

* initial draft for teams

* restructed topics, added front matter

* modified aliases

* removes old files

* removed files

* initial refactor

* initial draft for teams

* restructed topics, added front matter

* modified aliases

* removes old files

* removed files

* final xrefs updates

* xref adjustment

* copy updates

* copy and content updates to about, add to org, add user, admin

* copy updates to remove user from org

* update org vs server admin section names, cross-link

* cross-link add and invite users to org

* add remaining cross-links between org and server admin

* add dashboard permissions table

* add permissions information to teams

* add copy invite instructions to invite management

* tweaks and link updates

* incorporated PM feedback

* fixed xrefs

* yarn prettier

* fix codespell

* combined teams and dashboard permissions content

Co-authored-by: Mitchel Seaman <mitchel.seaman@gmail.com>
2022-02-15 13:20:45 -06:00

4.1 KiB
Raw Blame History

+++ title = "Fine-grained access control" description = "Grant, change, or revoke access to Grafana resources" keywords = ["grafana", "fine-grained-access-control", "roles", "permissions", "enterprise"] weight = 100 +++

Fine-grained access control

Note: Fine-grained access control is in beta, and you can expect changes in future releases.

Fine-grained access control provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as users and reports. Fine-grained access control works alongside the current Grafana permissions, and it allows you granular control of users actions. For more information about Grafana permissions, refer to [About users and permissions]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md" >}}).

To learn more about how fine-grained access control works, refer to [Roles]({{< relref "./roles.md" >}}) and [Permissions]({{< relref "./permissions.md" >}}). To use the fine-grained access control system, refer to [Fine-grained access control usage scenarios]({{< relref "./usage-scenarios.md" >}}).

Access management

Fine-grained access control considers a) who has an access (identity), and b) what they can do and on which Grafana resource (role).

You can grant, change, or revoke access to users (identity). When an authenticated user tries to access a Grafana resource, the authorization system checks the required fine-grained permissions for the resource and determines whether or not the action is allowed. Refer to [Fine-grained permissions]({{< relref "./permissions.md" >}}) for a complete list of available permissions.

Refer to [Assign roles]({{< relref "./roles.md#assign-roles" >}}) to learn about grant or revoke access to your users.

Resources with fine-grained permissions

Fine-grained access control is available for the following capabilities:

  • [Use Explore mode]({{< relref "../../explore/_index.md" >}})
  • [Manage users]({{< relref "../../administration/manage-users-and-permissions/manage-server-users/_index.md" >}})
  • [Manage LDAP authentication]({{< relref "../../auth/ldap/_index.md" >}})
  • [Manage data sources]({{< relref "../../datasources/_index.md" >}})
  • [Manage data source permissions]({{< relref "../datasource_permissions.md" >}})
  • [Manage a Grafana Enterprise license]({{< relref "../license/_index.md" >}})
  • [Provision Grafana]({{< relref "../../administration/provisioning/_index.md" >}})
  • [Manage reports]({{< relref "../reporting.md" >}})
  • [View server information]({{< relref "../../administration/view-server/_index.md" >}})

To learn about specific endpoints where you can use fine-grained access control, refer to [Permissions]({{< relref "./permissions.md" >}}) and to the relevant [API]({{< relref "../../http_api/_index.md" >}}) documentation.

Enable fine-grained access control

Fine-grained access control is available behind the accesscontrol feature toggle in Grafana Enterprise 8.0+. You can enable it either in a [config file]({{< relref "../../administration/configuration.md#config-file-locations" >}}) or by [configuring an environment variable]({{< relref "../../administration/configuration/#configure-with-environment-variables" >}}).

Enable in config file

In your [config file]({{< relref "../../administration/configuration.md#config-file-locations" >}}), add accesscontrol as a [feature_toggle]({{< relref "../../administration/configuration.md#feature_toggle" >}}).

[feature_toggles]
# enable features, separated by spaces
enable = accesscontrol

Enable with an environment variable

You can use GF_FEATURE_TOGGLES_ENABLE = accesscontrol environment variable to override the config file configuration and enable fine-grained access control.

Refer to [Configuring with environment variables]({{< relref "../../administration/configuration.md#configure-with-environment-variables" >}}) for more information.

Verify if enabled

You can verify if fine-grained access control is enabled or not by sending an HTTP request to the [Check endpoint]({{< relref "../../http_api/access_control.md#check-if-enabled" >}}).