![]() ![]() For example, the teams:id:1 scope restricts the user’s action to the team with ID 1. For example, the teams.roles:read action allows a user to see a list of roles associated with each team.Ī scope describes where an action can be performed. An action defines the action a use can perform on a Grafana resource. If you are a Grafana Enterprise customer, you can create custom roles to manage user permissions in a way that meets your security requirements.Ĭustom roles contain unique combinations of permissions actions and scopes. To learn more about the permissions you can grant for each resource, refer to RBAC role definitions. Fixed roles provide users more granular access to create, view, and update the following Grafana resources: Or, you might want anyone with the editor role to also add and manage users. For example, you might want a user with the basic viewer role to also edit dashboards. You can also create custom roles of your own see more information in the custom roles section below.Īssign fixed roles when the basic roles do not meet your permission requirements. These roles are called “fixed” because you cannot change or delete fixed roles. ![]() This gives you fine-grained control over user permissions than you would have with basic roles alone. Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. To interact with the API and view or modify basic roles permissions, refer to the table that maps basic role names to the associated UID. Note that any modification to any of these basic role is not propagated to the other basic roles.įor example, if you modify Viewer basic role and grant additional permission, Editors or Admins won’t have that additional grant.įor more information about the permissions associated with each basic role, refer to Basic role definitions. You can use RBAC to modify the permissions associated with any basic role, which changes what viewers, editors, or admins can do. Note: You can’t have a Grafana user without a basic role assigned. Action: annotations:delete, Scope: annotations:type:dashboard: Enables the viewer to remove annotations from a dashboard.Action: annotations:write, Scope: annotations:type:dashboard: Enables the viewer to modify annotations of a dashboard.Action: annotations:create, Scope: annotations:type:dashboard: Enables the viewer to add annotations to a dashboard.Action: annotations:read, Scope: annotations:*: Enables the viewer to see annotations that other users have added to a dashboard.Action: orgs:read: Enables the viewer to see their organization details.Action: datasources.id:read, Scope: datasources:*: Enables the viewer to see the ID of a data source.For example, the viewer basic role contains the following permissions among others: Grafana includes the following basic roles:Įach basic role is comprised of a number of permissions. If you have purchased a Grafana Enterprise license, you can still use basic roles. RBAC roles contain multiple permissions, each of which has an action and a scope:īasic roles are the standard roles that are available in Grafana OSS. Create custom roles: for example, a role that allows users to create and edit dashboards, but not delete them.Assign fixed roles to users and teams: for example, grant an engineering team the ability to create data sources.Modify existing basic roles: for example, enable an editor to create reports.RBAC extends Grafana basic roles that are included in Grafana OSS, and enables you more granular control of users’ actions.īy using RBAC you can provide users with permissions that extend the permissions available with basic roles. Role-based access control (RBAC) provides a standardized way of granting, changing, and revoking access so that users can view and modify Grafana resources, such as users and reports. Grafana RBAC permissions, actions, and scopes.Plan your Grafana RBAC rollout strategy. ![]() RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings. Note: Available in Grafana Enterprise and Grafana Cloud Advanced. ![]() Grafana Cloud Enterprise Role-based access control (RBAC) ![]()
0 Comments
Leave a Reply. |