apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34677 Commits
1680 Branches
645 Tags
2.2 GiB
Tag: Branch: Tree: 647f749652
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '647f749652'
${ noResults }
grafana/docs/sources/enterprise/access-control/_index.md

75 lines
4.8 KiB
Raw Normal View History Unescape

Docs: Document fine-grained access control (#33563)
5 years ago
+++
title = "Fine-grained access control"
description = "Grant, change, or revoke access to Grafana resources"
keywords = ["grafana", "fine-grained-access-control", "roles", "permissions", "enterprise"]
weight = 100
+++
# Fine-grained access control
> **Note:** Fine-grained access control is in beta, and you can expect changes in future releases.
PackageJson: Prettify markdown/mdx on commit with lint-staged (#37616) * Format md,mdx files with prettier on lint-staged * Manually run prettier on docs/sources
4 years ago
Fine-grained access control provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as users and reports.
Docs: refactored manage users and permissions content (#44343) * initial refactor * initial draft for teams * restructed topics, added front matter * modified aliases * removes old files * removed files * initial refactor * initial draft for teams * restructed topics, added front matter * modified aliases * removes old files * removed files * final xrefs updates * xref adjustment * copy updates * copy and content updates to about, add to org, add user, admin * copy updates to remove user from org * update org vs server admin section names, cross-link * cross-link add and invite users to org * add remaining cross-links between org and server admin * add dashboard permissions table * add permissions information to teams * add copy invite instructions to invite management * tweaks and link updates * incorporated PM feedback * fixed xrefs * yarn prettier * fix codespell * combined teams and dashboard permissions content Co-authored-by: Mitchel Seaman <mitchel.seaman@gmail.com>
4 years ago
Fine-grained access control works alongside the current Grafana permissions, and it allows you granular control of users’ actions. For more information about Grafana permissions, refer to [About users and permissions]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md" >}}).
Docs: Document fine-grained access control (#33563)
5 years ago
To learn more about how fine-grained access control works, refer to [Roles]({{< relref "./roles.md" >}}) and [Permissions]({{< relref "./permissions.md" >}}).
To use the fine-grained access control system, refer to [Fine-grained access control usage scenarios]({{< relref "./usage-scenarios.md" >}}).
## Access management
Fine-grained access control considers a) _who_ has an access (`identity`), and b) _what they can do_ and on which _Grafana resource_ (`role`).
You can grant, change, or revoke access to _users_ (`identity`). When an authenticated user tries to access a Grafana resource, the authorization system checks the required fine-grained permissions for the resource and determines whether or not the action is allowed. Refer to [Fine-grained permissions]({{< relref "./permissions.md" >}}) for a complete list of available permissions.
[Docs] Document FGAC user role assignment (#41797)
4 years ago
Refer to [Assign roles]({{< relref "./roles.md#assign-roles" >}}) to learn about grant or revoke access to your users.
Docs: Document fine-grained access control (#33563)
5 years ago
## Resources with fine-grained permissions
Docs: Update the coverage of fine-grained access control (#41398) * Docs: Update the coverage of fine-grained access control * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com>
4 years ago
Fine-grained access control is available for the following capabilities:
- [Use Explore mode]({{< relref "../../explore/_index.md" >}})
Docs: refactored manage users and permissions content (#44343) * initial refactor * initial draft for teams * restructed topics, added front matter * modified aliases * removes old files * removed files * initial refactor * initial draft for teams * restructed topics, added front matter * modified aliases * removes old files * removed files * final xrefs updates * xref adjustment * copy updates * copy and content updates to about, add to org, add user, admin * copy updates to remove user from org * update org vs server admin section names, cross-link * cross-link add and invite users to org * add remaining cross-links between org and server admin * add dashboard permissions table * add permissions information to teams * add copy invite instructions to invite management * tweaks and link updates * incorporated PM feedback * fixed xrefs * yarn prettier * fix codespell * combined teams and dashboard permissions content Co-authored-by: Mitchel Seaman <mitchel.seaman@gmail.com>
4 years ago
- [Manage users]({{< relref "../../administration/manage-users-and-permissions/manage-server-users/_index.md" >}})
Docs: Update the coverage of fine-grained access control (#41398) * Docs: Update the coverage of fine-grained access control * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com>
4 years ago
- [Manage LDAP authentication]({{< relref "../../auth/ldap/_index.md" >}})
- [Manage data sources]({{< relref "../../datasources/_index.md" >}})
- [Manage data source permissions]({{< relref "../datasource_permissions.md" >}})
- [Manage a Grafana Enterprise license]({{< relref "../license/_index.md" >}})
- [Provision Grafana]({{< relref "../../administration/provisioning/_index.md" >}})
- [Manage reports]({{< relref "../reporting.md" >}})
- [View server information]({{< relref "../../administration/view-server/_index.md" >}})
Access-control: documentation for general folder uid restrictions (#47567) * add caveats for general folder * expand the list of resources covered by fgac * Update folder.md remove unneeded comment
4 years ago
- [Manage teams]({{< relref "../../administration/manage-users-and-permissions/manage-teams/_index.md" >}})
- [Manage dashboards and folders]({{< relref "../../dashboards/_index.md" >}})
- [Manage annotations]({{< relref "../../visualizations/annotations.md" >}})
Alerting: Update RBAC documentation with information about alerting (#47858) Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
4 years ago
- [Alerting]({{< relref "../../alerting/unified-alerting/_index.md">}})
Docs: Update the coverage of fine-grained access control (#41398) * Docs: Update the coverage of fine-grained access control * Apply suggestions from code review Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com> Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> Co-authored-by: Mitch Seaman <mjseaman@users.noreply.github.com>
4 years ago
To learn about specific endpoints where you can use fine-grained access control, refer to [Permissions]({{< relref "./permissions.md" >}}) and to the relevant [API]({{< relref "../../http_api/_index.md" >}}) documentation.
Docs: Document fine-grained access control (#33563)
5 years ago
## Enable fine-grained access control
Fine-grained access control is available behind the `accesscontrol` feature toggle in Grafana Enterprise 8.0+.
AccessControl: Fix docs link to localhost (#36233) * AccessControl Correct link to localhost * Removed extra parenthesis in relref definition
5 years ago
You can enable it either in a [config file]({{< relref "../../administration/configuration.md#config-file-locations" >}}) or by [configuring an environment variable]({{< relref "../../administration/configuration/#configure-with-environment-variables" >}}).
Docs: Document fine-grained access control (#33563)
5 years ago
### Enable in config file
AccessControl: Fix docs link to localhost (#36233) * AccessControl Correct link to localhost * Removed extra parenthesis in relref definition
5 years ago
In your [config file]({{< relref "../../administration/configuration.md#config-file-locations" >}}), add `accesscontrol` as a [feature_toggle]({{< relref "../../administration/configuration.md#feature_toggle" >}}).
Docs: Document fine-grained access control (#33563)
5 years ago
```
[feature_toggles]
# enable features, separated by spaces
enable = accesscontrol
```
### Enable with an environment variable
You can use `GF_FEATURE_TOGGLES_ENABLE = accesscontrol` environment variable to override the config file configuration and enable fine-grained access control.
Add docs for service accounts 8.5 (#46801) * initial doc for service accounts * service account token calls complete * service account tasks * Update docs/sources/http_api/serviceaccount.md * adding a token to the service account * removed unused file * refactor: review comments * feat: add API key documentation * fix: spelling * Update docs/sources/administration/service-accounts/about-service-accounts.md Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Update docs/sources/administration/service-accounts/about-service-accounts.md Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Update docs/sources/http_api/serviceaccount.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/service-accounts/enable-service-accounts.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/service-accounts/enable-service-accounts.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/service-accounts/enable-service-accounts.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/service-accounts/enable-service-accounts.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/service-accounts/enable-service-accounts.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/api-keys/about-api-keys.md * refactor: based on review * removed the permissions for apikeys, as they are not necessary * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/administration/service-accounts/create-service-account.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * update based on review * Fix formatting of bullet points * formatting * refcator Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
4 years ago
Refer to [Configuring with environment variables]({{< relref "../../administration/configuration.md#/#override-configuration-with-environment-variables" >}}) for more information.
Docs: Document fine-grained access control (#33563)
5 years ago
### Verify if enabled
You can verify if fine-grained access control is enabled or not by sending an HTTP request to the [Check endpoint]({{< relref "../../http_api/access_control.md#check-if-enabled" >}}).
Access-control: documentation for general folder uid restrictions (#47567) * add caveats for general folder * expand the list of resources covered by fgac * Update folder.md remove unneeded comment
4 years ago
## Caveats
If you have created a folder with unique identifier (uid) set to "general", you will not be able to manage its permissions with fine-grained access control.
Any [folder permissions]({{< relref "../../administration/manage-users-and-permissions/manage-dashboard-permissions/_index.md" >}}) set for this folder will be disregarded when fine-grained access control is enabled.