apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SAML UI: Fix permissions for fixed:authentication.config:writer role (#67290)

Browse Source 
* SAML UI: Fix permissions for fixed:authentication.config:writer role

* Remove read permissions for auth settings
pull/67124/head^2
Alexander Zobnin 3 years ago committed by GitHub
parent 0a9240aeba
commit 1d99500b3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 2 additions and 10 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md
  2. 2
      docs/sources/setup-grafana/configure-security/configure-authentication/saml-ui/index.md
  3. 8
      pkg/services/accesscontrol/roles.go

2
docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md
Unescape View File

@ -42,7 +42,7 @@ The following tables list permissions associated with basic and fixed roles.
| `fixed:annotations:writer` | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*` | Read, create, update and delete all annotations and annotation tags. |
| `fixed:apikeys:reader` | `apikeys:read` for scope `apikeys:*` | Read all api keys. |
| `fixed:apikeys:writer` | All permissions from `fixed:apikeys:reader` and <br> `apikeys:create` <br> `apikeys:delete` for scope `apikeys:*` | Read, create, delete all api keys. |
| `fixed:authentication.config:writer` | `settings:read` <br> `settings:write` for scopes `settings:auth:*` and `settings:auth.saml:*` | Read and update authentication and SAML settings. |
| `fixed:authentication.config:writer` | `settings:read` for scope `settings:auth.saml:*` <br> `settings:write` for scope `settings:auth.saml:*` | Read and update authentication and SAML settings. |
| `fixed:dashboards:creator` | `dashboards:create`<br>`folders:read` | Create dashboards. |
| `fixed:dashboards.insights:reader` | `dashboards.insights:read` | Read dashboard insights data and see presence indicators. |
| `fixed:dashboards.permissions:reader` | `dashboards.permissions:read` | Read all dashboard permissions. |

2
docs/sources/setup-grafana/configure-security/configure-authentication/saml-ui/index.md
Unescape View File

@ -25,7 +25,7 @@ The Grafana SAML UI provides the following advantages over configuring SAML in t
To follow this guide, you need:
- Knowledge of SAML authentication. Refer to [SAML authentication in Grafana]({{< relref "../saml/" >}}) for an overview of Grafana's SAML integration.
- Permissions `settings:read` and `settings:write` with scope `settings:auth:*` that allow you to read and update authentication settings.
- Permissions `settings:read` and `settings:write` with scope `settings:auth.saml:*` that allow you to read and update SAML authentication settings.
These permissions are granted by `fixed:authentication.config:writer` role.
By default, this role is granted to Grafana server administrator in self-hosted instances and to Organization admins in Grafana Cloud instances.

8
pkg/services/accesscontrol/roles.go
Unescape View File

@ -178,18 +178,10 @@ var (
Description: "Read and update authentication configuration and access configuration UI.",
Group: "Settings",
Permissions: []Permission{
{
Action: ActionSettingsRead,
Scope: ScopeSettingsAuth,
},
{
Action: ActionSettingsRead,
Scope: ScopeSettingsSAML,
},
{
Action: ActionSettingsWrite,
Scope: ScopeSettingsAuth,
},
{
Action: ActionSettingsWrite,
Scope: ScopeSettingsSAML,

Write Preview
Loading…
Cancel
Save