apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

RBAC: Add available scopes to RBAC docs (#93131)

Browse Source 
* update the list with some allowed RBAC scopes

* extend the http api docs as well

* display without bulletpoints

* add prettier ignores
pull/93153/head
Ieva 8 months ago committed by GitHub
parent 831493278f
commit 3197c5de8d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 95 additions and 53 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md
  2. 57
      docs/sources/developers/http_api/annotations.md
  3. 46
      docs/sources/developers/http_api/dashboard.md
  4. 36
      docs/sources/developers/http_api/dashboard_permissions.md

9
docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md
Unescape View File

@ -65,11 +65,10 @@ The following list contains role-based access control actions.
| `alert.provisioning.secrets:read` | None | Same as `alert.provisioning:read` plus ability to export resources with decrypted secrets. |
| `alert.provisioning:write` | None | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and datasource are not required. |
| `alert.provisioning.provenance:write` | None | Set provisioning status for alerting resources. Cannot be used alone. Requires user to have permissions to access resources |
| `annotations:create` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Create annotations. |
| `annotations:delete` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Delete annotations. |
| `annotations:read` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Read annotations and annotation tags. |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li></ul> | Update annotations. |
| `apikeys:create` | None | Create API keys. |
| `annotations:create` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Create annotations. |
| `annotations:delete` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Delete annotations. |
| `annotations:read` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Read annotations and annotation tags. |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Update annotations. |
| `apikeys:read` | <ul><li>`apikeys:*`</li><li>`apikeys:id:*`</li></ul> | Read API keys. |
| `apikeys:delete` | <ul><li>`apikeys:*`</li><li>`apikeys:id:*`</li></ul> | Delete API keys. |
| `dashboards:create` | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> | Create dashboards in one or more folders and their subfolders. |

57
docs/sources/developers/http_api/annotations.md
Unescape View File

@ -32,9 +32,12 @@ Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annot
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ---------------- | ----------------------- |
| annotations:read | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:read` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -122,9 +125,12 @@ The format for `time` and `timeEnd` should be epoch numbers in millisecond resol
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ------------------ | ----------------------- |
| annotations:create | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:create` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Required JSON Body Fields**
@ -174,9 +180,9 @@ format (string with multiple tags being separated by a space).
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ------------------ | ----------------------------- |
| annotations:create | annotations:type:organization |
| Action | Scope |
| -------------------- | ------------------------------- |
| `annotations:create` | `annotations:type:organization` |
**Example Request**:
@ -215,9 +221,12 @@ Updates all properties of an annotation that matches the specified id. To only u
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | ----------------------- |
| annotations:write | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -260,9 +269,12 @@ This operation currently supports updating of the `text`, `tags`, `time` and `ti
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | ----------------------- |
| annotations:write | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:write` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -299,9 +311,12 @@ Deletes the annotation that matches the specified id.
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ------------------ | ----------------------- |
| annotations:delete | annotations:type:<type> |
<!-- prettier-ignore-start -->
| Action | Scope |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `annotations:delete` | <ul><li>`annotations:*`</li><li>`annotations:type:*`</li><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -333,9 +348,9 @@ Find all the event tags created in the annotations.
See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
| Action | Scope |
| ---------------- | ----- |
| annotations:read | N/A |
| Action | Scope |
| ------------------ | ----- |
| `annotations:read` | N/A |
**Example Request**:

46
docs/sources/developers/http_api/dashboard.md
Unescape View File

@ -43,9 +43,13 @@ Creates a new dashboard or updates an existing dashboard. When updating existing
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------- |
| `dashboards:create` | `folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:create` | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
| `dashboards:write` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request for new dashboard**:
@ -164,9 +168,12 @@ Will return the dashboard given the dashboard unique identifier (uid). Informati
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ----------------- | -------------- |
| `dashboards:read` | `dashboards:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ----------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:read` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -220,9 +227,12 @@ Will delete the dashboard given the specified unique identifier (uid).
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------------------------- |
| `dashboards:delete` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:delete` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -267,9 +277,12 @@ Will delete permanently the dashboard given the specified unique identifier (uid
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------------------------- |
| `dashboards:delete` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards:delete` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:
@ -314,9 +327,12 @@ Will restore a deleted dashboard given the specified unique identifier (uid).
See note in the [introduction]({{< ref "#dashboard-api" >}}) for an explanation.
| Action | Scope |
| ------------------- | ----------------------------- |
| `dashboards:create` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------- | ----------------------------------------------------- |
| `dashboards:create` | <ul><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example Request**:

36
docs/sources/developers/http_api/dashboard_permissions.md
Unescape View File

@ -44,9 +44,12 @@ Gets all existing permissions for the dashboard with the given `uid`.
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ----------------------------- | ------------------------------------- |
| `dashboards.permissions:read` | `dashboards:uid:*`<br>`folders:uid:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ----------------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:read` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:
@ -123,9 +126,12 @@ Updates permissions for a dashboard. This operation will remove existing permiss
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ------------------------------ | ------------------------------------- |
| `dashboards.permissions:write` | `dashboards:uid:*`<br>`folders:uid:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------------------ | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:write` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:
@ -192,9 +198,12 @@ Gets all existing permissions for the dashboard with the given `dashboardId`.
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ----------------------------- | ----------------------------- |
| `dashboards.permissions:read` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ----------------------------- | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:read` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:
@ -275,9 +284,12 @@ Updates permissions for a dashboard. This operation will remove existing permiss
See note in the [introduction]({{< ref "#dashboard-permission-api" >}}) for an explanation.
| Action | Scope |
| ------------------------------ | ----------------------------- |
| `dashboards.permissions:write` | `dashboards:*`<br>`folders:*` |
<!-- prettier-ignore-start -->
| Action | Scope |
| ------------------------------ | ------------------------------------------------------------------------------------------------------- |
| `dashboards.permissions:write` | <ul><li>`dashboards:*`</li><li>`dashboards:uid:*`</li><li>`folders:*`</li><li>`folders:uid:*`</li></ul> |
{ .no-spacing-list }
<!-- prettier-ignore-end -->
**Example request**:

Write Preview
Loading…
Cancel
Save