Auth: None basic role update docs (#75955)

* docs: update basic role * update docs * Update docs/sources/administration/user-management/manage-org-users/index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/index.md Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2 years ago · f10b4bc1da
parent 625b400faf
commit f10b4bc1da
6 changed files with 11 additions and 5 deletions
--- a/docs/sources/administration/roles-and-permissions/access-control/_index.md
+++ b/docs/sources/administration/roles-and-permissions/access-control/_index.md
@ -53,6 +53,7 @@ Grafana includes the following basic roles:
 - Organization administrator
 - Editor
 - Viewer
+- None

 Each basic role is comprised of a number of _permissions_. For example, the viewer basic role contains the following permissions among others:

@ -64,7 +65,7 @@ Each basic role is comprised of a number of _permissions_. For example, the view
 - `Action: annotations:delete, Scope: annotations:type:dashboard`: Enables the viewer to remove annotations from a dashboard.

 {{% admonition type="note" %}}
-You can't have a Grafana user without a basic role assigned.
+You can't have a Grafana user without a basic role assigned. The `None` role contains no permissions.
 {{% /admonition %}}

 #### Basic role modification
--- a/docs/sources/administration/roles-and-permissions/access-control/manage-rbac-roles/index.md
+++ b/docs/sources/administration/roles-and-permissions/access-control/manage-rbac-roles/index.md
@ -32,7 +32,7 @@ To see the permissions associated with basic roles, refer to the following basic

 | Basic role      | UID                   |
 | --------------- | --------------------- |
-| `No Basic Role` | `basic_none`          |
+| `None`          | `basic_none`          |
 | `Viewer`        | `basic_viewer`        |
 | `Editor`        | `basic_editor`        |
 | `Admin`         | `basic_admin`         |
--- a/docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/index.md
+++ b/docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy/index.md
@ -117,6 +117,11 @@ If you have a use case that you'd like to share, feel free to contribute to this
 1. Add dashboards to each folder.
 1. Use folder permissions to add US-based users as Editors to the `US` folder and assign EU-based users as Editors to the `EU` folder.

+### Assign a user specific set of roles
+
+1. Create a user with the `No Basic Role` selected under organization roles.
+1. Assign the user a set of fixed roles that meet your requirements.
+
 ### Create a custom role to access alerts in a specific folder

 To see an alert rule in Grafana, the user must have read access to the folder that stores the alert rule, permission to read alerts in the folder, and permission to query all data sources that the rule uses.
--- a/docs/sources/administration/user-management/manage-org-users/index.md
+++ b/docs/sources/administration/user-management/manage-org-users/index.md
@ -74,7 +74,7 @@ If you have [server administrator]({{< relref "../../roles-and-permissions/#graf

 ## Invite a user to join an organization

-When you invite users to join an organization, you assign the **Admin**, **Editor**, or **Viewer** role which controls user access to the dashboards and data sources owned by the organization. Users receive an email that prompts them to accept the invitation.
+When you invite users to join an organization, you assign the **Admin**, **Editor**, or **Viewer** role, or select **No basic role**. Organization roles control user access to resources, such as dashboards and data sources, owned by the organization. Users receive an email that prompts them to accept the invitation.

 - If you know that the user already has access Grafana and you know their user name, then you issue an invitation by entering their user name.
 - If the user is new to Grafana, then use their email address to issue an invitation. The system automatically creates the user account on first sign in.
--- a/docs/sources/setup-grafana/configure-grafana/enterprise-configuration/index.md
+++ b/docs/sources/setup-grafana/configure-grafana/enterprise-configuration/index.md
@ -314,7 +314,7 @@ List of comma- or space-separated organizations. Each user must be a member of a

 ### org_mapping

-List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `Viewer`, `Editor` or `Admin`.
+List of comma- or space-separated Organization:OrgId:Role mappings. Organization can be `*` meaning "All users". Role is optional and can have the following values: `Admin`, `Editor` ,`Viewer` or `None`.

 ### role_values_editor

--- a/docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
+++ b/docs/sources/setup-grafana/configure-security/configure-authentication/generic-oauth/index.md
@ -205,7 +205,7 @@ This section includes examples of JMESPath expressions used for role mapping.

 #### Map user organization role

-In this example, the user has been granted the role of an `Editor`. The role assigned is based on the value of the property `role`, which must be a valid Grafana role such as `Viewer`, `Editor` or `Admin`.
+In this example, the user has been granted the role of an `Editor`. The role assigned is based on the value of the property `role`, which must be a valid Grafana role such as `Admin`, `Editor`, `Viewer` or `None`.

 Payload: