apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57496 Commits
2158 Branches
608 Tags
1.9 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 13cf67de53
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '13cf67de53'
${ noResults }
grafana/docs/sources/developers/http_api/datasource_permissions.md

8.9 KiB
Raw Blame History

aliases canonical description keywords labels title
[../../http_api/datasource_permissions/ ../../http_api/datasourcepermissions/] /docs/grafana/latest/developers/http_api/datasource_permissions/ Data Source Permissions API [grafana http documentation api datasource permission permissions acl enterprise] [{products [enterprise oss]}] Datasource Permissions HTTP API

Data Source Permissions API

The Data Source Permissions is only available in Grafana Enterprise. Read more about Grafana Enterprise.

If you are running Grafana Enterprise, for some endpoints you'll need to have specific permissions. Refer to Role-based access control permissions for more information.

This API can be used to list, add and remove permissions for a data source.

Permissions can be set for a user, team, service account or a basic role (Admin, Editor, Viewer).

Get permissions for a data source

GET /api/access-control/datasources/:uid

Gets all existing permissions for the data source with the given uid.

Required permissions

See note in the introduction for an explanation.

Action Scope
datasources.permissions:read datasources:*
datasources:uid:*
datasources:uid:my_datasource (single data source)

Examples

Example request:

GET /api/access-control/datasources/my_datasource HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 551

[
    {
        "id": 1,
        "roleName": "fixed:datasources:reader",
        "isManaged": false,
        "isInherited": false,
        "isServiceAccount": false,
        "userId": 1,
        "userLogin": "admin_user",
        "userAvatarUrl": "/avatar/admin_user",
        "actions": [
            "datasources:read",
            "datasources:query",
            "datasources:read",
            "datasources:query",
            "datasources:write",
            "datasources:delete"
        ],
        "permission": "Edit"
    },
    {
        "id": 2,
        "roleName": "managed:teams:1:permissions",
        "isManaged": true,
        "isInherited": false,
        "isServiceAccount": false,
        "team": "A team",
        "teamId": 1,
        "teamAvatarUrl": "/avatar/523d70c8551046f441727d690431858c",
        "actions": [
            "datasources:read",
            "datasources:query"
        ],
        "permission": "Query"
    },
    {
        "id": 3,
        "roleName": "basic:admin",
        "isManaged": false,
        "isInherited": false,
        "isServiceAccount": false,
        "builtInRole": "Admin",
        "actions": [
            "datasources:query",
            "datasources:read",
            "datasources:write",
            "datasources:delete"
        ],
        "permission": "Edit"
    },
]

Status codes:

  • 200 - Ok
  • 401 - Unauthorized
  • 403 - Access denied
  • 500 - Internal error

Add or revoke access to a data source for a user

POST /api/access-control/datasources/:uid/users/:id

Sets user permission for the data source with the given uid.

To add a permission, set the permission field to either Query, Edit, or Admin. To remove a permission, set the permission field to an empty string.

Required permissions

See note in the introduction for an explanation.

Action Scope
datasources.permissions:write datasources:*
datasources:uid:*
datasources:uid:my_datasource (single data source)

Examples

Example request:

POST /api/access-control/datasources/my_datasource/users/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "Query",
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission updated"}

Example request:

POST /api/access-control/datasources/my_datasource/users/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "",
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission removed"}

Status codes:

  • 200 - Ok
  • 400 - Permission cannot be added, see response body for details
  • 401 - Unauthorized
  • 403 - Access denied

Add or revoke access to a data source for a team

POST /api/access-control/datasources/:uid/teams/:id

Sets team permission for the data source with the given uid.

To add a permission, set the permission field to either Query, Edit, or Admin. To remove a permission, set the permission field to an empty string.

Required permissions

See note in the introduction for an explanation.

Action Scope
datasources.permissions:write datasources:*
datasources:uid:*
datasources:uid:my_datasource (single data source)

Examples

Example request:

POST /api/access-control/datasources/my_datasource/teams/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "Edit",
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission updated"}

Example request:

POST /api/access-control/datasources/my_datasource/teams/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "",
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission removed"}

Status codes:

  • 200 - Ok
  • 400 - Permission cannot be added, see response body for details
  • 401 - Unauthorized
  • 403 - Access denied

Add or revoke access to a data source for a basic role

POST /api/access-control/datasources/:uid/builtInRoles/:builtinRoleName

Sets permission for the data source with the given uid to all users who have the specified basic role.

You can set permissions for the following basic roles: Admin, Editor, Viewer.

To add a permission, set the permission field to either Query, Edit, or Admin. To remove a permission, set the permission field to an empty string.

Required permissions

See note in the introduction for an explanation.

Action Scope
datasources.permissions:write datasources:*
datasources:uid:*
datasources:uid:my_datasource (single data source)

Examples

Example request:

POST /api/access-control/datasources/my_datasource/builtInRoles/Admin
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "Edit",
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission updated"}

Example request:

POST /api/access-control/datasources/my_datasource/builtInRoles/Viewer
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "",
}

Example response:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission removed"}

Status codes:

  • 200 - Ok
  • 400 - Permission cannot be added, see response body for details
  • 401 - Unauthorized
  • 403 - Access denied