apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29839 Commits
6009 Branches
596 Tags
1.8 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 99839ee060
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '99839ee060'
${ noResults }
grafana/docs/sources/enterprise/access-control/fine-grained-access-control...

3.2 KiB
Raw Blame History

+++ title = "Fine-grained access control references" description = "Refer to fine-grained access control references" keywords = ["grafana", "fine-grained-access-control", "roles", "fixed-roles", "built-in-role-assignments", "permissions", "enterprise"] weight = 130 +++

Fine-grained access control references

The reference information that follows complements conceptual information about [Roles]({{< relref "./roles.md" >}}).

Fine-grained access fixed roles

Fixed roles Permissions Descriptions
fixed:permissions:admin:read roles:read
roles:list
roles.builtin:list		 Allows to list and get available roles and built-in role assignments.
fixed:permissions:admin:edit All permissions from fixed:permissions:admin:read and
roles:write
roles:delete
roles.builtin:add
roles.builtin:remove		 Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments.
fixed:reporting:admin:read reports:read
reports:send
reports.settings:read		 Allows to read reports and report settings.
fixed:reporting:admin:edit All permissions from fixed:reporting:admin:read and
reports.admin:write
reports:delete
reports.settings:write		 Allows every read action for reports and in addition allows to administer reports.
fixed:users:admin:read users.authtoken:list
users.quotas:list
users:read
users.teams:read		 Allows to list and get users and related information.
fixed:users:admin:edit All permissions from fixed:users:admin:read and
users.password:update
users:write
users:create
users:delete
users:enable
users:disable
users.permissions:update
users:logout
users.authtoken:update
users.quotas:update		 Allows every read action for users and in addition allows to administer users.
fixed:users:org:read org.users:read Allows to get user organizations.
fixed:users:org:edit All permissions from fixed:users:org:read and
org.users:add
org.users:remove
org.users.role:update		 Allows every read action for user organizations and in addition allows to administer user organizations.
fixed:ldap:admin:read ldap.user:read
ldap.status:read		 Allows to read LDAP information and status.
fixed:ldap:admin:edit All permissions from fixed:ldap:admin:read and
ldap.user:sync		 Allows every read action for LDAP and in addition allows to administer LDAP.

Default built-in role assignments

Built-in roles Associated roles Descriptions
Grafana Admin fixed:permissions:admin:edit
fixed:permissions:admin:read
fixed:reporting:admin:edit
fixed:reporting:admin:read
fixed:users:admin:edit
fixed:users:admin:read
fixed:users:org:edit
fixed:users:org:read
fixed:ldap:admin:edit
fixed:ldap:admin:read		 Allows access to resources which [Grafana Server Admin]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) has permissions by default.
Admin fixed:users:org:edit
fixed:users:org:read
fixed:reporting:admin:edit
fixed:reporting:admin:read		 Allows access to resource which [Admin]({{< relref "../../permissions/organization_roles.md" >}}) has permissions by default.