Fine-grained access control references
The reference information that follows complements conceptual information about Roles.
Fine-grained access fixed roles
| Fixed roles | Permissions | Descriptions |
|---|
fixed:permissions:admin:read | roles:read
roles:list
roles.builtin:list | Allows to list and get available roles and built-in role assignments. |
fixed:permissions:admin:edit | All permissions from fixed:permissions:admin:read and
roles:write
roles:delete
roles.builtin:add
roles.builtin:remove | Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments. |
fixed:provisioning:admin | provisioning:reload | Allow provisioning configurations to be reloaded. |
fixed:reporting:admin:read | reports:read
reports:send
reports.settings:read | Allows to read reports and report settings. |
fixed:reporting:admin:edit | All permissions from fixed:reporting:admin:read and
reports.admin:write
reports:delete
reports.settings:write | Allows every read action for reports and in addition allows to administer reports. |
fixed:users:admin:read | users.authtoken:list
users.quotas:list
users:read
users.teams:read | Allows to list and get users and related information. |
fixed:users:admin:edit | All permissions from fixed:users:admin:read and
users.password:update
users:write
users:create
users:delete
users:enable
users:disable
users.permissions:update
users:logout
users.authtoken:update
users.quotas:update | Allows every read action for users and in addition allows to administer users. |
fixed:users:org:read | org.users:read | Allows to get user organizations. |
fixed:users:org:edit | All permissions from fixed:users:org:read and
org.users:add
org.users:remove
org.users.role:update | Allows every read action for user organizations and in addition allows to administer user organizations. |
fixed:ldap:admin:read | ldap.user:read
ldap.status:read | Allows to read LDAP information and status. |
fixed:ldap:admin:edit | All permissions from fixed:ldap:admin:read and
ldap.user:sync
ldap.config:reload | Allows every read action for LDAP and in addition allows to administer LDAP. |
fixed:server:admin:read | server.stats:read | Read server stats |
fixed:settings:admin:read | settings:read | Read settings |
fixed:settings:admin:edit | All permissions from fixed:settings:admin:read and
settings:write | Update settings |
fixed:datasources:editor:read | datasources:explore | Allows to access the Explore tab |
fixed:datasources:admin | datasources:read
datasources:create
datasources:write
datasources:delete | Allows to create, read, update, delete data sources. |
fixed:datasources:id:viewer | datasources.id:read | Allows to read data source IDs. |
fixed:datasources:permissions:admin | datasources.permissions:create
datasources.permissions:read
datasources.permissions:delete
datasources.permissions:toggle | Allows to create, read, delete, enable, or disable data source permissions |
Default built-in role assignments
| Built-in role | Associated role | Description |
|---|
| Grafana Admin | fixed:permissions:admin:edit
fixed:permissions:admin:read
fixed:provisioning:admin
fixed:reporting:admin:edit
fixed:reporting:admin:read
fixed:users:admin:edit
fixed:users:admin:read
fixed:users:org:edit
fixed:users:org:read
fixed:ldap:admin:edit
fixed:ldap:admin:read
fixed:server:admin:read
fixed:settings:admin:read
fixed:settings:admin:edit | Default Grafana server administrator assignments. |
| Admin | fixed:users:org:edit
fixed:users:org:read
fixed:reporting:admin:edit
fixed:reporting:admin:read
fixed:datasources:admin
fixed:datasources:permissions:admin | Default Grafana organization administrator assignments. |
| Editor | fixed:datasources:editor:read | Default Editor assignments. |
| Viewer | fixed:datasources:id:viewer | Default Viewer assignments. |
我的书签
添加书签
移除书签
