Fine-grained access control references

下载Grafana 来源:Grafana 浏览 266 扫码分享 2022-09-14 11:40:50

Fine-grained access control references
- Fine-grained access fixed roles
- Default built-in role assignments

Fine-grained access control references

The reference information that follows complements conceptual information about Roles.

Fine-grained access fixed roles

Fixed roles	Permissions	Descriptions
fixed:permissions:admin:read	roles:read roles:list roles.builtin:list	Allows to list and get available roles and built-in role assignments.
fixed:permissions:admin:edit	All permissions from `fixed:permissions:admin:read` and roles:write roles:delete roles.builtin:add roles.builtin:remove	Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments.
fixed:reporting:admin:read	reports:read reports:send reports.settings:read	Allows to read reports and report settings.
fixed:reporting:admin:edit	All permissions from `fixed:reporting:admin:read` and reports.admin:write reports:delete reports.settings:write	Allows every read action for reports and in addition allows to administer reports.
fixed:users:admin:read	users.authtoken:list users.quotas:list users:read users.teams:read	Allows to list and get users and related information.
fixed:users:admin:edit	All permissions from `fixed:users:admin:read` and users.password:update users:write users:create users:delete users:enable users:disable users.permissions:update users:logout users.authtoken:update users.quotas:update	Allows every read action for users and in addition allows to administer users.
fixed:users:org:read	org.users:read	Allows to get user organizations.
fixed:users:org:edit	All permissions from `fixed:users:org:read` and org.users:add org.users:remove org.users.role:update	Allows every read action for user organizations and in addition allows to administer user organizations.
fixed:ldap:admin:read	ldap.user:read ldap.status:read	Allows to read LDAP information and status.
fixed:ldap:admin:edit	All permissions from `fixed:ldap:admin:read` and ldap.user:sync	Allows every read action for LDAP and in addition allows to administer LDAP.

Default built-in role assignments

Built-in roles	Associated roles	Descriptions
Grafana Admin	fixed:permissions:admin:edit fixed:permissions:admin:read fixed:reporting:admin:edit fixed:reporting:admin:read fixed:users:admin:edit fixed:users:admin:read fixed:users:org:edit fixed:users:org:read fixed:ldap:admin:edit fixed:ldap:admin:read	Allows access to resources which Grafana Server Admin has permissions by default.
Admin	fixed:users:org:edit fixed:users:org:read fixed:reporting:admin:edit fixed:reporting:admin:read	Allows access to resource which Admin has permissions by default.

当前内容版权归 Grafana 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 Grafana .

本文档使用 BookStack 构建

展开/收起文章目录