Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: added note to RBAC doc from support escalation #85311

Merged
merged 2 commits into from May 6, 2024
Merged

Docs: added note to RBAC doc from support escalation #85311

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
81e6a86
added admonition and API info
lwandz13 Mar 27, 2024
b3206f9
Update docs/sources/administration/roles-and-permissions/access-contr…
mgyongyosi Apr 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 7 additions & 1 deletion docs/sources/administration/roles-and-permissions/access-control/_index.md
View file
Open in desktop
Expand Up @@ -28,7 +28,7 @@ RBAC provides a standardized way of granting, changing, and revoking access when
## About RBAC

Role-based access control (RBAC) provides a standardized way of granting, changing, and revoking access so that users can view and modify Grafana resources, such as users and reports.
RBAC extends Grafana basic roles that are included in Grafana OSS, and enables you more granular control of users’ actions.
RBAC extends Grafana basic roles that are included in Grafana OSS, and enables more granular control of users’ actions.

By using RBAC you can provide users with permissions that extend the permissions available with basic roles. For example, you can use RBAC to:

Expand All @@ -43,6 +43,8 @@ RBAC roles contain multiple permissions, each of which has an action and a scope
- **Action:** `datasources:read`
- **Scope:** `datasources:*`

For information on the RBAC API refer to [RBAC API](https://grafana.com/docs/grafana/<GRAFANA_VERSION>/developers/http_api/access_control/#rbac-api).

### Basic roles

Basic roles are the standard roles that are available in Grafana OSS. If you have purchased a Grafana Enterprise license, you can still use basic roles.
Expand Down Expand Up @@ -78,6 +80,10 @@ For example, if you modify Viewer basic role and grant additional permission, Ed
For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "./manage-rbac-roles/#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID.

{{% admonition type="note" %}}
You cannot use a service account to modify basic roles via the RBAC API. To update basic roles, you must be a Grafana administrator and use basic authentication with the request.
{{% /admonition %}}

### Fixed roles

Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. This gives you fine-grained control over user permissions than you would have with basic roles alone. These roles are called "fixed" because you cannot change or delete fixed roles. You can also create _custom_ roles of your own; see more information in the [custom roles section]({{< relref "#custom-roles" >}}) below.
Expand Down