[release-12.3.0] Restructure As code and developer resources (#113969)

Co-authored-by: Roberto Jiménez Sánchez <roberto.jimenez@grafana.com> Co-authored-by: Anna Urbiztondo <anna.urbiztondo@grafana.com>
2025-11-16 19:06:56 +00:00
parent 0898ec6045
commit 047da1442e
96 changed files with 8186 additions and 230 deletions
--- a/docs/sources/developer-resources/api-reference/http-api/datasource_permissions.md
+++ b/docs/sources/developer-resources/api-reference/http-api/datasource_permissions.md
@@ -0,0 +1,344 @@
+---
+aliases:
+  - ../../../http_api/datasource_permissions/ # /docs/grafana/next/http_api/datasource_permissions/
+  - ../../../http_api/datasourcepermissions/ # /docs/grafana/next/http_api/datasourcepermissions/
+  - ../../../developers/http_api/datasource_permissions/ # /docs/grafana/next/developers/http_api/datasource_permissions/
+canonical: https://grafana.com/docs/grafana/latest/developer-resources/api-reference/http-api/datasource_permissions/
+description: Data Source Permissions API
+keywords:
+  - grafana
+  - http
+  - documentation
+  - api
+  - datasource
+  - permission
+  - permissions
+  - acl
+  - enterprise
+labels:
+  products:
+    - enterprise
+    - oss
+    - cloud
+title: Datasource Permissions HTTP API
+---
+
+# Data Source Permissions API
+
+> The Data Source Permissions is only available in Grafana Enterprise. Read more about [Grafana Enterprise](/docs/grafana/latest/introduction/grafana-enterprise/).
+
+> If you are running Grafana Enterprise, for some endpoints you'll need to have specific permissions. Refer to [Role-based access control permissions](/docs/grafana/latest/administration/roles-and-permissions/access-control/custom-role-actions-scopes/) for more information.
+
+This API can be used to list, add and remove permissions for a data source.
+
+Permissions can be set for a user, team, service account or a basic role (Admin, Editor, Viewer).
+
+## Get permissions for a data source
+
+`GET /api/access-control/datasources/:uid`
+
+Gets all existing permissions for the data source with the given `uid`.
+
+**Required permissions**
+
+See note in the [introduction](#data-source-permissions-api) for an explanation.
+
+| Action                       | Scope                                                                                      |
+| ---------------------------- | ------------------------------------------------------------------------------------------ |
+| datasources.permissions:read | datasources:\*<br>datasources:uid:\*<br>datasources:uid:my_datasource (single data source) |
+
+### Examples
+
+**Example request:**
+
+```http
+GET /api/access-control/datasources/my_datasource HTTP/1.1
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 551
+
+```
+
+Status codes:
+
+- **200** - Ok
+- **401** - Unauthorized
+- **403** - Access denied
+- **500** - Internal error
+
+## Add or revoke access to a data source for a user
+
+`POST /api/access-control/datasources/:uid/users/:id`
+
+Sets user permission for the data source with the given `uid`.
+
+To add a permission, set the `permission` field to either `Query`, `Edit`, or `Admin`.
+To remove a permission, set the `permission` field to an empty string.
+
+**Required permissions**
+
+See note in the [introduction](#data-source-permissions-api) for an explanation.
+
+| Action                        | Scope                                                                                      |
+| ----------------------------- | ------------------------------------------------------------------------------------------ |
+| datasources.permissions:write | datasources:\*<br>datasources:uid:\*<br>datasources:uid:my_datasource (single data source) |
+
+### Examples
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/users/1
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "Query",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+```
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/users/1
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+```
+
+Status codes:
+
+- **200** - Ok
+- **400** - Permission cannot be added, see response body for details
+- **401** - Unauthorized
+- **403** - Access denied
+
+## Add or revoke access to a data source for a team
+
+`POST /api/access-control/datasources/:uid/teams/:id`
+
+Sets team permission for the data source with the given `uid`.
+
+To add a permission, set the `permission` field to either `Query`, `Edit`, or `Admin`.
+To remove a permission, set the `permission` field to an empty string.
+
+**Required permissions**
+
+See note in the [introduction](#data-source-permissions-api) for an explanation.
+
+| Action                        | Scope                                                                                      |
+| ----------------------------- | ------------------------------------------------------------------------------------------ |
+| datasources.permissions:write | datasources:\*<br>datasources:uid:\*<br>datasources:uid:my_datasource (single data source) |
+
+### Examples
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/teams/1
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "Edit",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+```
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/teams/1
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+```
+
+Status codes:
+
+- **200** - Ok
+- **400** - Permission cannot be added, see response body for details
+- **401** - Unauthorized
+- **403** - Access denied
+
+## Add or revoke access to a data source for a basic role
+
+`POST /api/access-control/datasources/:uid/builtInRoles/:builtinRoleName`
+
+Sets permission for the data source with the given `uid` to all users who have the specified basic role.
+
+You can set permissions for the following basic roles: `Admin`, `Editor`, `Viewer`.
+
+To add a permission, set the `permission` field to either `Query`, `Edit`, or `Admin`.
+To remove a permission, set the `permission` field to an empty string.
+
+**Required permissions**
+
+See note in the [introduction](#data-source-permissions-api) for an explanation.
+
+| Action                        | Scope                                                                                      |
+| ----------------------------- | ------------------------------------------------------------------------------------------ |
+| datasources.permissions:write | datasources:\*<br>datasources:uid:\*<br>datasources:uid:my_datasource (single data source) |
+
+### Examples
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/builtInRoles/Admin
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "Edit",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+```
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/builtInRoles/Viewer
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+```
+
+Status codes:
+
+- **200** - Ok
+- **400** - Permission cannot be added, see response body for details
+- **401** - Unauthorized
+- **403** - Access denied
+| ----------------------------- | ------------------------------------------------------------------------------------------ |
+| datasources.permissions:write | datasources:\*<br>datasources:uid:\*<br>datasources:uid:my_datasource (single data source) |
+
+### Examples
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/builtInRoles/Admin
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "Edit",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+{"message": "Permission updated"}
+```
+
+**Example request:**
+
+```http
+POST /api/access-control/datasources/my_datasource/builtInRoles/Viewer
+Accept: application/json
+Content-Type: application/json
+Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
+
+{
+  "permission": "",
+}
+```
+
+**Example response:**
+
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=UTF-8
+Content-Length: 35
+
+{"message": "Permission removed"}
+```
+
+Status codes:
+
+- **200** - Ok
+- **400** - Permission cannot be added, see response body for details
+- **401** - Unauthorized
+- **403** - Access denied