From b99d1249dbd8fc26e4d5183643e779092814f555 Mon Sep 17 00:00:00 2001 From: Ieva Date: Fri, 30 Aug 2024 11:55:32 +0100 Subject: [PATCH] Docs: Update the docs for folder creation permissions (#92703) * update the docs to reflect permissions needed to create subfolders * Minor language fix --------- Co-authored-by: Irene Rodriguez --- .../custom-role-actions-scopes/index.md | 6 +++--- .../rbac-fixed-basic-role-definitions/index.md | 4 ++-- docs/sources/dashboards/manage-dashboards/index.md | 2 +- docs/sources/developers/http_api/folder.md | 12 ++++++------ 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md b/docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md index c2d81caf443..4f9b3f754db 100644 --- a/docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md +++ b/docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes/index.md @@ -84,10 +84,10 @@ The following list contains role-based access control actions. | `featuremgmt.write` | n/a | Write feature toggles. | | `folders.permissions:read` | `folders:*`
`folders:uid:*` | Read permissions for one or more folders and their subfolders. | | `folders.permissions:write` | `folders:*`
`folders:uid:*` | Update permissions for one or more folders and their subfolders. | -| `folders:create` | n/a | Create folders in the root level. If granted together with `folders:write`, also allows creating subfolders under all folders that the user can update. | +| `folders:create` | `folders:*`
`folders:uid:*`
`folders:uid:general` | Create folders or subfolders. If granted with scope `folders:uid:general`, it allows to create root level folders. Otherwise, it allows creating subfolders under the specified folders. | | `folders:delete` | `folders:*`
`folders:uid:*` | Delete one or more folders and their subfolders. | | `folders:read` | `folders:*`
`folders:uid:*` | Read one or more folders and their subfolders. | -| `folders:write` | `folders:*`
`folders:uid:*` | Update one or more folders and their subfolders. If granted together with `folders:create` permission, also allows creating subfolders under these folders. | +| `folders:write` | `folders:*`
`folders:uid:*` | Update one or more folders and their subfolders. | | `ldap.config:reload` | n/a | Reload the LDAP configuration. | | `ldap.status:read` | n/a | Verify the availability of the LDAP server or servers. | | `ldap.user:read` | n/a | Read users via LDAP. | @@ -232,7 +232,7 @@ The following list contains role-based access control scopes. | `apikeys:*`
`apikeys:id:*` | Restrict an action to a set of API keys. For example, `apikeys:*` matches any API key, `apikey:id:1` matches the API key whose id is `1`. | | `dashboards:*`
`dashboards:uid:*` | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:uid:1` matches the dashboard whose UID is `1`. | | `datasources:*`
`datasources:uid:*` | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:uid:1` matches the data source whose UID is `1`. | -| `folders:*`
`folders:uid:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`. Note that permissions granted to a folder cascade down to subfolders located under it | +| `folders:*`
`folders:uid:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:uid:1` matches the folder whose UID is `1`. Note that permissions granted to a folder cascade down to subfolders located under it. | | `global.users:*`
`global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. | | `library.panels:*`
`library.panels:uid:*` | Restrict an action to a set of library panels. For example, `library.panels:*` matches any library panel, and `library.panel:uid:1` matches the library panel whose UID is `1`. | | `orgs:*`
`orgs:id:*` | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. | diff --git a/docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md b/docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md index 07bc725d2ac..e6864815761 100644 --- a/docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md +++ b/docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/index.md @@ -78,9 +78,9 @@ To learn how to use the roles API to determine the role UUIDs, refer to [Manage | `fixed:datasources.insights:reader` | `fixed_EBZ3NwlfecNPp2p0XcZRC1nfEYk` | `datasources.insights:read` | Read data source insights data. | | `fixed:datasources.permissions:reader` | `fixed_ErYA-cTN3yn4h4GxaVPcawRhiOY` | `datasources.permissions:read` | Read data source permissions. | | `fixed:datasources.permissions:writer` | `fixed_aiQh9YDfLOKjQhYasF9_SFUjQiw` | All permissions from `fixed:datasources.permissions:reader` and
`datasources.permissions:write` | Create, read, or delete permissions of a data source. | -| `fixed:folders:creator` | `fixed_gGLRbZGAGB6n9uECqSh_W382RlQ` | `folders:create` | Create folders in the root level. If granted together with `folders:write` permission, also allows creating subfolders under all folders. | +| `fixed:folders:creator` | `fixed_gGLRbZGAGB6n9uECqSh_W382RlQ` | `folders:create` | Create folders in the root level. | | `fixed:folders:reader` | `fixed_yeW-5QPeo-i5PZUIUXMlAA97GnQ` | `folders:read`
`dashboards:read` | Read all folders and dashboards. | -| `fixed:folders:writer` | `fixed_wJXLoTzgE7jVuz90dryYoiogL0o` | All permissions from `fixed:dashboards:writer` and
`folders:read`
`folders:write`
`folders:create`
`folders:delete`
`folders.permissions:read`
`folders.permissions:write` | Read, create, update, and delete all folders and dashboards. If granted together with `fixed:folders:creator`, allows creating subfolders under all folders. | +| `fixed:folders:writer` | `fixed_wJXLoTzgE7jVuz90dryYoiogL0o` | All permissions from `fixed:dashboards:writer` and
`folders:read`
`folders:write`
`folders:create`
`folders:delete`
`folders.permissions:read`
`folders.permissions:write` | Read, update, and delete all folders and dashboards. Create folders and subfolders. | | `fixed:folders.permissions:reader` | `fixed_E06l4cx0JFm47EeLBE4nmv3pnSo` | `folders.permissions:read` | Read all folder permissions. | | `fixed:folders.permissions:writer` | `fixed_3GAgpQ_hWG8o7-lwNb86_VB37eI` | All permissions from `fixed:folders.permissions:reader` and
`folders.permissions:write` | Read and update all folder permissions. | | `fixed:ldap:reader` | `fixed_lMcOPwSkxKY-qCK8NMJc5k6izLE` | `ldap.user:read`
`ldap.status:read` | Read the LDAP configuration and LDAP status information. | diff --git a/docs/sources/dashboards/manage-dashboards/index.md b/docs/sources/dashboards/manage-dashboards/index.md index 7a9e7371ceb..6853bcb02a7 100644 --- a/docs/sources/dashboards/manage-dashboards/index.md +++ b/docs/sources/dashboards/manage-dashboards/index.md @@ -70,7 +70,7 @@ If you have permission to view all folders, you won't see a **Shared with me**. Folders help you organize and group dashboards, which is useful when you have many dashboards or multiple teams using the same Grafana instance. -> **Before you begin:** Ensure you have Editor permissions or greater to create folders. For more information about dashboard permissions, refer to [Dashboard permissions](ref:dashboard-permissions). +> **Before you begin:** Ensure you have organization Editor permissions or greater to create root level folders or Edit or Admin access to a parent folder to create subfolders. For more information about dashboard permissions, refer to [Dashboard permissions](ref:dashboard-permissions). **To create a dashboard folder:** diff --git a/docs/sources/developers/http_api/folder.md b/docs/sources/developers/http_api/folder.md index aaae48dc486..fcb4f806063 100644 --- a/docs/sources/developers/http_api/folder.md +++ b/docs/sources/developers/http_api/folder.md @@ -143,11 +143,11 @@ Creates a new folder. See note in the [introduction]({{< ref "#folder-api" >}}) for an explanation. -`folders:create` allows creating folders in the root level. To create a subfolder, `folders:write` scoped to the parent folder is required in addition to `folders:create`. +`folders:create` allows creating folders and subfolders. If granted with scope `folders:uid:general`, allows creating root level folders. Otherwise, allows creating subfolders under the specified folders. | Action | Scope | | ---------------- | ----------- | -| `folders:create` | n/a | +| `folders:create` | `folders:*` | | `folders:write` | `folders:*` | **Example Request**: @@ -411,14 +411,14 @@ See note in the [introduction]({{< ref "#folder-api" >}}) for an explanation. If moving the folder under another folder: -| Action | Scope | -| --------------- | -------------------------------------- | -| `folders:write` | `folders:uid:` | +| Action | Scope | +| ---------------- | ----------------------------------------------------- | +| `folders:create` | `folders:uid:`
`folders:*` | If moving the folder under root: | Action | Scope | | -------------- | ------------- | -| `folders:create` | `folders:*` | +| `folders:create` | `folders:uid:general`
`folders:*` | JSON body schema: