diff --git a/docs/sources/enterprise/access-control/fine-grained-access-control-references.md b/docs/sources/enterprise/access-control/fine-grained-access-control-references.md
index 5a15cbf5223..fd77a19dde6 100644
--- a/docs/sources/enterprise/access-control/fine-grained-access-control-references.md
+++ b/docs/sources/enterprise/access-control/fine-grained-access-control-references.md
@@ -50,6 +50,9 @@ The reference information that follows complements conceptual information about
| `fixed:folders:writer` | All permissions from `fixed:dashboards:writer` and
`folders:read`
`folders:write`
`folders:create`
`folders:delete`
`folders.permissions:read`
`folders.permissions:write` | Read, create, update, and delete all folders and dashboards. |
| `fixed:folders.permissions:reader` | `folders.permissions:read` | Read all folder permissions. |
| `fixed:folders.permissions:writer` | All permissions from `fixed:folders.permissions:reader` and
`folders.permissions:write` | Read and update all folder permissions. |
+| `fixed:annotations:reader` | `annotations:read` | Read all annotations and annotation tags. |
+| `fixed:annotations.dashboard:writer` | `annotations:write`
`annotations.create`
`annotations:delete` for scope `annotations:type:dashboard` | Create, update and delete dashboard annotations and annotation tags. |
+| `fixed:annotations:writer` | `annotations:write`
`annotations.create`
`annotations:delete` for scope `annotations:type:*` | Create, update and delete all annotations and annotation tags. |
## Default built-in role assignments
@@ -57,5 +60,5 @@ The reference information that follows complements conceptual information about
| ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Grafana Admin | `fixed:roles:reader`
`fixed:roles:writer`
`fixed:users:reader`
`fixed:users:writer`
`fixed:org.users:reader`
`fixed:org.users:writer`
`fixed:ldap:reader`
`fixed:ldap:writer`
`fixed:stats:reader`
`fixed:settings:reader`
`fixed:settings:writer`
`fixed:provisioning:writer`
`fixed:organization:reader`
`fixed:organization:maintainer`
`fixed:licensing:reader`
`fixed:licensing:writer` | Default [Grafana server administrator]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#grafana-server-administrators" >}}) assignments. |
| Admin | `fixed:reports:reader`
`fixed:reports:writer`
`fixed:datasources:reader`
`fixed:datasources:writer`
`fixed:organization:writer`
`fixed:datasources.permissions:reader`
`fixed:datasources.permissions:writer`
`fixed:teams:writer`
`fixed:dashboards:reader`
`fixed:dashboards:writer`
`fixed:dashboards.permissions:reader`
`fixed:dashboards.permissions:writer`
`fixed:folders:reader`
`fixes:folders:writer`
`fixed:folders.permissions:reader`
`fixed:folders.permissions:writer` | Default [Grafana organization administrator]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments. |
-| Editor | `fixed:datasources:explorer`
`fixed:dashboards:creator`
`fixed:folders:creator`
`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled | Default [Editor]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments. |
-| Viewer | `fixed:datasources:id:reader`
`fixed:organization:reader` | Default [Viewer]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments. |
+| Editor | `fixed:datasources:explorer`
`fixed:dashboards:creator`
`fixed:folders:creator`
`fixed:annotations:writer`
`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled | Default [Editor]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments. |
+| Viewer | `fixed:datasources:id:reader`
`fixed:organization:reader`
`fixed:annotations:reader`
`fixed:annotations.dashboard:writer` | Default [Viewer]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments. |
diff --git a/docs/sources/enterprise/access-control/permissions.md b/docs/sources/enterprise/access-control/permissions.md
index e37a1604f4c..8cd6ae0c2a4 100644
--- a/docs/sources/enterprise/access-control/permissions.md
+++ b/docs/sources/enterprise/access-control/permissions.md
@@ -113,23 +113,28 @@ The following list contains fine-grained access control actions.
| `folders:delete` | `folders:*`
`folders:id:*` | Delete one or more folders. |
| `folers.permissions:read` | `folders:*`
`folders:id:*` | Read permissions for one or more folders. |
| `folders.permissions:write` | `folders:*`
`folders:id:*` | Update permissions for one or more folders. |
+| `annotations.read` | `annotations:*`
`annotations:type:*` | Read annotations and annotation tags. |
+| `annotations.create` | `annotations:*`
`annotations:type:*` | Create annotations. |
+| `annotations.write` | `annotations:*`
`annotations:type:*` | Update annotations. |
+| `annotations.delete` | `annotations:*`
`annotations:type:*` | Delete annotations. |
## Scope definitions
The following list contains fine-grained access control scopes.
-| Scopes | Descriptions |
-| ------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `permissions:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
-| `roles:*`
`roles:uid:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`. |
-| `reports:*`
`reports:id:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`. |
-| `services:accesscontrol` | Restrict an action to target only the fine-grained access control service. You can use this in conjunction with the `status:accesscontrol` actions. |
-| `global.users:*`
`global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. |
-| `teams:*`
`teams:id:*` | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`. |
-| `users:*`
`users:id:*` | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`. |
-| `orgs:*`
`orgs:id:*` | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. |
-| `settings:*` | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. |
-| `provisioners:*` | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the fine-grained access control [provisioner]({{< relref "./provisioning.md" >}}). |
-| `datasources:*`
`datasources:id:*`
`datasources:uid:*`
`datasources:name:*` | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:name:postgres` matches the data source named `postgres`. |
-| `folders:*`
`folders:id:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:id:1` matches the folder whose ID is `1`. |
-| `dashboards:*`
`dashboards:id:*` | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:id:1` matches the dashboard whose ID is `1`. |
+| Scopes | Descriptions |
+| ------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `permissions:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
+| `roles:*`
`roles:uid:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`. |
+| `reports:*`
`reports:id:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`. |
+| `services:accesscontrol` | Restrict an action to target only the fine-grained access control service. You can use this in conjunction with the `status:accesscontrol` actions. |
+| `global.users:*`
`global.users:id:*` | Restrict an action to a set of global users. For example, `global.users:*` matches any user and `global.users:id:1` matches the user whose ID is `1`. |
+| `teams:*`
`teams:id:*` | Restrict an action to a set of teams from an organization. For example, `teams:*` matches any team and `teams:id:1` matches the team whose ID is `1`. |
+| `users:*`
`users:id:*` | Restrict an action to a set of users from an organization. For example, `users:*` matches any user and `users:id:1` matches the user whose ID is `1`. |
+| `orgs:*`
`orgs:id:*` | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`. |
+| `settings:*` | Restrict an action to a subset of settings. For example, `settings:*` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. |
+| `provisioners:*` | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the fine-grained access control [provisioner]({{< relref "./provisioning.md" >}}). |
+| `datasources:*`
`datasources:id:*`
`datasources:uid:*`
`datasources:name:*` | Restrict an action to a set of data sources. For example, `datasources:*` matches any data source, and `datasources:name:postgres` matches the data source named `postgres`. |
+| `folders:*`
`folders:id:*` | Restrict an action to a set of folders. For example, `folders:*` matches any folder, and `folders:id:1` matches the folder whose ID is `1`. |
+| `dashboards:*`
`dashboards:id:*` | Restrict an action to a set of dashboards. For example, `dashboards:*` matches any dashboard, and `dashboards:id:1` matches the dashboard whose ID is `1`. |
+| `annotations:*`
`annotations:type:*` | Restrict an action to a set of annotations. For example, `annotations:*` matches any annotation, `annotations:type:dashboard` matches annotations associated with dashboards and `annotations:type:organization` matches organization annotations. |
diff --git a/docs/sources/http_api/annotations.md b/docs/sources/http_api/annotations.md
index ee281b0dc69..e784f6b1841 100644
--- a/docs/sources/http_api/annotations.md
+++ b/docs/sources/http_api/annotations.md
@@ -5,14 +5,25 @@ keywords = ["grafana", "http", "documentation", "api", "annotation", "annotation
aliases = ["/docs/grafana/latest/http_api/annotations/"]
+++
-# Annotations resources / actions
+# Annotations API
-This is the API documentation for the new Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be global annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel.
+This is the API documentation for the new Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be organization annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel.
+
+> If you are running Grafana Enterprise and have [Fine-grained access control]({{< relref "../enterprise/access-control/_index.md" >}}) enabled, access to endpoints will be controlled by Fine-grained access control permissions.
+> Refer to specific endpoints to understand what permissions are required.
## Find Annotations
`GET /api/annotations?from=1506676478816&to=1507281278816&tags=tag1&tags=tag2&limit=100`
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ---------------- | -------------- |
+| annotations:read | annotations:\* |
+
**Example Request**:
```http
@@ -32,7 +43,7 @@ Query Parameters:
- `panelId`: number. Optional. Find annotations that are scoped to a specific panel
- `userId`: number. Optional. Find annotations created by a specific user
- `type`: string. Optional. `alert`|`annotation` Return alerts or user created annotations
-- `tags`: string. Optional. Use this to filter global annotations. Global annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. To do an "AND" filtering with multiple tags, specify the tags parameter multiple times e.g. `tags=tag1&tags=tag2`.
+- `tags`: string. Optional. Use this to filter organization annotations. Organization annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. To do an "AND" filtering with multiple tags, specify the tags parameter multiple times e.g. `tags=tag1&tags=tag2`.
**Example Response**:
@@ -85,13 +96,21 @@ Content-Type: application/json
## Create Annotation
Creates an annotation in the Grafana database. The `dashboardId` and `panelId` fields are optional.
-If they are not specified then a global annotation is created and can be queried in any dashboard that adds
+If they are not specified then an organization annotation is created and can be queried in any dashboard that adds
the Grafana annotations data source. When creating a region annotation include the timeEnd property.
The format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.
`POST /api/annotations`
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ------------------ | ----------------------- |
+| annotations:create | annotations:type: |
+
**Example Request**:
```http
@@ -132,6 +151,14 @@ format (string with multiple tags being separated by a space).
`POST /api/annotations/graphite`
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ------------------ | ----------------------------- |
+| annotations:create | annotations:type:organization |
+
**Example Request**:
```http
@@ -165,6 +192,14 @@ Content-Type: application/json
Updates all properties of an annotation that matches the specified id. To only update certain property, consider using the [Patch Annotation](#patch-annotation) operation.
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ----------------- | ----------------------- |
+| annotations:write | annotations:type: |
+
**Example Request**:
```http
@@ -202,6 +237,14 @@ Updates one or more properties of an annotation that matches the specified id.
This operation currently supports updating of the `text`, `tags`, `time` and `timeEnd` properties.
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ----------------- | ----------------------- |
+| annotations:write | annotations:type: |
+
**Example Request**:
```http
@@ -233,6 +276,14 @@ Content-Type: application/json
Deletes the annotation that matches the specified id.
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ------------------ | ----------------------- |
+| annotations:delete | annotations:type: |
+
**Example Request**:
```http
@@ -259,6 +310,14 @@ Content-Type: application/json
Find all the event tags created in the annotations.
+#### Required permissions
+
+See note in the [introduction]({{< ref "#annotations-api" >}}) for an explanation.
+
+| Action | Scope |
+| ---------------- | ----- |
+| annotations:read | N/A |
+
**Example Request**:
```http
diff --git a/pkg/api/accesscontrol.go b/pkg/api/accesscontrol.go
index 9ef25c8f161..6f08cfd6382 100644
--- a/pkg/api/accesscontrol.go
+++ b/pkg/api/accesscontrol.go
@@ -265,10 +265,9 @@ func (hs *HTTPServer) declareFixedRoles() error {
DisplayName: "Annotation reader",
Description: "Read annotations and tags",
Group: "Annotations",
- Version: 1,
+ Version: 2,
Permissions: []ac.Permission{
{Action: ac.ActionAnnotationsRead, Scope: ac.ScopeAnnotationsAll},
- {Action: ac.ActionAnnotationsTagsRead, Scope: ac.ScopeAnnotationsTagsAll},
},
},
Grants: []string{string(models.ROLE_VIEWER)},
diff --git a/pkg/api/annotations_test.go b/pkg/api/annotations_test.go
index a8a5835a4b7..30b0af8b746 100644
--- a/pkg/api/annotations_test.go
+++ b/pkg/api/annotations_test.go
@@ -495,7 +495,7 @@ func TestAPI_Annotations_AccessControl(t *testing.T) {
{
name: "AccessControl getting tags for annotations with correct permissions is allowed",
args: args{
- permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsTagsRead, Scope: accesscontrol.ScopeAnnotationsTagsAll}},
+ permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsRead}},
url: "/api/annotations/tags",
method: http.MethodGet,
},
@@ -504,7 +504,7 @@ func TestAPI_Annotations_AccessControl(t *testing.T) {
{
name: "AccessControl getting tags for annotations without correct permissions is forbidden",
args: args{
- permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsTagsRead}},
+ permissions: []*accesscontrol.Permission{{Action: accesscontrol.ActionAnnotationsWrite}},
url: "/api/annotations/tags",
method: http.MethodGet,
},
diff --git a/pkg/api/api.go b/pkg/api/api.go
index 9d5c33cf134..b75ab24a953 100644
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -448,7 +448,7 @@ func (hs *HTTPServer) registerRoutes() {
annotationsRoute.Put("/:annotationId", authorize(reqSignedIn, ac.EvalPermission(ac.ActionAnnotationsWrite, ac.ScopeAnnotationsID)), routing.Wrap(hs.UpdateAnnotation))
annotationsRoute.Patch("/:annotationId", authorize(reqSignedIn, ac.EvalPermission(ac.ActionAnnotationsWrite, ac.ScopeAnnotationsID)), routing.Wrap(hs.PatchAnnotation))
annotationsRoute.Post("/graphite", authorize(reqEditorRole, ac.EvalPermission(ac.ActionAnnotationsCreate, ac.ScopeAnnotationsTypeOrganization)), routing.Wrap(hs.PostGraphiteAnnotation))
- annotationsRoute.Get("/tags", authorize(reqSignedIn, ac.EvalPermission(ac.ActionAnnotationsTagsRead, ac.ScopeAnnotationsTagsAll)), routing.Wrap(hs.GetAnnotationTags))
+ annotationsRoute.Get("/tags", authorize(reqSignedIn, ac.EvalPermission(ac.ActionAnnotationsRead)), routing.Wrap(hs.GetAnnotationTags))
})
apiRoute.Post("/frontend-metrics", routing.Wrap(hs.PostFrontendMetrics))
diff --git a/pkg/api/docs/definitions/annotations.go b/pkg/api/docs/definitions/annotations.go
index 280842fedc3..6493a77e8ee 100644
--- a/pkg/api/docs/definitions/annotations.go
+++ b/pkg/api/docs/definitions/annotations.go
@@ -29,7 +29,7 @@ import (
//
// Create Annotation.
//
-// Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then a global annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.
+// Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then an organization annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.
// The format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.
// The response for this HTTP request is slightly different in versions prior to v6.4. In prior versions you would also get an endId if you where creating a region. But in 6.4 regions are represented using a single event with time and timeEnd properties.
//
@@ -141,7 +141,7 @@ type GetAnnotationsParams struct {
// in:query
// required:false
Limit int64 `json:"limit"`
- // Use this to filter global annotations. Organization annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.
+ // Use this to filter organization annotations. Organization annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.
// in:query
// required:false
// type: array
diff --git a/pkg/api/docs/tags.json b/pkg/api/docs/tags.json
index 30c103748f6..17b6bf9aa82 100644
--- a/pkg/api/docs/tags.json
+++ b/pkg/api/docs/tags.json
@@ -26,7 +26,7 @@
},
{
"name": "annotations",
- "description": "Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be global annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel."
+ "description": "Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be organization annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel."
},
{
"name": "library_elements",
@@ -81,4 +81,4 @@
"description": "Grafana Alerting Prometheus-compatible endpoints"
}
]
-}
\ No newline at end of file
+}
diff --git a/pkg/services/accesscontrol/models.go b/pkg/services/accesscontrol/models.go
index 676cdcb4c75..d3df60664a5 100644
--- a/pkg/services/accesscontrol/models.go
+++ b/pkg/services/accesscontrol/models.go
@@ -320,11 +320,10 @@ const (
ScopeTeamsAll = "teams:*"
// Annotations related actions
- ActionAnnotationsCreate = "annotations:create"
- ActionAnnotationsDelete = "annotations:delete"
- ActionAnnotationsRead = "annotations:read"
- ActionAnnotationsWrite = "annotations:write"
- ActionAnnotationsTagsRead = "annotations.tags:read"
+ ActionAnnotationsCreate = "annotations:create"
+ ActionAnnotationsDelete = "annotations:delete"
+ ActionAnnotationsRead = "annotations:read"
+ ActionAnnotationsWrite = "annotations:write"
// Dashboard actions
ActionDashboardsCreate = "dashboards:create"
@@ -382,9 +381,6 @@ var (
ScopeAnnotationsID = Scope(ScopeAnnotationsRoot, "id", Parameter(":annotationId"))
ScopeAnnotationsTypeDashboard = ScopeAnnotationsProvider.GetResourceScopeType("dashboard")
ScopeAnnotationsTypeOrganization = ScopeAnnotationsProvider.GetResourceScopeType("organization")
-
- // Annotation tag scopes
- ScopeAnnotationsTagsAll = "annotations:tags:*"
)
const RoleGrafanaAdmin = "Grafana Admin"
diff --git a/public/api-merged.json b/public/api-merged.json
index a7b2fd4826e..ff5e20db5e9 100644
--- a/public/api-merged.json
+++ b/public/api-merged.json
@@ -3035,7 +3035,7 @@
},
"collectionFormat": "multi",
"x-go-name": "Tags",
- "description": "Use this to filter global annotations. Global annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.",
+ "description": "Use this to filter organization annotations. Organization annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.",
"name": "tags",
"in": "query"
},
@@ -3068,7 +3068,7 @@
}
},
"post": {
- "description": "Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then a global annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.\nThe format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.\nThe response for this HTTP request is slightly different in versions prior to v6.4. In prior versions you would also get an endId if you where creating a region. But in 6.4 regions are represented using a single event with time and timeEnd properties.",
+ "description": "Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then an organization annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.\nThe format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.\nThe response for this HTTP request is slightly different in versions prior to v6.4. In prior versions you would also get an endId if you where creating a region. But in 6.4 regions are represented using a single event with time and timeEnd properties.",
"tags": ["annotations"],
"summary": "Create Annotation.",
"operationId": "createAnnotation",
@@ -18302,7 +18302,7 @@
"name": "legacy_alerts_notification_channels"
},
{
- "description": "Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be global annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel.",
+ "description": "Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be organization annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel.",
"name": "annotations"
},
{
diff --git a/public/api-spec.json b/public/api-spec.json
index ca2d7f1d234..2d5f6cbbf2b 100644
--- a/public/api-spec.json
+++ b/public/api-spec.json
@@ -2085,7 +2085,7 @@
},
"collectionFormat": "multi",
"x-go-name": "Tags",
- "description": "Use this to filter global annotations. Global annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.",
+ "description": "Use this to filter organization annotations. Organization annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.",
"name": "tags",
"in": "query"
},
@@ -2118,7 +2118,7 @@
}
},
"post": {
- "description": "Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then a global annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.\nThe format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.\nThe response for this HTTP request is slightly different in versions prior to v6.4. In prior versions you would also get an endId if you where creating a region. But in 6.4 regions are represented using a single event with time and timeEnd properties.",
+ "description": "Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then an organization annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.\nThe format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.\nThe response for this HTTP request is slightly different in versions prior to v6.4. In prior versions you would also get an endId if you where creating a region. But in 6.4 regions are represented using a single event with time and timeEnd properties.",
"tags": ["annotations"],
"summary": "Create Annotation.",
"operationId": "createAnnotation",
@@ -13422,7 +13422,7 @@
"name": "legacy_alerts_notification_channels"
},
{
- "description": "Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be global annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel.",
+ "description": "Grafana Annotations feature released in Grafana 4.6. Annotations are saved in the Grafana database (sqlite, mysql or postgres). Annotations can be organization annotations that can be shown on any dashboard by configuring an annotation data source - they are filtered by tags. Or they can be tied to a panel on a dashboard and are then only shown on that panel.",
"name": "annotations"
},
{