grafana/docs/sources/enterprise/access-control/fine-grained-access-control-references.md

+++ title = "Fine-grained access control references" description = "Refer to fine-grained access control references" keywords = ["grafana", "fine-grained-access-control", "roles", "fixed-roles", "built-in-role-assignments", "permissions", "enterprise"] weight = 130 +++

Fine-grained access control references

The reference information that follows complements conceptual information about [Roles]({{< relref "./roles.md" >}}).

Fine-grained access fixed roles

Fixed roles	Permissions	Descriptions
fixed:permissions:admin:read	roles:read roles:list roles.builtin:list	Allows to list and get available roles and built-in role assignments.
fixed:permissions:admin:edit	All permissions from fixed:permissions:admin:read and roles:write roles:delete roles.builtin:add roles.builtin:remove	Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments.
fixed:provisioning:admin	provisioning:reload	Allow provisioning configurations to be reloaded.
fixed:reporting:admin:read	reports:read reports:send reports.settings:read	Allows to read reports and report settings.
fixed:reporting:admin:edit	All permissions from fixed:reporting:admin:read and reports.admin:write reports:delete reports.settings:write	Allows every read action for reports and in addition allows to administer reports.
fixed:users:admin:read	users.authtoken:list users.quotas:list users:read users.teams:read	Allows to list and get users and related information.
fixed:users:admin:edit	All permissions from fixed:users:admin:read and users.password:update users:write users:create users:delete users:enable users:disable users.permissions:update users:logout users.authtoken:update users.quotas:update	Allows every read action for users and in addition allows to administer users.
fixed:users:org:read	org.users:read	Allows to get user organizations.
fixed:users:org:edit	All permissions from fixed:users:org:read and org.users:add org.users:remove org.users.role:update	Allows every read action for user organizations and in addition allows to administer user organizations.
fixed:ldap:admin:read	ldap.user:read ldap.status:read	Allows to read LDAP information and status.
fixed:ldap:admin:edit	All permissions from fixed:ldap:admin:read and ldap.user:sync ldap.config:reload	Allows every read action for LDAP and in addition allows to administer LDAP.
fixed:server:admin:read	server.stats:read	Read server stats
fixed:settings:admin:read	settings:read	Read settings
fixed:settings:admin:edit	All permissions from fixed:settings:admin:read and settings:write	Update settings
fixed:datasources:editor:read	datasources:explore	Allows to access the Explore tab
fixed:datasources:admin	datasources:read datasources:create datasources:write datasources:delete	Allows to create, read, update, delete data sources.
fixed:datasources:id:viewer	datasources.id:read	Allows to read data source IDs.
fixed:datasources:permissions:admin	datasources.permissions:create datasources.permissions:read datasources.permissions:delete datasources.permissions:toggle	Allows to create, read, delete, enable, or disable data source permissions

Default built-in role assignments

Built-in role	Associated role	Description
Grafana Admin	fixed:permissions:admin:edit fixed:permissions:admin:read fixed:provisioning:admin fixed:reporting:admin:edit fixed:reporting:admin:read fixed:users:admin:edit fixed:users:admin:read fixed:users:org:edit fixed:users:org:read fixed:ldap:admin:edit fixed:ldap:admin:read fixed:server:admin:read fixed:settings:admin:read fixed:settings:admin:edit	Default [Grafana server administrator]({{< relref "../../permissions/_index.md#grafana-server-admin-role" >}}) assignments.
Admin	fixed:users:org:edit fixed:users:org:read fixed:reporting:admin:edit fixed:reporting:admin:read fixed:datasources:admin fixed:datasources:permissions:admin	Default [Grafana organization administrator]({{< relref "../../permissions/organization_roles.md" >}}) assignments.
Editor	fixed:datasources:editor:read	Default [Editor]({{< relref "../../permissions/organization_roles.md" >}}) assignments.
Viewer	fixed:datasources:id:viewer	Default [Viewer]({{< relref "../../permissions/organization_roles.md" >}}) assignments.