public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c4ebb6f341973fffdd8a751b90caeeefd579e6f
grafana/docs/sources/enterprise/access-control/provisioning-roles-example.md
T
Jack Baldry 51dfcd7d37 Add current alias to all files (#48635) 
* Add aliases to all files

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>

* Prettify front matter

Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
2022-05-17 08:24:11 -07:00

3.1 KiB
Raw Blame History

aliases, description, menuTitle, title, weight
aliases description menuTitle title weight
/docs/grafana/latest/enterprise/access-control/provisioning-roles-example/
View an example YAML provisioning file that configures Grafana role assignments. Provisioning roles example Example role configuration file using Grafana provisioning 60

Example role configuration file using Grafana provisioning

The following example shows a complete YAML configuration file that:

  • Create custom roles
  • Delete custom roles
  • Update basic roles permissions
  • Assign roles to teams
  • Revoke assignments of roles to teams

Example

---
# config file version
apiVersion: 2

# <list> list of roles to insert/update/delete
roles:
  # <string, required> name of the role you want to create or update. Required.
  - name: 'custom:users:writer'
    # <string> uid of the role. Has to be unique for all orgs.
    uid: customuserswriter1
    # <string> description of the role, informative purpose only.
    description: 'Create, read, write users'
    # <int> version of the role, Grafana will update the role when increased.
    version: 2
    # <int> org id. Defaults to Grafana's default if not specified.
    orgId: 1
    # <list> list of the permissions granted by this role.
    permissions:
      # <string, required> action allowed.
      - action: 'users:read'
        #<string> scope it applies to.
        scope: 'users:*'
      - action: 'users:write'
        scope: 'users:*'
      - action: 'users:create'
  - name: 'custom:global:users:reader'
    # <bool> overwrite org id and creates a global role.
    global: true
    # <string> state of the role. Defaults to 'present'. If 'absent', role will be deleted.
    state: 'absent'
    # <bool> force deletion revoking all grants of the role.
    force: true
  - uid: 'basic_editor'
    version: 2
    global: true
    # <list> list of roles to copy permissions from.
    from:
      - uid: 'basic_editor'
        global: true
      - name: 'fixed:users:writer'
        global: true
    # <list> list of the permissions to add/remove on top of the copied ones.
    permissions:
      - action: 'users:read'
        scope: 'users:*'
      - action: 'users:write'
        scope: 'users:*'
        # <string> state of the permission. Defaults to 'present'. If 'absent', the permission will be removed.
        state: absent

# <list> list role assignments to teams to create or remove.
teams:
  # <string, required> name of the team you want to assign roles to. Required.
  - name: 'Users writers'
    # <int> org id. Will default to Grafana's default if not specified.
    orgId: 1
    # <list> list of roles to assign to the team
    roles:
      # <string> uid of the role you want to assign to the team.
      - uid: 'customuserswriter1'
        # <int> org id. Will default to Grafana's default if not specified.
        orgId: 1
      # <string> name of the role you want to assign to the team.
      - name: 'fixed:users:writer'
        # <bool> overwrite org id to specify the role is global.
        global: true
        # <string> state of the assignment. Defaults to 'present'. If 'absent', the assignment will be revoked.
        state: absent
Reference in New Issue View Git Blame Copy Permalink