83e234d4f6
* AccessControl: Document basic roles simplifying * Add sample file for provisioning v2 * WIP * Update provisioning example from docs * Fix wrong permission in docs * Nits on about-rbas.md * Manage rbac roles * Nit. * Nit. * Rephrase * Comment * Add version to the role * Update role * Update role * Spell * Final touch on about-rbac * Add basic role UID mapping about-rbac * Team assignments * assign rbac roles * move for more info * enable rbac and provisioning * spell * plan rbac rollout strategy * Cover factory reset * remove builtin assignment permissions from docs * to -> from * Custom role actions scopes * spell * Update docs/sources/enterprise/access-control/about-rbac.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/about-rbac.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/assign-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/assign-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/assign-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/custom-role-actions-scopes.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/custom-role-actions-scopes.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/enable-rbac-and-provisioning.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Remove factory as much as possible * Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/plan-rbac-rollout-strategy.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Have -> Must Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Have -> Must Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Replace factory by hard reset * Replace LINK * Update docs/sources/enterprise/access-control/about-rbac.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Suggestion on example descriptions Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/enterprise/access-control/manage-rbac-roles.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Remove comment on permissions escalate * Prettier. * add a sentence to explain the type:escalate * add a sentence to explain the type:escalate * Rephrase * Remove TODOs as discussed with jguer Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Implement vardan's suggestion to have only one mapping: Co-authored-by: Vardan Torosyan <vardants@gmail.com> * Document that you cannot delete basic roles Co-authored-by: Vardan Torosyan <vardants@gmail.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
69 lines
2.6 KiB
YAML
69 lines
2.6 KiB
YAML
# ---
|
|
# # config file version
|
|
# apiVersion: 2
|
|
|
|
# # <list> list of roles to insert/update/delete
|
|
# roles:
|
|
# # <string, required> name of the role you want to create or update. Required.
|
|
# - name: 'custom:users:writer'
|
|
# # <string> uid of the role. Has to be unique for all orgs.
|
|
# uid: customuserswriter1
|
|
# # <string> description of the role, informative purpose only.
|
|
# description: 'Create, read, write users'
|
|
# # <int> version of the role, Grafana will update the role when increased.
|
|
# version: 2
|
|
# # <int> org id. Defaults to Grafana's default if not specified.
|
|
# orgId: 1
|
|
# # <list> list of the permissions granted by this role.
|
|
# permissions:
|
|
# # <string, required> action allowed.
|
|
# - action: 'users:read'
|
|
# #<string> scope it applies to.
|
|
# scope: 'users:*'
|
|
# - action: 'users:write'
|
|
# scope: 'users:*'
|
|
# - action: 'users:create'
|
|
# - name: 'custom:global:users:reader'
|
|
# # <bool> overwrite org id and creates a global role.
|
|
# global: true
|
|
# # <string> state of the role. Defaults to 'present'. If 'absent', role will be deleted.
|
|
# state: 'absent'
|
|
# # <bool> force deletion revoking all grants of the role.
|
|
# force: true
|
|
# - uid: 'basic_editor'
|
|
# version: 2
|
|
# global: true
|
|
# # <list> list of roles to copy permissions from.
|
|
# from:
|
|
# - uid: 'basic_editor'
|
|
# global: true
|
|
# - name: 'fixed:users:writer'
|
|
# global: true
|
|
# # <list> list of the permissions to add/remove on top of the copied ones.
|
|
# permissions:
|
|
# - action: 'users:read'
|
|
# scope: 'users:*'
|
|
# - action: 'users:write'
|
|
# scope: 'users:*'
|
|
# # <string> state of the permission. Defaults to 'present'. If 'absent', the permission will be removed.
|
|
# state: absent
|
|
|
|
# # <list> list role assignments to teams to create or remove.
|
|
# teams:
|
|
# # <string, required> name of the team you want to assign roles to. Required.
|
|
# - name: 'Users writers'
|
|
# # <int> org id. Will default to Grafana's default if not specified.
|
|
# orgId: 1
|
|
# # <list> list of roles to assign to the team
|
|
# roles:
|
|
# # <string> uid of the role you want to assign to the team.
|
|
# - uid: 'customuserswriter1'
|
|
# # <int> org id. Will default to Grafana's default if not specified.
|
|
# orgId: 1
|
|
# # <string> name of the role you want to assign to the team.
|
|
# - name: 'fixed:users:writer'
|
|
# # <bool> overwrite org id to specify the role is global.
|
|
# global: true
|
|
# # <string> state of the assignment. Defaults to 'present'. If 'absent', the assignment will be revoked.
|
|
# state: absent
|