Menu
Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Documentation
Grafana documentationGrafana EnterpriseFine-grained access controlFine-grained access control references
Grafana documentationGrafana EnterpriseFine-grained access controlFine-grained access control referencesEnterprise
Open source
Fine-grained access control references
The reference information that follows complements conceptual information about Roles.
Fine-grained access fixed roles
| Fixed roles | Permissions | Descriptions |
|---|---|---|
| fixed:permissions:admin:read | roles:read roles:list roles.builtin:list | Allows to list and get available roles and built-in role assignments. |
| fixed:permissions:admin:edit | All permissions from fixed:permissions:admin:read androles:write roles:delete roles.builtin:add roles.builtin:remove | Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments. |
| fixed:reporting:admin:read | reports:read reports:send reports.settings:read | Allows to read reports and report settings. |
| fixed:reporting:admin:edit | All permissions from fixed:reporting:admin:read andreports.admin:write reports:delete reports.settings:write | Allows every read action for reports and in addition allows to administer reports. |
| fixed:users:admin:read | users.authtoken:list users.quotas:list users:read users.teams:read | Allows to list and get users and related information. |
| fixed:users:admin:edit | All permissions from fixed:users:admin:read andusers.password:update users:write users:create users:delete users:enable users:disable users.permissions:update users:logout users.authtoken:update users.quotas:update | Allows every read action for users and in addition allows to administer users. |
| fixed:users:org:read | org.users:read | Allows to get user organizations. |
| fixed:users:org:edit | All permissions from fixed:users:org:read andorg.users:add org.users:remove org.users.role:update | Allows every read action for user organizations and in addition allows to administer user organizations. |
| fixed:ldap:admin:read | ldap.user:read ldap.status:read | Allows to read LDAP information and status. |
| fixed:ldap:admin:edit | All permissions from fixed:ldap:admin:read andldap.user:sync | Allows every read action for LDAP and in addition allows to administer LDAP. |
Default built-in role assignments
| Built-in roles | Associated roles | Descriptions |
|---|---|---|
| Grafana Admin | fixed:permissions:admin:edit fixed:permissions:admin:read fixed:reporting:admin:edit fixed:reporting:admin:read fixed:users:admin:edit fixed:users:admin:read fixed:users:org:edit fixed:users:org:read fixed:ldap:admin:edit fixed:ldap:admin:read | Allows access to resources which Grafana Server Admin has permissions by default. |
| Admin | fixed:users:org:edit fixed:users:org:read fixed:reporting:admin:edit fixed:reporting:admin:read | Allows access to resource which Admin has permissions by default. |
Was this page helpful?
Related resources from Grafana Labs
Getting started with the Grafana LGTM Stack
In this webinar, we’ll demo how to get started using the LGTM Stack: Loki for logs, Grafana for visualization, Tempo for traces, and Mimir for metrics.
Getting started with Grafana dashboard design
In this webinar, you'll learn how to design stylish and easily accessible Grafana dashboards that tell a story.
Building advanced Grafana dashboards
In this webinar, we’ll demo how to build and format Grafana dashboards.