Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Fine-grained access control references
The reference information that follows complements conceptual information about Roles.
Fine-grained access fixed roles
Fixed roles | Permissions | Descriptions |
---|---|---|
fixed:permissions:admin:read | roles:read roles:list roles.builtin:list | Allows to list and get available roles and built-in role assignments. |
fixed:permissions:admin:edit | All permissions from fixed:permissions:admin:read androles:write roles:delete roles.builtin:add roles.builtin:remove | Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments. |
fixed:reporting:admin:read | reports:read reports:send reports.settings:read | Allows to read reports and report settings. |
fixed:reporting:admin:edit | All permissions from fixed:reporting:admin:read andreports.admin:write reports:delete reports.settings:write | Allows every read action for reports and in addition allows to administer reports. |
fixed:users:admin:read | users.authtoken:list users.quotas:list users:read users.teams:read | Allows to list and get users and related information. |
fixed:users:admin:edit | All permissions from fixed:users:admin:read andusers.password:update users:write users:create users:delete users:enable users:disable users.permissions:update users:logout users.authtoken:update users.quotas:update | Allows every read action for users and in addition allows to administer users. |
fixed:users:org:read | org.users:read | Allows to get user organizations. |
fixed:users:org:edit | All permissions from fixed:users:org:read andorg.users:add org.users:remove org.users.role:update | Allows every read action for user organizations and in addition allows to administer user organizations. |
fixed:ldap:admin:read | ldap.user:read ldap.status:read | Allows to read LDAP information and status. |
fixed:ldap:admin:edit | All permissions from fixed:ldap:admin:read andldap.user:sync ldap.config:reload | Allows every read action for LDAP and in addition allows to administer LDAP. |
fixed:server:admin:read | server.stats:read | Read server stats |
fixed:settings:admin:read | settings:read | Read settings |
fixed:settings:admin:edit | All permissions from fixed:settings:admin:read andsettings:write | Update settings |
fixed:datasource:editor:read | datasources:explore | Explore datasources |
Default built-in role assignments
Built-in roles | Associated roles | Descriptions |
---|---|---|
Grafana Admin | fixed:permissions:admin:edit fixed:permissions:admin:read fixed:reporting:admin:edit fixed:reporting:admin:read fixed:users:admin:edit fixed:users:admin:read fixed:users:org:edit fixed:users:org:read fixed:ldap:admin:edit fixed:ldap:admin:read fixed:server:admin:read fixed:settings:admin:read fixed:settings:admin:edit | Allows access to resources which Grafana Server Admin has permissions by default. |
Admin | fixed:users:org:edit fixed:users:org:read fixed:reporting:admin:edit fixed:reporting:admin:read | Allows access to resource which Admin has permissions by default. |
Editor | fixed:datasource:editor:read |