fixed:alerting.instances:writer | All permissions from fixed:alerting.instances:reader and
alert.instances:create
alert.instances:write for organization scope
alert.instances.external:write for scope datasources: | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki. |
fixed:alerting.instances:reader | alert.instances:read for organization scope
alert.instances.external:read for scope datasources: | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences. |
fixed:alerting.notifications:writer | All permissions from fixed:alerting.notifications:reader and
alert.notifications:writefor organization scope
alert.notifications.external:read for scope datasources: | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager. |
fixed:alerting.notifications:reader | alert.notifications:read for organization scope
alert.notifications.external:read for scope datasources: | Read all Grafana and Alertmanager contact points, templates, and notification policies. |
fixed:alerting.rules:writer | All permissions from fixed:alerting.rules:reader and
alert.rule:create
alert.rule:write
alert.rule:delete for scope folders:
alert.rules.external:write for scope datasources: | Create, update, and delete all Grafana, Mimir, and Loki alert rules. |
fixed:alerting.rules:reader | alert.rule:read for scope folders:
alert.rules.external:read for scope datasources: | Read all Grafana, Mimir, and Loki alert rules. |
fixed:alerting:writer | All permissions from fixed:alerting.rules:writer
fixed:alerting.instances:writer
fixed:alerting.notifications:writer | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules, silences, contact points, templates, mute timings, and notification policies. |
fixed:alerting:reader | All permissions from fixed:alerting.rules:reader
fixed:alerting.instances:reader
| Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules, alerts, contact points, and notification policies. |
fixed:alerting.provisioning:writer | alert.provisioning:read and alert.provisioning:write | Create, update and delete Grafana alert rules, notification policies, contact points, templates, etc via provisioning API. |
fixed:annotations.dashboard:writer | annotations:write
annotations.create
annotations:delete for scope annotations:type:dashboard | Create, update and delete dashboard annotations and annotation tags. |
fixed:annotations:reader | annotations:read for scopes annotations:type: | Read all annotations and annotation tags. |
fixed:annotations:writer | All permissions from fixed:annotations:reader
annotations:write
annotations.create
annotations:delete for scope annotations:type: | Read, create, update and delete all annotations and annotation tags. |
fixed:apikeys:reader | apikeys:read for scope apikeys: | Read all api keys. |
fixed:apikeys:writer | All permissions from fixed:apikeys:reader and
apikeys:create
apikeys:delete for scope apikeys:* | Read, create, delete all api keys. |
fixed:dashboards:creator | dashboards:create
folders:read | Create dashboards. |
fixed:dashboards.insights:reader | dashboards.insights:read | Read dashboard insights data and see presence indicators. |
fixed:dashboards.permissions:reader | dashboards.permissions:read | Read all dashboard permissions. |
fixed:dashboards.permissions:writer | All permissions from fixed:dashboards.permissions:reader and
dashboards.permissions:write | Read and update all dashboard permissions. |
fixed:dashboards:reader | dashboards:read | Read all dashboards. |
fixed:dashboards:writer | All permissions from fixed:dashboards:reader and
dashboards:write
dashboards:edit
dashboards:delete
dashboards:create
dashboards.permissions:read
dashboards.permissions:write | Read, create, update, and delete all dashboards. |
fixed:datasources.caching:reader | datasources.caching:read | Read data source query caching settings. |
fixed:datasources.caching:writer | datasources.caching:read
datasources.caching:write | Enable, disable, or update query caching settings. |
fixed:datasources:explorer | datasources:explore | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions. |
fixed:datasources:id:reader | datasources.id:read | Read the ID of a data source based on its name. |
fixed:datasources.insights:reader | datasources.insights:read | Read data source insights data. |
fixed:datasources.permissions:reader | datasources.permissions:read | Read data source permissions. |
fixed:datasources.permissions:writer | All permissions from fixed:datasources.permissions:reader and
datasources.permissions:write | Create, read, or delete permissions of a data source. |
fixed:datasources:reader | datasources:read
datasources:query | Read and query data sources. |
fixed:datasources:writer | All permissions from fixed:datasources:reader and
datasources:create
datasources:write
datasources:delete | Read, query, create, delete, or update a data source. |
fixed:folders.permissions:reader | folders.permissions:read | Read all folder permissions. |
fixed:folders.permissions:writer | All permissions from fixed:folders.permissions:reader and
folders.permissions:write | Read and update all folder permissions. |
fixed:folders:creator | folders:create | Create folders. |
fixed:folders:reader | folders:read
dashboards:read | Read all folders and dashboards. |
fixed:folders:writer | All permissions from fixed:dashboards:writer and
folders:read
folders:write
folders:create
folders:delete
folders.permissions:read
folders.permissions:write | Read, create, update, and delete all folders and dashboards. |
fixed:ldap:reader | ldap.user:read
ldap.status:read | Read the LDAP configuration and LDAP status information. |
fixed:ldap:writer | All permissions from fixed:ldap:reader and
ldap.user:sync
ldap.config:reload | Read and update the LDAP configuration, and read LDAP status information. |
fixed:licensing:reader | licensing:read
licensing.reports:read | Read licensing information and licensing reports. |
fixed:licensing:writer | All permissions from fixed:licensing:viewer and
licensing:delete | Read licensing information and licensing reports, update and delete the license token. |
fixed:org.users:reader | org.users:read | Read users within a single organization. |
fixed:org.users:writer | All permissions from fixed:org.users:reader and
org.users:add
org.users:remove
org.users:write | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user. |
fixed:organization:maintainer | All permissions from fixed:organization:reader and
orgs:write
orgs:create
orgs:delete
orgs.quotas:write | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally. |
fixed:organization:reader | orgs:read
orgs.quotas:read | Read an organization and its quotas. |
fixed:organization:writer | All permissions from fixed:organization:reader and
orgs:write
orgs.preferences:read
orgs.preferences:write | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences. |
fixed:plugins.app:reader | plugins.app:access | Access application plugins (still enforcing the organization role). |
fixed:provisioning:writer | provisioning:reload | Reload provisioning. |
fixed:reports:reader | reports:read
reports:send
reports.settings:read | Read all reports and shared report settings. |
fixed:reports:writer | All permissions from fixed:reports:reader and
reports:create
reports:write
reports:delete
reports.settings:write | Create, read, update, or delete all reports and shared report settings. |
fixed:roles:reader | roles:read
teams.roles:read
users.roles:read
users.permissions:read | Read all access control roles, roles and permissions assigned to users, teams. |
fixed:roles:writer | All permissions from fixed:roles:reader and
roles:write
roles:delete
teams.roles:add
teams.roles:remove
users.roles:add
users.roles:remove | Create, read, update, or delete all roles, assign or unassign roles to users, teams. |
fixed:roles:resetter | roles:write with scope permissions:type:escalate | Reset basic roles to their default. |
fixed:serviceaccounts:reader | serviceaccounts:read | Read Grafana service accounts. |
fixed:serviceaccounts:creator | serviceaccounts:create | Create Grafana service accounts. |
fixed:serviceaccounts:writer | serviceaccounts:read
serviceaccounts:create
serviceaccounts:write
serviceaccounts:delete
serviceaccounts.permissions:read
serviceaccounts.permissions:write | Create, update, read and delete all Grafana service accounts and manage service account permissions. |
fixed:settings:reader | settings:read | Read Grafana instance settings. |
fixed:settings:writer | All permissions from fixed:settings:reader and
settings:write | Read and update Grafana instance settings. |
fixed:stats:reader | server.stats:read | Read Grafana instance statistics. |
fixed:teams:creator | teams:create
org.users:read | Create a team and list organization users (required to manage the created team). |
fixed:teams:writer | teams:create
teams:delete
teams:read
teams:write
teams.permissions:read
teams.permissions:write | Create, read, update and delete teams and manage team memberships. |
fixed:users:reader | users:read
users.quotas:read
users.authtoken:read
` | Read all users and their information, such as team memberships, authentication tokens, and quotas. |
fixed:users:writer | All permissions from fixed:users:reader and
users:write
users:create
users:delete
users:enable
users:disable
users.password:write
users.permissions:write
users:logout
users.authtoken:write
users.quotas:write | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |
我的书签
添加书签
移除书签