annotations:
annotations:type: | Restrict an action to a set of annotations. For example, annotations: matches any annotation, annotations:type:dashboard matches annotations associated with dashboards and annotations:type:organization matches organization annotations. |
apikeys:
apikeys:id: | Restrict an action to a set of API keys. For example, apikeys: matches any API key, apikey:id:1 matches the API key whose id is 1. |
dashboards:
dashboards:uid: | Restrict an action to a set of dashboards. For example, dashboards: matches any dashboard, and dashboards:uid:1 matches the dashboard whose UID is 1. |
datasources:
datasources:uid: | Restrict an action to a set of data sources. For example, datasources: matches any data source, and datasources:uid:1 matches the data source whose UID is 1. |
folders:
folders:uid: | Restrict an action to a set of folders. For example, folders: matches any folder, and folders:uid:1 matches the folder whose UID is 1. |
global.users:
global.users:id: | Restrict an action to a set of global users. For example, global.users: matches any user and global.users:id:1 matches the user whose ID is 1. |
orgs:
orgs:id: | Restrict an action to a set of organizations. For example, orgs: matches any organization and orgs:id:1 matches the organization whose ID is 1. |
permissions:type:delegate | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. |
permissions:type:escalate | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have. |
provisioners: | Restrict an action to a set of provisioners. For example, provisioners: matches any provisioner, and provisioners:accesscontrol matches the role-based access control provisioner. |
reports:
reports:id: | Restrict an action to a set of reports. For example, reports: matches any report and reports:id:1 matches the report whose ID is 1. |
roles:
roles:uid: | Restrict an action to a set of roles. For example, roles: matches any role and roles:uid:randomuid matches only the role whose UID is randomuid. |
services:accesscontrol | Restrict an action to target only the role-based access control service. You can use this in conjunction with the status:accesscontrol actions. |
serviceaccounts:
serviceaccounts:id: | Restrict an action to a set of service account from an organization. For example, serviceaccounts: matches any service account and serviceaccount:id:1 matches the service account whose ID is 1. |
settings: | Restrict an action to a subset of settings. For example, settings: matches all settings, settings:auth.saml: matches all SAML settings, and settings:auth.saml:enabled matches the enable property on the SAML settings. |
teams:
teams:id: | Restrict an action to a set of teams from an organization. For example, teams: matches any team and teams:id:1 matches the team whose ID is 1. |
users:
users:id: | Restrict an action to a set of users from an organization. For example, users:* matches any user and users:id:1 matches the user whose ID is . |
我的书签
添加书签
移除书签