opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-03 03:13:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Docs: RBAC GA (#49062)

Browse Source
This commit is contained in:
Karl Persson
2022-05-20 21:48:52 +02:00
committed by GitHub
parent b3b650be1f
commit 0cbe4fe661
34 changed files with 350 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
docs/sources/developers/http_api/auth.md
View File

@ -7,9 +7,11 @@ title = "Authentication HTTP API "
# Authentication API
> If you are running Grafana Enterprise, for some endpoints you would need to have relevant permissions. Refer to [Role-based access control permissions]({{< relref "../../enterprise/access-control/custom-role-actions-scopes" >}}) for more information.
## Tokens
Currently you can authenticate via an `API Token` or via a `Session cookie` (acquired using regular login or OAuth).
Currently, you can authenticate via an `API Token` or via a `Session cookie` (acquired using regular login or OAuth).
## X-Grafana-Org-Id Header
@ -76,6 +78,14 @@ curl example:
See note in the [introduction]({{< ref "#authentication-api" >}}) for an explanation.
| Action | Scope |
| -------------- | ----------- |
| `apikeys:read` | `apikeys:*` |
**Example Request**:
```http
GET /api/auth/keys HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk
```
@ -114,6 +124,14 @@ Content-Type: application/json
```
JSON Body schema:
- **name** The key name
- **role** Sets the access level/Grafana Role for the key. Can be one of the following values: `Viewer`, `Editor` or `Admin`.
- **secondsToLive** Sets the key expiration in seconds. It is optional. If it is a positive number an expiration date for the key is set. If it is null, zero or is omitted completely (unless `api_key_max_seconds_to_live` configuration option is set) the key will never expire.
Error statuses:
- **400** `api_key_max_seconds_to_live` is set but no `secondsToLive` is specified or `secondsToLive` is greater than this value.
- **500** The key was unable to be stored in the database.
@ -153,6 +171,14 @@ Content-Type: application/json
Content-Type: application/json
```
**Required permissions**
See note in the [introduction]({{< ref "#authentication-api" >}}) for an explanation.
| Action | Scope |
| ---------------- | ---------- |
| `apikeys:delete` | apikeys:\* |
**Example Request**:
```http