opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-29 15:22:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

docs: added permissions page and updated folder docs

Browse Source
This commit is contained in:
Torkel Ödegaard
2018-01-31 16:07:27 +01:00
parent b1a9360756
commit 17c1e7bac7
5 changed files with 96 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/sources/reference/admin.md
View File

@ -1,42 +0,0 @@
+++
title = "Admin Roles"
description = "Users & Organization permission and administration"
keywords = ["grafana", "configuration", "documentation", "admin", "users", "permissions"]
type = "docs"
[menu.docs]
name = "Admin Roles"
parent = "admin"
weight = 3
+++
# Administration
Grafana has two levels of administrators:
* Organizational administrators: These admins can manage users within specific organizations in a particular Grafana installation
* Grafana administrators: These super admins can manage users across all organizations in a Grafana installation. They can also change and access system-wide settings.
## Organizational Administrators
As an Organizational administrator, you can add `Data Sources`, add Users to your Organization and
modify Organization details and options.
> *Note*: If Grafana is configured with `users.allow_org_create = true`, any User of any Organization will be able to
> start their own Organization and become the administrator of that Organization.
## Grafana Administrators
<img src="/img/v2/admin_sidenav.png" class="pull-right" style="margin-left: 15px">
As a Grafana Administrator, you have complete access to any Organization or User in that instance of Grafana.
When performing actions as a Grafana admin, the sidebar will change it's appearance as below to indicate you are performing global server administration.
From the Grafana Server Admin page, you can access the System Info page which summarizes all of the backend configuration settings of the Grafana server.
## Why would I have multiple Organizations?
Organizations in Grafana are best suited for a **multi-tenant deployment**. In a multi-tenant deployment,
Organizations can be used to provide a full Grafana experience to different sets of users from a single Grafana instance,
at the convenience of the Grafana Administrator.
In most cases, a Grafana installation will only have **one** Organization. Since dashboards, data sources and other configuration items are not shared between organizations, there's no need to create multiple Organizations if you want all your users to have access to the same set of dashboards and data.

75
docs/sources/reference/dashboard_folders.md
View File

@ -14,20 +14,16 @@ Folders are a way to organize and group dashboards - very useful if you have a l
## How To Create A Folder
- Create a folder by using the Create Folder link in the side menu.
![](/img/docs/v50/create_folder_menu.png)
- Create a folder by using the Create Folder link in the side menu (under the create menu (+ icon))
- Use the create Folder button on the Manage Dashboards page.
- When saving a dashboard, you can either choose a folder for the dashboard to be saved in or create a new folder (coming in 5.0 beta)
- When saving a dashboard, you can either choose a folder for the dashboard to be saved in or create a new folder
On the Create Folder page, fill in a unique name for the folder and press Create.
![](/img/docs/v50/create_folder_page.png)
## Manage Dashboards
{{< docs-imagebox img="/img/docs/v50/manage_dashboard_menu.png" max-width="300px" class="docs-image--right" >}}
There is a new Manage Dashboards page where you can carry out a variety of tasks:
- create a folder
@ -36,62 +32,21 @@ There is a new Manage Dashboards page where you can carry out a variety of tasks
- delete multiple dashboards
- navigate to a folder page (where you can set permissions for a folder and/or its dashboards)
There is a new option in the Dashboards menu for the Manage Dashboards page:
![](/img/docs/v50/manage_dashboard_menu.png)
Here you can manage your dashboards:
![](/img/docs/v50/manage_dashboards_page.png)
Or you can go directly to a Dashboard Folder page via Dashboard Search by clicking on the cog icon:
![](/img/docs/v50/go_to_dashboard_folder_page.png)
## Dashboard Folder Page
You reach the dashboard folder page by clicking on the cog icon that appears when you hover
over a folder in the dashboard list in the search result or on the Manage dashboards page.
The Dashboard Folder Page is similar to the Manage Dashboards page and is where you can carry out the following tasks:
- allows you to move or delete dashboards in a folder.
- rename a folder (under the Settings tab).
- set permissions on the whole folder.
- set permissions on a single dashboard.
- Allows you to move or delete dashboards in a folder.
- Rename a folder (under the Settings tab).
- Set permissions for the folder (inherited by dashboards in the folder).
## Dashboard Permissions (Not enabled in Grafana 5.0 alpha)
## Permissions
An Access Control List (ACL) model is used for permissions on Dashboard Folders. An individual user can be assigned permissions on a folder or a Team.
Permissions can assigned to a folder and inherited by the containing dashboards. An Access Control List (ACL) is used where
**Organization Role**, **Team** and Individual **User** can be assigned permissions. Read the
[Dashboard & Folder Permissions]({{< relref "administration/permissions.md#dashboard-folder-permissions" >}}) docs for more detail
on the permission system.
The permissions that can be assigned for a folder are: View, Edit, Admin.
The default is that:
- everyone has access to a folder and that their permissions depend on their user role (Viewer, Editor or Admin).
- An Admin or Editor can remove the default access for everyone and can then assign a user or team to a Dashboard Folder.
- Teams make it easier to assign permissions for multiple users to multiple dashboards.
Other Dashboard Folder rules:
- Users with the Admin and Editor role are allowed to create new Dashboard Folders.
- Users with the Viewer role are not allowed to create new Dashboard Folders.
- Editors who are owners and Admins can assign permissions to users or teams for Dashboard Folders.
- Default permissions can be removed except for the Admin permissions (View, Edit).
### Limiting Permissions on a Folder
To limit permissions on a folder or dashboard:
1. go to the permissions tab on the Dashboard Folder page
2. remove the default permissions (Everyone with Editor Role / Everyone with Viewer Role)
3. Give a team or user specific permissions. For example: `frontend-team can edit` and `ops-team can view`.
Remember that users with the Admin role will always have permission to all folders and dashboards.
## Teams (Not enabled in Grafana 5.0 alpha)
Teams is a new concept for Grafana 5.0. A team is a group of users that can be assigned permissions on a dashboard folder or a dashboard.
How Teams Work:
- Admins can create teams.
- No hierarchies. Teams cannot contain teams.
- If a user belongs to multiple teams, their permissions are merged to give them the highest permission possible for a dashboard folder or dashboard.