opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-18 22:02:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Extend docs with service account limitations (#92630)

Browse Source 
* extend docs with service account limitations

* linting

* Apply suggestions from code review

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>

* PR feedback

* more PR feedback

* linting

---------

Co-authored-by: Jack Baldry <jack.baldry@grafana.com>
This commit is contained in:
Ieva
2024-08-29 10:50:11 +01:00
committed by GitHub
parent bd974bd791
commit a72b557886
5 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/sources/developers/http_api/admin.md
View File

@ -18,9 +18,15 @@ title: 'Admin HTTP API '
# Admin API
The Admin HTTP API does not currently work with an API Token. API Tokens are currently only linked to an organization and an organization role. They cannot be given
the permission of server admin, only users can be given that permission. So in order to use these API calls you will have to use Basic Auth and the Grafana user
must have the Grafana Admin permission. (The default admin user is called `admin` and has permission to use this API.)
{{< admonition type="caution" >}}
You can't authenticate to the Admin HTTP API with service account tokens.
Service accounts are limited to an organization and an organization role.
They can't be granted [Grafana server administrator permissions](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators).
To use these API endpoints you have to use Basic authentication and the Grafana user must have the Grafana server administrator permission.
The `admin` user that Grafana is provisioned with by default has permissions to use these API endpoints.
{{< /admonition >}}
> If you are running Grafana Enterprise, for some endpoints you'll need to have specific permissions. Refer to [Role-based access control permissions]({{< relref "../../administration/roles-and-permissions/access-control/custom-role-actions-scopes/" >}}) for more information.

10
docs/sources/developers/http_api/licensing.md
View File

@ -21,6 +21,16 @@ title: Licensing HTTP API
Licensing is only available in Grafana Enterprise. Read more about [Grafana Enterprise]({{< relref "/docs/grafana/latest/introduction/grafana-enterprise" >}}).
{{< admonition type="caution" >}}
You can't authenticate to the Licensing HTTP API with service account tokens.
Service accounts are limited to an organization and an organization role.
They can't be granted [Grafana server administrator permissions](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators).
To use these API endpoints you have to use Basic authentication and the Grafana user must have the Grafana server administrator permission.
The `admin` user that Grafana is provisioned with by default has permissions to use these API endpoints.
{{< /admonition >}}
> If you are running Grafana Enterprise, for some endpoints you'll need to have specific permissions. Refer to [Role-based access control permissions]({{< relref "/docs/grafana/latest/administration/roles-and-permissions/access-control/custom-role-actions-scopes" >}}) for more information.
## Check license availability

14
docs/sources/developers/http_api/org.md
View File

@ -282,11 +282,15 @@ Content-Type: application/json
```http
HTTP/1.1 200
Content-Type: application/json
`GET /api/orgs/name/:orgName`
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
```
### Get Organization by Name
`GET /api/orgs/name/:orgName`
Only works with Basic Authentication (username and password), see [introduction](#admin-organizations-api).
**Required permissions**
See note in the [introduction]({{< ref "#organization-api" >}}) for an explanation.

14
docs/sources/developers/http_api/user.md
View File

@ -24,11 +24,17 @@ refs:
# User API
The Users HTTP API does not currently work with an API Token. API Tokens are linked to an organization and an organization role. They cannot be given
the permission of server users access, only users can be given that permission. To use these API calls you can use Basic Auth and the Grafana
user must have the Grafana Admin role.
{{< admonition type="caution" >}}
You can't authenticate to the User HTTP API with service account tokens.
Service accounts are limited to an organization and an organization role.
They can't be granted [Grafana server administrator permissions](/docs/grafana/<GRAFANA_VERSION>/administration/roles-and-permissions/#grafana-server-administrators).
API Tokens can be used with Organization HTTP API to get users of specific organization.
Alternatively, you can use the [Organization HTTP API](/docs/grafana/<GRAFANA_VERSION>/developers/http_api/org/#current-organization-api) with service account tokens to manage users in a specific organization
To use these API endpoints you have to use Basic authentication and the Grafana user must have the Grafana server administrator permission.
The `admin` user that Grafana is provisioned with by default has permissions to use these API endpoints.
{{< /admonition >}}
> If you are running Grafana Enterprise, for some endpoints you'll need to have specific permissions. Refer to [Role-based access control permissions](ref:role-based-access-control-permissions) for more information.