Skip to content

Commit

Permalink
Alerting: Update docs with rule read RBAC changes (#88565)
Browse files Browse the repository at this point in the history 
* Remove ref to `datasources:query` for rule read

* Remove more refs to `datasources:query`

* Run prettier
  • Loading branch information
@rwwiv
rwwiv authored May 31, 2024
1 parent c582744 commit 7a744a7
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 18 deletions.
2 changes: 1 addition & 1 deletion docs/sources/alerting/set-up/configure-rbac/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ Grafana Alerting has the following permissions.
| `alert.rules.external:write` | `datasources:*`<br>`datasources:uid:*` | Create, update, and delete alert rules in data sources that support alerting (Mimir and Loki). |
| `alert.rules:create` | `folders:*`<br>`folders:uid:*` | Create Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
| `alert.rules:delete` | `folders:*`<br>`folders:uid:*` | Delete Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
| `alert.rules:read` | `folders:*`<br>`folders:uid:*` | Read Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
| `alert.rules:read` | `folders:*`<br>`folders:uid:*` | Read Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder. |
| `alert.rules:write` | `folders:*`<br>`folders:uid:*` | Update Grafana alert rules in a folder and its subfolders. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
| `alert.silences:create` | `folders:*`<br>`folders:uid:*` | Create rule-specific silences in a folder and its subfolders. |
| `alert.silences:read` | `folders:*`<br>`folders:uid:*` | Read general and rule-specific silences in a folder and its subfolders. |
Expand Down
18 changes: 1 addition & 17 deletions docs/sources/alerting/set-up/configure-rbac/access-roles/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ For more information on creating custom roles, refer to [Create custom roles](ht

The following examples give you an idea of how you can combine permissions for Grafana Alerting.

A custom role for read access to alert rules that uses data source DS1 and DS2 in folder F:
A custom role for read access to alert rules in folder F:

<!-- prettier-ignore-start -->
```
Expand All @@ -77,14 +77,6 @@ PUT access-control/roles
"displayName": "Alert rule reader in folder F",
"description": "Read access to rules in folder F that use DS1 and DS2",
"permissions": [
{
"action": "datasources:query",
"scope": "datasources:uid:UID_DS1"
},
{
"action": "datasources:query",
"scope": "datasources:uid:UID_DS2"
},
{
"action": "alert.rules:read",
"scope": "folders:uid:UID_F"
Expand All @@ -108,14 +100,6 @@ PUT access-control/roles
"displayName": "Alert rules editor in folder F",
"description": "Edit access to rules in folder F that use DS1 and DS2",
"permissions": [
{
"action": "datasources:query",
"scope": "datasources:uid:UID_DS1"
},
{
"action": "datasources:query",
"scope": "datasources:uid:UID_DS2"
},
{
"action": "alert.rules:read",
"scope": "folders:uid:UID_F"
Expand Down

0 comments on commit 7a744a7

Please sign in to comment.