菜单
文档面包屑箭头 Grafana 文档面包屑箭头 开发者面包屑箭头 HTTP API面包屑箭头 数据源权限 HTTP API
Enterprise 开源

数据源权限 API

数据源权限仅在 Grafana Enterprise 中可用。了解更多关于Grafana Enterprise

如果您运行的是 Grafana Enterprise,对于某些端点,您需要拥有特定权限。请参阅基于角色的访问控制权限了解更多信息。

此 API 可用于列出、添加和移除数据源的权限。

可以为用户、团队、服务账号或基本角色(Admin、Editor、Viewer)设置权限。

获取数据源权限

GET /api/access-control/datasources/:uid

获取具有给定 uid 的数据源的所有现有权限。

所需权限

请参阅简介中的说明。

操作范围
datasources.permissions:readdatasources:*
datasources:uid:*
datasources:uid:my_datasource (单个数据源)

示例

请求示例

http 
GET /api/access-control/datasources/my_datasource HTTP/1.1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 551

[
    {
        "id": 1,
        "roleName": "fixed:datasources:reader",
        "isManaged": false,
        "isInherited": false,
        "isServiceAccount": false,
        "userId": 1,
        "userLogin": "admin_user",
        "userAvatarUrl": "/avatar/admin_user",
        "actions": [
            "datasources:read",
            "datasources:query",
            "datasources:read",
            "datasources:query",
            "datasources:write",
            "datasources:delete"
        ],
        "permission": "Edit"
    },
    {
        "id": 2,
        "roleName": "managed:teams:1:permissions",
        "isManaged": true,
        "isInherited": false,
        "isServiceAccount": false,
        "team": "A team",
        "teamId": 1,
        "teamAvatarUrl": "/avatar/523d70c8551046f441727d690431858c",
        "actions": [
            "datasources:read",
            "datasources:query"
        ],
        "permission": "Query"
    },
    {
        "id": 3,
        "roleName": "basic:admin",
        "isManaged": false,
        "isInherited": false,
        "isServiceAccount": false,
        "builtInRole": "Admin",
        "actions": [
            "datasources:query",
            "datasources:read",
            "datasources:write",
            "datasources:delete"
        ],
        "permission": "Edit"
    },
]

状态码

  • 200 - 成功
  • 401 - 未经授权
  • 403 - 访问被拒绝
  • 500 - 内部错误

添加或撤销用户对数据源的访问权限

POST /api/access-control/datasources/:uid/users/:id

设置具有给定 uid 的数据源的用户权限。

要添加权限,将 permission 字段设置为 QueryEditAdmin。要移除权限,将 permission 字段设置为空字符串。

所需权限

请参阅简介中的说明。

操作范围
datasources.permissions:writedatasources:*
datasources:uid:*
datasources:uid:my_datasource (单个数据源)

示例

请求示例

http 
POST /api/access-control/datasources/my_datasource/users/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "Query",
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission updated"}

请求示例

http 
POST /api/access-control/datasources/my_datasource/users/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "",
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission removed"}

状态码

  • 200 - 成功
  • 400 - 无法添加权限,请查看响应体了解详情
  • 401 - 未经授权
  • 403 - 访问被拒绝

添加或撤销团队对数据源的访问权限

POST /api/access-control/datasources/:uid/teams/:id

设置具有给定 uid 的数据源的团队权限。

要添加权限,将 permission 字段设置为 QueryEditAdmin。要移除权限,将 permission 字段设置为空字符串。

所需权限

请参阅简介中的说明。

操作范围
datasources.permissions:writedatasources:*
datasources:uid:*
datasources:uid:my_datasource (单个数据源)

示例

请求示例

http 
POST /api/access-control/datasources/my_datasource/teams/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "Edit",
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission updated"}

请求示例

http 
POST /api/access-control/datasources/my_datasource/teams/1
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "",
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission removed"}

状态码

  • 200 - 成功
  • 400 - 无法添加权限,请查看响应体了解详情
  • 401 - 未经授权
  • 403 - 访问被拒绝

添加或撤销基本角色对数据源的访问权限

POST /api/access-control/datasources/:uid/builtInRoles/:builtinRoleName

为具有给定 uid 的数据源设置权限,该权限应用于所有具有指定基本角色的用户。

您可以为以下基本角色设置权限:AdminEditorViewer

要添加权限,将 permission 字段设置为 QueryEditAdmin。要移除权限,将 permission 字段设置为空字符串。

所需权限

请参阅简介中的说明。

操作范围
datasources.permissions:writedatasources:*
datasources:uid:*
datasources:uid:my_datasource (单个数据源)

示例

请求示例

http 
POST /api/access-control/datasources/my_datasource/builtInRoles/Admin
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "Edit",
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission updated"}

请求示例

http 
POST /api/access-control/datasources/my_datasource/builtInRoles/Viewer
Accept: application/json
Content-Type: application/json
Authorization: Bearer eyJrIjoiT0tTcG1pUlY2RnVKZTFVaDFsNFZXdE9ZWmNrMkZYbk

{
  "permission": "",
}

响应示例

http 
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 35

{"message": "Permission removed"}

状态码

  • 200 - 成功
  • 400 - 无法添加权限,请查看响应体了解详情
  • 401 - 未经授权
  • 403 - 访问被拒绝