Archived documentation version rendered and hosted by DevNetExpertTraining.com

Fine-grained access control references

The reference information that follows complements conceptual information about Roles.

Fine-grained access fixed roles

Fixed roles	Permissions	Descriptions
`fixed:permissions:admin:read`	`roles:read` `roles:list` `roles.builtin:list`	Allows to list and get available roles and built-in role assignments.
`fixed:permissions:admin:edit`	All permissions from `fixed:permissions:admin:read` and `roles:write` `roles:delete` `roles.builtin:add` `roles.builtin:remove`	Allows every read action and in addition allows to create, change and delete custom roles and create or remove built-in role assignments.
`fixed:reporting:admin:read`	`reports:read` `reports:send` `reports.settings:read`	Allows to read reports and report settings.
`fixed:reporting:admin:edit`	All permissions from `fixed:reporting:admin:read` and `reports.admin:write` `reports:delete` `reports.settings:write`	Allows every read action for reports and in addition allows to administer reports.
`fixed:users:admin:read`	`users.authtoken:list` `users.quotas:list` `users:read` `users.teams:read`	Allows to list and get users and related information.
`fixed:users:admin:edit`	All permissions from `fixed:users:admin:read` and `users.password:update` `users:write` `users:create` `users:delete` `users:enable` `users:disable` `users.permissions:update` `users:logout` `users.authtoken:update` `users.quotas:update`	Allows every read action for users and in addition allows to administer users.
`fixed:users:org:read`	`org.users:read`	Allows to get user organizations.
`fixed:users:org:edit`	All permissions from `fixed:users:org:read` and `org.users:add` `org.users:remove` `org.users.role:update`	Allows every read action for user organizations and in addition allows to administer user organizations.
`fixed:ldap:admin:read`	`ldap.user:read` `ldap.status:read`	Allows to read LDAP information and status.
`fixed:ldap:admin:edit`	All permissions from `fixed:ldap:admin:read` and `ldap.user:sync` `ldap.config:reload`	Allows every read action for LDAP and in addition allows to administer LDAP.
`fixed:server:admin:read`	`server.stats:read`	Read server stats
`fixed:settings:admin:read`	`settings:read`	Read settings
`fixed:settings:admin:edit`	All permissions from `fixed:settings:admin:read` and `settings:write`	Update settings
`fixed:datasource:editor:read`	`datasources:explore`	Explore datasources

Default built-in role assignments

Built-in roles	Associated roles	Descriptions
Grafana Admin	`fixed:permissions:admin:edit` `fixed:permissions:admin:read` `fixed:reporting:admin:edit` `fixed:reporting:admin:read` `fixed:users:admin:edit` `fixed:users:admin:read` `fixed:users:org:edit` `fixed:users:org:read` `fixed:ldap:admin:edit` `fixed:ldap:admin:read` `fixed:server:admin:read` `fixed:settings:admin:read` `fixed:settings:admin:edit`	Allows access to resources which Grafana Server Admin has permissions by default.
Admin	`fixed:users:org:edit` `fixed:users:org:read` `fixed:reporting:admin:edit` `fixed:reporting:admin:read`	Allows access to resource which Admin has permissions by default.
Editor	`fixed:datasource:editor:read`