root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 254 Packages Projects Releases Wiki Activity

Access Control: Make it possible to exclude role grants (#91647)

This commit is contained in:
Alexander Zobnin 2024-08-08 14:11:17 +02:00 committed by GitHub
parent 89ee970ec3
commit 0e5d7633f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/api/accesscontrol.go
View File

@ -442,6 +442,8 @@ func (hs *HTTPServer) declareFixedRoles() error {
}, },
}, },
Grants: []string{"Editor"}, Grants: []string{"Editor"},
// Don't grant fixed:folders:creator to Admin
Exclude: []string{"Admin"},
} }
foldersReaderRole := ac.RoleRegistration{ foldersReaderRole := ac.RoleRegistration{

1
pkg/services/accesscontrol/models.go
View File

@ -28,6 +28,7 @@ var (
type RoleRegistration struct { type RoleRegistration struct {
Role RoleDTO Role RoleDTO
Grants []string Grants []string
Exclude []string
} }
// Role is the model for Role in RBAC. // Role is the model for Role in RBAC.