I want to create a grafana user without using Admin credentials. I was trying to create a user using API in grafana using the code below:
curl -XPOST -H "Content-Type: application/json" -d '{
"name":"User",
"email":"[email protected]",
"login":"user",
"password":"userpassword"
}' https://user:password@<host>/api/admin/users
After this, I got an error which made me think I do not have sufficient permissions as a grafana user to do this and could create the user using Grafana Admin credentials.
{
"accessErrorId":"ACE7538001967",
"message":"You'll need additional permissions to perform this action. Permissions needed: users:create",
"title":"Access denied"
}
So, I tried implementing RBAC. The way I did this is to:
Edited etc/grafana/provisioning/access-control/sample.yaml
file with contents:
# ---
# # config file version
apiVersion: 2
# <list> list of roles to insert/update/delete
roles:
# <string, required> name of the role you want to create or update. Required.
- name: 'custom:users:writer'
# <string> uid of the role. Has to be unique for all orgs.
uid: customuserswriter1
# <string> description of the role, informative purpose only.
description: 'Create, read, write users'
# <int> version of the role, Grafana will update the role when increased.
version: 2
# <int> org id. Defaults to Grafana's default if not specified.
orgId: 1
# <list> list of the permissions granted by this role.
permissions:
# <string, required> action allowed.
- action: 'users:read'
#<string> scope it applies to.
scope: 'global.users:*'
- action: 'users:write'
scope: 'global.users:*'
- action: 'users:create'
And then according to this doc: https://grafana.com/docs/grafana/v9.5/administration/roles-and-permissions/access-control/rbac-grafana-provisioning/#provisioning-rbac-with-grafana
I hit the API using curl as an Admin user to reload provisioning configurations:
curl -X POST https://admin:admin@<host>/api/admin/provisioning/access-control/reload -H "Accept: application/json" -H "Content-Type: application/json"
But I got this response: {"message":"Not found"}
Other API calls work for example,
curl -X POST https://<admin>:<admin-pwd>@<my-host>/api/admin/provisioning/notifications/reload
-H "Accept: application/json"
-H "Content-Type: application/json"
{"message":"Notifications config reloaded"}
What should I have done differently? Any help would be appreciated. Tried asking this on Grafana forum as well as on their Github account.
https://community.grafana.com/t/unable-to-create-user-via-api/105747/10
https://github.com/grafana/grafana/issues/76750
Grafana docs are definitely not that straightforward. Thanks a lot, in advance!
I was expecting this API response to be something like 200 OK.
curl -X POST https://<admin>:<admin-pwd>@<my-host>/api/admin/provisioning/access-control/reload
-H "Accept: application/json"
-H "Content-Type: application/json"