Trying to work out permissions so I can provide view only access to a user but my user can’t see any dashboard.
I created a new organisation (Demo) and allocated my user (Pbraz) to that organisation.
I imported the dashboard into organisation ‘Demo’ and changed the permission of the dashboard so that user ‘Pbraz’ has view access.
But when I log in as the user ‘Pbraz’ I can’t see the dashboard.
What am I doing wrong ?
Thanks
Hi,
Make sure that the user ‘Pbraz’ has active organization assigned to ‘Demo’.
Marcus
Isn’t that my first screen shot - I have added user Pbraz to organisation Demo.
I was referring to your third screenshot.
Feels like same problem as reported here.
Can you check what orgId you get by retrieving the user ‘Pbraz’ from the api: http://docs.grafana.org/http_api/user/#get-single-user-by-id
Also, what organization that user belongs to: http://docs.grafana.org/http_api/user/#get-organisations-for-user
Thanks
Marcus
I get these results.
$ curl http://user:password@10.0.0.xxx:3000/api/users/2
{“id”:0,“email”:“paulb@email.com.au”,“name”:“Pbraz”,“login”:“Pbraz”,“theme”:"",“orgId”:1,“isGrafanaAdmin”:false}
$ curl http://user:password@10.0.0.xxx:3000/api/users/2/orgs
[{“orgId”:2,“name”:“Demo”,“role”:“Viewer”}]
Paul
So I followed a workaround from https://github.com/grafana/grafana/issues/11076 and added the orgid directly http://10.0.0.xxx:3000/?orgId=2 and now it works.
I logged out and came back in normally and can now see the dashboard. Now I get these results
$ curl http://admin:admin@10.0.0.xxx:3000/api/users/2
{“id”:0,“email”:“paulb@email.com.au”,“name”:“Pbraz”,“login”:“Pbraz”,“theme”:"",“orgId”:2,“isGrafanaAdmin”:false}
$ curl http://admin:admin@10.0.0.xxx:3000/api/users/2/orgs
[{“orgId”:2,“name”:“Demo”,“role”:“Viewer”}]
Notice the orgid has now changed from 1 to 2 for the user.
This should not be necessary and needs a proper fix.
Glad that you managed to solve this.
Would be interesting to hear what steps you took to end up with this problem:
Thanks
Marcus
OS: Linux raspberrypi 4.9.41-v7+
Version: 5.0 running
Database: SQLite
External authentication was not enabled
Did not change the default organization
Used Configuration > Server Admin > Users > Add new user
Basis steps were as I remember:
Used Configuration > Server Admin > Orgs> Add new org
Switch to new org
Config > Data Sources > Add data source
Input dashboard json
Check dashboard works - all OK
Server > User > Edit > Add viewer access to new organisation for user Pbraz
Logged out then log in as Pbraz - and that’s when the trouble started !
Also went to dashboard permissions and added Pbraz but that didn’t fix problem
Paul
Thanks!
Trying to reproduce this. I just created a new org. I get automatically switched to this new org. Then creating a new user and that user is automatically assigned as viewer to the main org, see screenshot:
You can also see that the user has Current which means that the user will have that organization when login.
The only way I can reproduce your problem is by removing the user from main org - clicking on the X. Then assigning user to new org with viewer and click add - then Current is missing, see screenshot:
This seems like a bug, but could you please confirm that this was how you ended up with this scenario.
Marcus
Error is still present in grafana-7.0.3
The main org is set to have all permissions currently - hope this is ok.
There is one folder and one dashboard for the specific organization N2.
I created a user, removed the main org and he does see nothing. Added the main org again - he only sees anything (and everything), when he switches to main org.
New user where I do not eliminate the main org also only has visibility when switched to main org.
With the current status in fact orgs do not have any effect, as users in main org see everything and other orgs see nothing. Please let me know what I am doing wrong.
The above provided link to workaround is not available any more. [https://github.com/grafana/grafana/issues/11076 ]
With the http api I got following results, org 3 is the correct one. User 7
api users lookup
{
“id”: 7,
“email”: “N2”,
“name”: “N2 User”,
“login”: “N2”,
“theme”: “”,
“orgId”: 3,
“isGrafanaAdmin”: false,
“isDisabled”: false,
“isExternal”: false,
“authLabels”: null,
“updatedAt”: “2020-08-13T08:15:45+02:00”,
“createdAt”: “2020-08-13T08:15:45+02:00”,
“avatarUrl”: “”
}
api users 7 orgs
[
{
“orgId”: 3,
“name”: “N2”,
“role”: “Viewer”
},
{
“orgId”: 1,
“name”: “XXXXX”,
“role”: “Viewer”
}
]
Folder that the user shall see.
api folders YjHQREIMz permissions
[
{
“folderId”: 12,
“created”: “2020-08-13T08:52:55+02:00”,
“updated”: “2020-08-13T08:52:55+02:00”,
“userId”: 0,
“userLogin”: “”,
“userEmail”: “”,
“userAvatarUrl”: “”,
“teamId”: 0,
“teamEmail”: “”,
“teamAvatarUrl”: “”,
“team”: “”,
“role”: “Editor”,
“permission”: 2,
“permissionName”: “Edit”,
“uid”: “YjHQREIMz”,
“title”: “N2”,
“slug”: “n2”,
“isFolder”: true,
“url”: “ dashboards f YjHQREIMz n2”,
“inherited”: false
},
{
“folderId”: 12,
“created”: “2020-08-13T08:52:55+02:00”,
“updated”: “2020-08-13T08:52:55+02:00”,
“userId”: 0,
“userLogin”: “”,
“userEmail”: “”,
“userAvatarUrl”: “”,
“teamId”: 0,
“teamEmail”: “”,
“teamAvatarUrl”: “”,
“team”: “”,
“role”: “Viewer”,
“permission”: 1,
“permissionName”: “View”,
“uid”: “YjHQREIMz”,
“title”: “N2”,
“slug”: “n2”,
“isFolder”: true,
“url”: “ dashboards f YjHQREIMz n2”,
“inherited”: false
},
{
“folderId”: 12,
“created”: “2020-08-13T08:52:55+02:00”,
“updated”: “2020-08-13T08:52:55+02:00”,
“userId”: 0,
“userLogin”: “”,
“userEmail”: “”,
“userAvatarUrl”: “”,
“teamId”: 1,
“teamEmail”: “[N2@test.com]”,
“teamAvatarUrl”: “ avatar c44a377efc08c4d1750a9bd0180ce720”,
“team”: “N2”,
“permission”: 4,
“permissionName”: “Admin”,
“uid”: “YjHQREIMz”,
“title”: “N2”,
“slug”: “n2”,
“isFolder”: true,
“url”: “/dashboards/f/YjHQREIMz/n2”,
“inherited”: false
}
]
api teams 1
{
“id”: 1,
“orgId”: 1,
“name”: “N2”,
“email”: “[N2@test.com]”,
“avatarUrl”: “avatar c44a377efc08c4d1750a9bd0180ce720”,
“memberCount”: 2,
“permission”: 0
}
