OnCall API Tokens: Permissions and TTL.

[omalko394]

What would you like to see!

Hello! One of our teams is interested in developing a scraper to collect and analyze data on incidents relevant to them. To implement this, they need access to Grafana OnCall API, which requires an API Token. As maintainers, our concern lies in issuing a token that provides unrestricted access to the entire organization's management systems. We are seeking a solution that offers tailored access, aligning with their specific requirements. This could involve defining permissions at various levels, such as reader, editor, or admin, and implementing an expiration date for the token to enhance security and control.

Product Area

Auth

Anything else to add?

We are using: Grafana OSS v9.5.7 Grafana OnCall OSS plugin and backend 1.3.81

[github-actions[bot]]

The current version of Grafana OnCall, at the time this issue was opened, is v1.3.99. If your issue pertains to an older version of Grafana OnCall, please be sure to list it in the PR description. Thank you :smile:!

[mderynck]

Currently the hope is to eventually replace OnCall API keys with Grafana Service Account tokens which already support TTL and fine grained permissions.

[KlavsKlavsen]

This would be really really nice. Having to give everyone 'admin' perms - just to see their own schedule or anything is really bad :(