grafana-backup-tool icon indicating copy to clipboard operation
grafana-backup-tool copied to clipboard

Published 20 hours ago verified publisher icon ysde

dashboardApi/auth_check: verify against organization

Open xmj opened this issue 4 years ago • 6 comments

  • api keys endpoint require administrative rights, which we might not want to grant to backup users
  • hence, verify authentication against the org endpoint.

xmj avatar Sep 17 '20 05:09 xmj

@ysde Isn't administrative rights required for backups to work? Also it's noted in the README.

@xmj have you tested this change using a non-administrative key?

acjohnson avatar Sep 17 '20 14:09 acjohnson

@xmj It looks like datasources cannot be backed up or restored using a non-administrative key/token

acjohnson avatar Sep 17 '20 15:09 acjohnson

Hi @acjohnson Yes, grafana api required admin right to do backups.

ysde avatar Sep 22 '20 05:09 ysde

@ysde Ok I wouldn't recommend merging since it will cause an inconsistent experience

acjohnson avatar Sep 22 '20 15:09 acjohnson

Admin rights are not required to back up dashboards, which was my usecase.

Maybe verify against /org, and require additional rights (verify against /keys perhaps?) for datasource backups?

xmj avatar Sep 22 '20 15:09 xmj

Admin rights are not required to back up dashboards, which was my usecase.

Maybe verify against /org, and require additional rights (verify against /keys perhaps?) for datasource backups?

That could work. Will you be updating this PR to make it work this way?

acjohnson avatar Sep 22 '20 15:09 acjohnson

Closing as this would require more research/effort and has not been implemented in this branch

acjohnson avatar Jul 28 '23 02:07 acjohnson