英文:
User Role in Grafana is reverting to Viewer
问题
描述
在Kubernetes中部署了Grafana v7.3.6,并集成了Azure AD以进行登录。
有一个用户最初被分配了Viewer角色,而且已经有一段时间了,我们决定将他分配为Editor或Admin角色,而不是Viewer。
从Grafana Web-UI更改权限如预期那样正常工作,但大约在7或10天后,它会恢复到Viewer状态。
PS. 我们的AzureAD专家表示,他已更新了与该用户相关的Azure配置/角色。
我尝试过的
- 我尝试了
Editor和Admin角色,但无论如何都会被还原。 - 我尝试重新启动Grafana POD(在更新角色后)并查看是否会导致权限被还原,但没有。
英文:
Description
Having Grafana v7.3.6 deployed in Kubernetes, and integrated with Azure AD for logging in.
There is a user that initially had the Viewer role assigned and it's been a while since we decided to assign him the Editor or Admin Role instead of Viewer.
Changing the permission from Grafana Web-UI works fine as expected, but after like 7 or 10 days, it reverts back to Viewer.
PS. Our AzureAD specialist stated that he has updated the Azure configs/roles relevant to that user.
What I have tried
- I have tried both
EditorandAdminroles but no matter what it is being reverted. - I have tried to restart the Grafana POD (After updating the Role) and see if it can cause the permissions to be reverted but it didn't.
答案1
得分: 1
这是正确的:
> 在每次登录时,用户组织角色将被重置以匹配AzureAD的应用程序角色,并且他们的组织成员身份将被重置为默认组织。
文档链接:https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/azuread/#map-roles
配置正确的角色映射,以便用户在AD中具有所需的角色。
或者跳过组织角色同步,并通过用户界面管理角色。
您的Grafana版本相当旧,因此您可能需要升级它以使用所有提到的Grafana Azure AD配置选项。
英文:
That's correct:
> On every login the user organization role will be reset to match AzureAD’s application role and their organization membership will be reset to the default organization.
Configure proper role mapping, so user will have desired role in the AD.
Or skip that org role sync and manage roles via UI.
You have quite old Grafana, so you may need to upgrade it to use all mentioned Grafana Azure AD config options.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论