add action to manage grafana organization/team memberships of user
When a new thing is created, a Team and a Organization with name thing.project.name will also be created (if they don't yet exist).
The team will be added to Main Org. (orgId = 1).
Why Teams?
- Teams give the group members
Viewaccess to the automatically created dashboards that appear in the project folders. - Permission are granted on the project folders and not on the individual dashboards.
- The user can see all dashboards/folders that he as access to together in the Grafana
Main Org.
Why also Organizations?
- Users want to create, edit and share dashboards, i.e. have Role
Editor - Datasource permissions for Users/Teams can only be set in Grafana Enterprise.
- To ensure only authorized people get access to (read-only) datasource, we have to keep the datasources in separate organizations.
How does the User log in?
- via
Sign in with TSM-Frontendor Helmholtz-AAI, Oauth2 , ... on the Grafana login page- Organization/Team memberships are set by dispatcher action.
- IS FIXED: If user logs in to Grafana for the first time it will currently not work, as setting the memberships require the user to already exist in Grafana.
- Can be fixed by a retry on the dispatcher action if user does not yet exist.
- Organization/Team memberships are set by dispatcher action.
What does the User see?
- In Main Org:
- View all automatically created dashboards in their respective project folders.
- In each project Org.:
- View and edit all automatically created dashboards in the project folder
- Create new Folders and dashboards based on (read-only) project datasources
Optionally, a Project/Organization Admin could manually be set by the Grafana-Admin.
Related to tsm-orchestration!92 (merged)
Edited by Joost Hemmen