Default role: admin

Issue: #4
- give OAuth users default Editor role
2026-04-18 23:09:41 +02:00 · 2026-04-18 23:07:04 +02:00 · 2026-04-18 19:56:46 +00:00
1 changed files with 13 additions and 1 deletions
@@ -22,4 +22,16 @@ GF_AUTH_GENERIC_OAUTH_LOGIN_ATTRIBUTE_PATH=preferred_username
 GF_AUTH_GENERIC_OAUTH_EMAIL_ATTRIBUTE_PATH=email

 # 4. Map the Name (optional, but good for profile)
-GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
+GF_AUTH_GENERIC_OAUTH_NAME_ATTRIBUTE_PATH=name
+
+# Example mapping: 
+# If 'groups' contains 'admin', make them 'Admin'. 
+# If 'groups' contains 'editor', make them 'Editor'. 
+# Otherwise, default to 'Viewer'.
+#GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH="contains(groups[*], 'admins') && 'Admin' || contains(groups[*], 'editor') && 'Editor' || 'Viewer'"
+# Sets the default role for ALL OAuth users
+GF_AUTH_GENERIC_OAUTH_AUTO_ASSIGN_ORG_ROLE=Admin
+GF_USERS_AUTO_ASSIGN_ORG_ROLE=Admin
+# Tell Grafana NOT to try and sync roles from the OIDC claims
+GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
+GF_LOG_LEVEL=debug
Author	SHA1	Message	Date
quangkhai	a33f86690f	Default role: admin	2026-04-18 23:09:41 +02:00
quangkhai	6dc458b168	Issue: #4 - give OAuth users default Editor role	2026-04-18 23:07:04 +02:00
quangkhai	c2e93355ec	Merge pull request 'feature/grafana_openid' (#1 ) from feature/grafana_openid into main Reviewed-on: #1	2026-04-18 19:56:46 +00:00