Admin user can't do everything after upgrading to 11.2.0

Grafana Authentication
1

  • What Grafana version and what operating system are you using?
    CentOS Linux

  • What are you trying to achieve?
    Get full admin rights with the local admin account

  • How are you trying to achieve it?
    By logging in as the admin user

  • What happened?
    When trying to delete other orgs, I’m getting:

You'll need additional permissions to perform this action. Permissions needed: orgs:delete
  • What did you expect to happen?
    I expect to be able to do everything that the admin user should be able to do

So it looks like my local admin user lost its superuser ability after upgrading to 11.2.0 and maybe before that – it’s just that i’ve needed the admin user for a while. But what’s happening now is that I can’t for example delete an org (see message above).

The user has the Admin role. Has anyone run into this?

2

You need super admin

3

The account I’m talking about is already a super-admin.

4

Yeah, but error message is saying something different. How can you prove that account is super-admin (and not just admin)?

5

here’s what I see in grafana:

image
image807×610 27.2 KB

It says it’s a Grafana admin. But it’s assigned to only one org now. If I try to add it to another org, I get an error saying I don’t have enough privileges:

You'll need additional permissions to perform this action. Permissions needed: org.users:add

1 Like
6

My super-admin can create/delete orgs (11.2.0 started from the scratch):

image
image1757×1420 140 KB

7

Interesting, there was a thread from the Grafana team I came across that talked about a change that seems to be related to this. I will try to find it.

8

IMHO it make sense, you are not admin of org, so you can’t delete that org.

9

Ok, how do I add it as an admin to the other orgs now?

10

Log in as the super admin or use grafana API user management

11

I don’t have another super admin. That used to be it. Is there a way to create in the db manually?

12

This is kind of remotely similar to Error 'Permissions needed: dashboards:read' when switching from 8.X to 9.X for anonymous access · Issue #54974 · grafana/grafana · GitHub

13

Before tinkering with db, backup your db.

Spin up another grafana with SQLite backend, see what the users table and permissions look like, emulate data in your broken grafana

Not recommended to tinker with tables. Use API instead

How many dashboards do you have?

14

This is a dev instance of grafana, I could potentially just wipe and start from scratch. But would like to avoid that if possible. I like the sqlite idea. I will try that and report back. This may take a while though :slight_smile:

==================================
Quick update in case someone runs into this. The solution was to insert the missing records into the org_user table. In my case it was:

INSERT INTO org_user VALUES(nextval('org_user_id_seq'::regclass), <YOUR_ORG_ID>, <ADMIN_USER_ID>, 'Admin', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);

Once that was done, everything started working again.

1 Like
15

Just spin a new instance. Not worth tinkering in the db