Can't create new user programatically being a Grafana Admin

• What Grafana version and what operating system are you using?
  Grafana OSS

• What are you trying to achieve?

As a Grafana Admin

image602×127 4.32 KB

I am trying to create a new user from my app (using a Service Account token with an Admin role that I created as Grafana Admin). Here is the code:

      const createUserInGrafana = async (username: string, password: string, email: string) => {
      const grafanaApiUrl = 'https://grafana.mydomain.de';    
      const grafanaApiKey =  'glsa_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; 

      // User creation payload for Grafana
      const userPayload = {
        name: username,
        login: username,
        password: password,
        email: email,
        // orgId: link.orgId,  
        // role: 'Viewer'
      };

      
      try {
        // Sending the POST request to Grafana to create the user
        const response = await axios.post(`${grafanaApiUrl}/api/admin/users`, userPayload, {
          headers: {
            'Authorization': `Bearer ${grafanaApiKey}`,
            'Content-Type': 'application/json',
          },
        });

        console.log('Grafana user created:', response.data);
      } catch (error: unknown) {
        if (error instanceof Error) {
          // Ensure we check for AxiosError to access the `response` property
          if (error instanceof AxiosError) {
            console.error('Error creating user in Grafana:', error.response ? error.response.data : error.message);
          } else {
            console.error('Error creating user in Grafana:', error.message);
          }
        } else {
          console.error('An unknown error occurred:', error);
        }
      }
    };

    // Create the user in Grafana after MongoDB creation
    await createUserInGrafana(username, randomPassword, email);

Running the above I am getting this error:

Error creating user in Grafana: {
accessErrorId: ‘ACE3095890940’,
message: “You’ll need additional permissions to perform this action. Permissions needed: users:create”,
title: ‘Access denied’
}

Additionally, according to some advices from other forums I added in my grafana.ini file:

[rbac]
enabled = true

resources_with_managed_permissions_on_creation = dashboard,folder,service-account,datasource,user

[security]
admin_access_enabled = true

Also, logged in as Grafana Admin when I open https://grafana.mydomain.de/api/admin/users in browser I get {“message”:“Not found”}.

I’ve seen some people writing that adding users like that is only possible for Enterprise version, some said it works for OSS too, so I am not sure, it’s very confusing.
Any ideas on what I may be missing?

So according to this site you can’t use service account - those are organization based but you need grafana admin, so you’ll be probably better off doing a request like
https://user:password@grafana.domain/api/users. This site also doesn’t show the Post request to creating a user, so I’m not sure it’s possible. What is your use case? Why can’t users sign up on their own?

User is being invited to our app by other user via invitation link. When he registers with us I want to create a grafana account for a new user under the hood.

In general we display grafana panels to users in our app homepage after they log in with magic link, to avoid double login grafana login happens under the hood too. Our users don’t have much to do with grafana itself.
So, that’s the reason we need to somehow implement it like that.

usually when I do not see something in the doc, I go to network tab and create user via UI and see what grafana does under the hood

image1448×784 55.8 KB

image1141×202 17.4 KB

Then I go to the grafana api doc to see if I can find this POST api endpoint.

The other approach is (don’t try it I have) it to tap into the backend of grafana database