Unable to create user via API

Grafana Configuration
1
  • What Grafana version and what operating system are you using?

9.5 grafana version and macos sonoma v14

  • What are you trying to achieve?

Create a user using API.

  • How are you trying to achieve it?
def create_new_user(self, user_template: dict) -> None:
        url = self.__GRAFANA_HOST + "/api/admin/users"
        headers = {
            "Content-Type": "application/json",
            "Authorization": "Bearer " + self.__GRAFANA_API_TOKEN,
        }
        try:
            LoggingUtils.do_log(
                "Creating New User On Grafana Using URL: " + url + " ,Headers: " + str(headers) +
                " And Payload: " + json.dumps(user_template)
            )
            response = requests.post(url=url, headers=headers, data=json.dumps(user_template))
            response_dict = json.loads(response.content.decode())
            
            if response.status_code in [200, 201]:
                return response_dict
            else:
                raise Exception("Error while creating a user in Grafana: " + response_dict["message"])
        except Exception as e:
            raise Exception("Error while creating a user in Grafana: " + str(e))
  • What happened?

Got an error

raise Exception("Error while creating a user in Grafana: " + str(e))
Exception: Error while creating a user in Grafana: Error while creating a user in Grafana: You'll need additional permissions to perform this action. Permissions needed: users:create
  • What did you expect to happen?

User created on grafana.

  • Can you copy/paste the configuration(s) that you are having problems with?

sent you above

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

no, only cli errorrs

  • Did you follow any online instructions? If so, what is the URL?

Create a user using api

Any help would be appreciated. We are using grafana 9.5 in django.

2

What role did you choose when you created your API key?

3

Admin

4

What did you specify as the “Time to live” for the api key?

5

6 months, It expires sometime next year.

6

image
image847×453 51.6 KB

7

Thanks, I tried this too:

curl -XPOST -H "Content-Type: application/json" -d '{
  "name":"User",
  "email":"user@graf.com",
  "login":"user",
  "password":"userpassword"
}' https://admin-usr:admin-pwd@grafana.<host>.in/api/admin/users

I got this:

{
"accessErrorId":"ACE7538001967",
"message":"You'll need additional permissions to perform this action. Permissions needed: users:create",
"title":"Access denied"
}```
8

I’m following this document now: Provisioning RBAC with Grafana | Grafana documentation

9

I’m using this script to create a user but all I get back is error:

import requests
import json

grafana_url = <host>
username = "admin"
password = "admin"

base_url = "https://{}:{}@{}".format(username, password, grafana_url)

data = {
  "name":"Viewer",
  "email":"viewer@email.com",
  "login":"viewer",
  "password":"viewer@123",
  "OrgId": 1
}


resp = requests.post(base_url + "/api/admin/users", json=data, verify=False)
data = resp.json()
print(data)

gives error:

{
'accessErrorId': 'ACE4367268460', 
'message': "You'll need additional permissions to perform this action. 
 Permissions needed: users:create", 
'title': 'Access denied'
}

Even with an admin user, I’m getting this error. Is this expected behaviour?
Folks, any help would be appreciated!

10

My API key does not seem to have the permissions to create a user. So, I edited etc/grafana/provisioning/access-control/sample.yaml

# ---
# # config file version
 apiVersion: 2

 # <list> list of roles to insert/update/delete
 roles:
   # <string, required> name of the role you want to create or update. Required.
   - name: 'custom:users:writer'
     # <string> uid of the role. Has to be unique for all orgs.
     uid: customuserswriter1
     # <string> description of the role, informative purpose only.
     description: 'Create, read, write users'
     # <int> version of the role, Grafana will update the role when increased.
     version: 2
     # <int> org id. Defaults to Grafana's default if not specified.
     orgId: 1
     # <list> list of the permissions granted by this role.
     permissions:
       # <string, required> action allowed.
       - action: 'users:read'
         #<string> scope it applies to.
         scope: 'global.users:*'
       - action: 'users:write'
         scope: 'global.users:*'
       - action: 'users:create'

After this, I sent a request to this endpoint:

curl -X POST https://<admin>:<admin-pwd>@<my-host>/api/admin/provisioning/access-control/reload 
-H "Accept: application/json" 
-H "Content-Type: application/json"

here is the response:

{"message":"Not found"}

Others work for example:

curl -X POST https://<admin>:<admin-pwd>@<my-host>/api/admin/provisioning/notifications/reload 
-H "Accept: application/json" 
-H "Content-Type: application/json"

{"message":"Notifications config reloaded"}

What am I doing incorrectly? Docs are very confusing, to be honest. This section: Admin HTTP API | Grafana documentation really needs an update. It never mentions what to do if things go wrong.