"Release: Updated versions in package to 9.0.8" (#476)

(cherry picked from commit a4f75cc0438712c90b02d24740416f8615e3a0cb)
(cherry picked from commit 6ec06f66b9)

.betterer.ts

@@ -1,5 +1,69 @@
 import { regexp } from '@betterer/regexp';
+import { BettererFileTest } from '@betterer/betterer';
+import { ESLint, Linter } from 'eslint';
+import { existsSync } from 'fs';
 
 export default {
   'no enzyme tests': () => regexp(/from 'enzyme'/g).include('**/*.test.*'),
+  'better eslint': () => countEslintErrors().include('**/*.{ts,tsx}'),
+  'no undocumented stories': () => countUndocumentedStories().include('**/*.story.tsx'),
 };
+
+function countUndocumentedStories() {
+  return new BettererFileTest(async (filePaths, fileTestResult) => {
+    filePaths.forEach((filePath) => {
+      if (!existsSync(filePath.replace(/\.story.tsx$/, '.mdx'))) {
+        // In this case the file contents don't matter:
+        const file = fileTestResult.addFile(filePath, '');
+        // Add the issue to the first character of the file:
+        file.addIssue(0, 0, 'No undocumented stories are allowed, please add an .mdx file with some documentation');
+      }
+    });
+  });
+}
+
+function countEslintErrors() {
+  return new BettererFileTest(async (filePaths, fileTestResult, resolver) => {
+    const { baseDirectory } = resolver;
+    const cli = new ESLint({ cwd: baseDirectory });
+
+    await Promise.all(
+      filePaths.map(async (filePath) => {
+        const linterOptions = (await cli.calculateConfigForFile(filePath)) as Linter.Config;
+
+        const rules: Partial<Linter.RulesRecord> = {
+          '@typescript-eslint/no-explicit-any': 'error',
+        };
+
+        if (!filePath.endsWith('.test.tsx') && !filePath.endsWith('.test.ts')) {
+          rules['@typescript-eslint/consistent-type-assertions'] = [
+            'error',
+            {
+              assertionStyle: 'never',
+            },
+          ];
+        }
+
+        const runner = new ESLint({
+          baseConfig: {
+            ...linterOptions,
+            rules,
+          },
+          useEslintrc: false,
+          cwd: baseDirectory,
+        });
+
+        const lintResults = await runner.lintFiles([filePath]);
+        lintResults
+          .filter((lintResult) => lintResult.source)
+          .forEach((lintResult) => {
+            const { messages } = lintResult;
+            const file = fileTestResult.addFile(filePath, '');
+            messages.forEach((message, index) => {
+              file.addIssue(0, 0, message.message, `${index}`);
+            });
+          });
+      })
+    );
+  });
+}

.bingo/.gitignore

@@ -5,6 +5,7 @@
 # But not these files:
 !.gitignore
 !*.mod
+!*.sum
 !README.md
 !Variables.mk
 !variables.env

.bingo/Variables.mk

@@ -1,4 +1,4 @@
-# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.5.1. DO NOT EDIT.
+# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.6. DO NOT EDIT.
 # All tools are designed to be build inside $GOBIN.
 BINGO_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
 GOPATH ?= $(shell go env GOPATH)
@@ -17,11 +17,11 @@ GO     ?= $(shell which go)
 #	@echo "Running drone"
 #	@$(DRONE) <flags/args..>
 #
-DRONE := $(GOBIN)/drone-v1.4.0
+DRONE := $(GOBIN)/drone-v1.5.0
 $(DRONE): $(BINGO_DIR)/drone.mod
 	@# Install binary/ries using Go 1.14+ build command. This is using bwplotka/bingo-controlled, separate go module with pinned dependencies.
-	@echo "(re)installing $(GOBIN)/drone-v1.4.0"
-	@cd $(BINGO_DIR) && $(GO) build -mod=mod -modfile=drone.mod -o=$(GOBIN)/drone-v1.4.0 "github.com/drone/drone-cli/drone"
+	@echo "(re)installing $(GOBIN)/drone-v1.5.0"
+	@cd $(BINGO_DIR) && $(GO) build -mod=mod -modfile=drone.mod -o=$(GOBIN)/drone-v1.5.0 "github.com/drone/drone-cli/drone"
 
 WIRE := $(GOBIN)/wire-v0.5.0
 $(WIRE): $(BINGO_DIR)/wire.mod

.bingo/drone.mod

@@ -4,4 +4,4 @@ go 1.17
 
 replace github.com/docker/docker => github.com/docker/engine v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible
 
-require github.com/drone/drone-cli v1.4.0 // drone
+require github.com/drone/drone-cli v1.5.0 // drone

.bingo/variables.env

@@ -1,4 +1,4 @@
-# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.5.1. DO NOT EDIT.
+# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.6. DO NOT EDIT.
 # All tools are designed to be build inside $GOBIN.
 # Those variables will work only until 'bingo get' was invoked, or if tools were installed via Makefile's Variables.mk.
 GOBIN=${GOBIN:=$(go env GOBIN)}
@@ -8,7 +8,7 @@ if [ -z "$GOBIN" ]; then
 fi
 
 
-DRONE="${GOBIN}/drone-v1.4.0"
+DRONE="${GOBIN}/drone-v1.5.0"
 
 WIRE="${GOBIN}/wire-v0.5.0"
 

.github/workflows/cloud-data-sources-code-coverage.yml

@@ -14,4 +14,7 @@ on:
 
 jobs:
   workflow-call:
-    uses: grafana/code-coverage/.github/workflows/code-coverage.yml@v0.1.2
+    uses: grafana/code-coverage/.github/workflows/code-coverage.yml@v0.1.6
+    with:
+      frontend-path-regexp: public\/app\/plugins\/datasource\/(grafana-azure-monitor-datasource|cloud-monitoring|cloudwatch)
+      backend-path-regexp: pkg\/tsdb\/(azuremonitor|cloudmonitoring|cloudwatch)

.github/workflows/detect-breaking-changes-build.yml

@@ -15,6 +15,10 @@ jobs:
       with: 
         path: './pr'
 
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
     - name: Get yarn cache directory path
       id: yarn-cache-dir-path
       run: echo "::set-output name=dir::$(yarn config get cacheFolder)"
@@ -56,6 +60,10 @@ jobs:
         path: './base'
         ref: ${{ github.event.pull_request.base.ref }}
 
+    - uses: actions/setup-node@v3
+      with:
+        node-version: 16.16.0
+
     - name: Get yarn cache directory path
       id: yarn-cache-dir-path
       run: echo "::set-output name=dir::$(yarn config get cacheFolder)"

.github/workflows/doc-validator.yml

@@ -0,0 +1,16 @@
+name: "doc-validator"
+on:
+  pull_request:
+    paths: ["docs/sources/**"]
+  workflow_dispatch:
+jobs:
+  doc-validator:
+    runs-on: "ubuntu-latest"
+    container:
+      image: "grafana/doc-validator:latest"
+    steps:
+      - name: "Checkout code"
+        uses: "actions/checkout@v3"
+      - name: "Run doc-validator tool"
+        # Ensure that the CI always passes until all errors are resolved.
+        run: "doc-validator ./docs/sources || true"

.github/workflows/publish.yml

@@ -3,7 +3,7 @@ name: publish_docs
 on:
   push:
     branches:
-    - main
+    - v9.0.x
     paths:
     - 'docs/sources/**'
     - 'packages/grafana-*/**'
@@ -41,7 +41,7 @@ jobs:
         host: github.com
         github_pat: '${{ secrets.GH_BOT_ACCESS_TOKEN }}'
         source_folder: docs/sources
-        target_folder: content/docs/grafana/next
+        target_folder: content/docs/grafana/v9.0
         allow_no_changes: 'true'
     - shell: bash
       run: |

.gitignore

@@ -165,3 +165,4 @@ public/locales/**/*.js
 
 deployment_tools_config.json
 
+.betterer.cache

CHANGELOG.md

@@ -1,3 +1,785 @@
+<!-- 9.0.7 START -->
+
+# 9.0.7 (2022-08-10)
+
+### Features and enhancements
+
+- **CloudMonitoring:** Remove link setting for SLO queries. [#53031](https://github.com/grafana/grafana/pull/53031), [@andresmgot](https://github.com/andresmgot)
+
+### Bug fixes
+
+- **GrafanaUI:** Render PageToolbar's leftItems regardless of title's presence. [#53285](https://github.com/grafana/grafana/pull/53285), [@Elfo404](https://github.com/Elfo404)
+
+<!-- 9.0.7 END -->
+<!-- 9.0.6 START -->
+
+# 9.0.6 (2022-08-01)
+
+### Features and enhancements
+
+- **Access Control:** Allow org admins to invite new users to their organization. [#52904](https://github.com/grafana/grafana/pull/52904), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+
+### Bug fixes
+
+- **Grafana/toolkit:** Fix incorrect image and font generation for plugin builds. [#52927](https://github.com/grafana/grafana/pull/52927), [@academo](https://github.com/academo)
+- **Prometheus:** Fix adding of multiple values for regex operator. [#52978](https://github.com/grafana/grafana/pull/52978), [@ivanahuckova](https://github.com/ivanahuckova)
+- **UI/Card:** Fix card items always having pointer cursor. [#52809](https://github.com/grafana/grafana/pull/52809), [@gillesdemey](https://github.com/gillesdemey)
+
+<!-- 9.0.6 END -->
+<!-- 9.0.5 START -->
+
+# 9.0.5 (2022-07-26)
+
+### Features and enhancements
+
+- **Access control:** Show dashboard settings to users who can edit dashboard. [#52535](https://github.com/grafana/grafana/pull/52535), [@grafanabot](https://github.com/grafanabot)
+- **Alerting:** Allow the webhook notifier to support a custom Authorization header. [#52515](https://github.com/grafana/grafana/pull/52515), [@gotjosh](https://github.com/gotjosh)
+- **Chore:** Upgrade to Go version 1.17.12. [#52523](https://github.com/grafana/grafana/pull/52523), [@sakjur](https://github.com/sakjur)
+- **Plugins:** Add signature wildcard globbing for dedicated private plugin type. [#52163](https://github.com/grafana/grafana/pull/52163), [@wbrowne](https://github.com/wbrowne)
+- **Prometheus:** Don't show errors from unsuccessful API checks like rules or exemplar checks. [#52193](https://github.com/grafana/grafana/pull/52193), [@darrenjaneczek](https://github.com/darrenjaneczek)
+
+### Bug fixes
+
+- **Access control:** Allow organisation admins to add existing users to org (#51668). [#52553](https://github.com/grafana/grafana/pull/52553), [@vtorosyan](https://github.com/vtorosyan)
+- **Alerting:** Fix alert panel instance-based rules filtering. [#52583](https://github.com/grafana/grafana/pull/52583), [@konrad147](https://github.com/konrad147)
+- **Apps:** Fixes navigation between different app plugin pages. [#52571](https://github.com/grafana/grafana/pull/52571), [@torkelo](https://github.com/torkelo)
+- **Cloudwatch:** Upgrade grafana-aws-sdk to fix auth issue with secret keys. [#52420](https://github.com/grafana/grafana/pull/52420), [@sarahzinger](https://github.com/sarahzinger)
+- **Grafana/toolkit:** Fix incorrect image and font generation for plugin builds. [#52661](https://github.com/grafana/grafana/pull/52661), [@academo](https://github.com/academo)
+- **Loki:** Fix `show context` not working in some occasions. [#52458](https://github.com/grafana/grafana/pull/52458), [@svennergr](https://github.com/svennergr)
+- **RBAC:** Fix permissions on dashboards and folders created by anonymous users. [#52615](https://github.com/grafana/grafana/pull/52615), [@gamab](https://github.com/gamab)
+
+<!-- 9.0.5 END -->
+<!-- 9.0.4 START -->
+
+# 9.0.4 (2022-07-20)
+
+### Features and enhancements
+
+- **Browse/Search:** Make browser back work properly when visiting Browse or search. [#52271](https://github.com/grafana/grafana/pull/52271), [@torkelo](https://github.com/torkelo)
+- **Logs:** Improve getLogRowContext API. [#52130](https://github.com/grafana/grafana/pull/52130), [@gabor](https://github.com/gabor)
+- **Loki:** Improve handling of empty responses. [#52397](https://github.com/grafana/grafana/pull/52397), [@gabor](https://github.com/gabor)
+- **Plugins:** Always validate root URL if specified in signature manfiest. [#52332](https://github.com/grafana/grafana/pull/52332), [@wbrowne](https://github.com/wbrowne)
+- **Preferences:** Get home dashboard from teams. [#52225](https://github.com/grafana/grafana/pull/52225), [@sakjur](https://github.com/sakjur)
+- **SQLStore:** Support Upserting multiple rows. [#52228](https://github.com/grafana/grafana/pull/52228), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Traces:** Add more template variables in Tempo & Zipkin. [#52306](https://github.com/grafana/grafana/pull/52306), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Remove serviceMap feature flag. [#52375](https://github.com/grafana/grafana/pull/52375), [@joey-grafana](https://github.com/joey-grafana)
+
+### Bug fixes
+
+- **Access Control:** Fix missing folder permissions. [#52410](https://github.com/grafana/grafana/pull/52410), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access control:** Fix org user removal for OSS users. [#52473](https://github.com/grafana/grafana/pull/52473), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Fix Slack notification preview. [#50230](https://github.com/grafana/grafana/pull/50230), [@ekrucio](https://github.com/ekrucio)
+- **Alerting:** Fix Slack push notifications. [#52391](https://github.com/grafana/grafana/pull/52391), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fixes slack push notifications. [#50267](https://github.com/grafana/grafana/pull/50267), [@jgillick](https://github.com/jgillick)
+- **Alerting:** Preserve new-lines from custom email templates in rendered email. [#52253](https://github.com/grafana/grafana/pull/52253), [@alexweav](https://github.com/alexweav)
+- **Insights:** Fix dashboard and data source insights pages. (Enterprise)
+- **Log:** Fix text logging for unsupported types. [#51306](https://github.com/grafana/grafana/pull/51306), [@papagian](https://github.com/papagian)
+- **Loki:** Fix incorrect TopK value type in query builder. [#52226](https://github.com/grafana/grafana/pull/52226), [@ivanahuckova](https://github.com/ivanahuckova)
+
+<!-- 9.0.4 END -->
+<!-- 9.0.3 START -->
+
+# 9.0.3 (2022-07-14)
+
+### Features and enhancements
+
+- **Access Control:** Allow dashboard admins to query org users. [#51652](https://github.com/grafana/grafana/pull/51652), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Access control:** Allow organisation admins to add existing users to org. [#51668](https://github.com/grafana/grafana/pull/51668), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Add method to provisioning API for obtaining a group and its rules. [#51761](https://github.com/grafana/grafana/pull/51761), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Add method to provisioning API for obtaining a group and its rules. [#51398](https://github.com/grafana/grafana/pull/51398), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Allow filtering of contact points by name. [#51933](https://github.com/grafana/grafana/pull/51933), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Disable /api/admin/pause-all-alerts with Unified Alerting. [#51895](https://github.com/grafana/grafana/pull/51895), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Analytics:** Add total queries and cached queries in usage insights logs. (Enterprise)
+- **Annotations:** Use point marker for short time range annotations. [#51520](https://github.com/grafana/grafana/pull/51520), [@codeincarnate](https://github.com/codeincarnate)
+- **AzureMonitor:** Update UI to experimental package. [#52123](https://github.com/grafana/grafana/pull/52123), [@asimpson](https://github.com/asimpson)
+- **AzureMonitor:** Update resource and namespace metadata. [#52030](https://github.com/grafana/grafana/pull/52030), [@despian](https://github.com/despian)
+- **CloudWatch:** Remove simplejson in favor of 'encoding/json'. [#51062](https://github.com/grafana/grafana/pull/51062), [@asimpson](https://github.com/asimpson)
+- **DashboardRow:** Collapse shortcut prevent to move the collapsed rows. [#51589](https://github.com/grafana/grafana/pull/51589), [@ivanortegaalba](https://github.com/ivanortegaalba)
+- **Insights:** Add dashboard UID to exported logs. (Enterprise)
+- **Navigation:** Highlight active nav item when Grafana is served from subpath. [#51767](https://github.com/grafana/grafana/pull/51767), [@kianelbo](https://github.com/kianelbo)
+- **Plugins:** InfluxDB datasource - set epoch query param value as "ms". [#51651](https://github.com/grafana/grafana/pull/51651), [@itsmylife](https://github.com/itsmylife)
+- **Plugins:** InfluxDB update time range query. [#51833](https://github.com/grafana/grafana/pull/51833), [@itsmylife](https://github.com/itsmylife)
+- **StateTimeline:** Try to sort time field. [#51569](https://github.com/grafana/grafana/pull/51569), [@zoltanbedi](https://github.com/zoltanbedi)
+
+### Bug fixes
+
+- **API:** Do not validate/save legacy alerts when saving a dashboard if legacy alerting is disabled. [#51883](https://github.com/grafana/grafana/pull/51883), [@papagian](https://github.com/papagian)
+- **Access Control:** Fix missing folder permissions. [#52153](https://github.com/grafana/grafana/pull/52153), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **Alerting:** Add method to reset notification policy tree back to the default. [#51934](https://github.com/grafana/grafana/pull/51934), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Fix Teams notifier not failing on 200 response with error. [#52254](https://github.com/grafana/grafana/pull/52254), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Fix bug where state did not change between Alerting and Error. [#52204](https://github.com/grafana/grafana/pull/52204), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Fix consistency errors in OpenAPI documentation. [#51935](https://github.com/grafana/grafana/pull/51935), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Fix normalization of alert states for panel annotations. [#51637](https://github.com/grafana/grafana/pull/51637), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Provisioning API respects global rule quota. [#52180](https://github.com/grafana/grafana/pull/52180), [@alexweav](https://github.com/alexweav)
+- **CSRF:** Fix additional headers option. [#50629](https://github.com/grafana/grafana/pull/50629), [@sakjur](https://github.com/sakjur)
+- **Chore:** Bump parse-url to 6.0.2 to fix security vulnerabilities. [#51796](https://github.com/grafana/grafana/pull/51796), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2020-7753. [#51752](https://github.com/grafana/grafana/pull/51752), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-3807. [#51753](https://github.com/grafana/grafana/pull/51753), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-3918. [#51745](https://github.com/grafana/grafana/pull/51745), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2021-43138. [#51751](https://github.com/grafana/grafana/pull/51751), [@jackw](https://github.com/jackw)
+- **Chore:** Fix CVE-2022-0155. [#51755](https://github.com/grafana/grafana/pull/51755), [@jackw](https://github.com/jackw)
+- **Custom Branding:** Fix login logo size. (Enterprise)
+- **Dashboard:** Fixes tooltip issue with TimePicker and Setting buttons. [#51836](https://github.com/grafana/grafana/pull/51836), [@torkelo](https://github.com/torkelo)
+- **Dashboard:** Prevent unnecessary scrollbar when viewing single panel. [#52122](https://github.com/grafana/grafana/pull/52122), [@lpskdl](https://github.com/lpskdl)
+- **Logs:** Fixed wrapping log lines from detected fields. [#52108](https://github.com/grafana/grafana/pull/52108), [@svennergr](https://github.com/svennergr)
+- **Loki:** Add missing operators in label filter expression. [#51880](https://github.com/grafana/grafana/pull/51880), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix error when changing operations with different parameters. [#51779](https://github.com/grafana/grafana/pull/51779), [@svennergr](https://github.com/svennergr)
+- **Loki:** Fix suggesting of correct operations in query builder. [#52034](https://github.com/grafana/grafana/pull/52034), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Plugins:** InfluxDB variable interpolation fix. [#51917](https://github.com/grafana/grafana/pull/51917), [@itsmylife](https://github.com/itsmylife)
+- **Plugins:** InfluxDB variable interpolation fix for influxdbBackendMigration feature flag. [#51624](https://github.com/grafana/grafana/pull/51624), [@itsmylife](https://github.com/itsmylife)
+- **Reports:** Fix line breaks in message. (Enterprise)
+- **Reports:** Fix saving report formats. (Enterprise)
+- **SQLstore:** Fix fetching an inexistent playlist. [#51962](https://github.com/grafana/grafana/pull/51962), [@papagian](https://github.com/papagian)
+- **Security:** Fixes for CVE-2022-31107 and CVE-2022-31097. [#52279](https://github.com/grafana/grafana/pull/52279), [@kminehart](https://github.com/kminehart)
+- **Snapshots:** Fix deleting external snapshots when using RBAC. [#51897](https://github.com/grafana/grafana/pull/51897), [@idafurjes](https://github.com/idafurjes)
+- **Table:** Fix scrollbar being hidden by pagination. [#51501](https://github.com/grafana/grafana/pull/51501), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Templating:** Changing between variables with the same name now correctly triggers a dashboard refresh. [#51490](https://github.com/grafana/grafana/pull/51490), [@ashharrison90](https://github.com/ashharrison90)
+- **Time series panel:** Fix an issue with stacks being not complete due to the incorrect data frame length. [#51910](https://github.com/grafana/grafana/pull/51910), [@dprokop](https://github.com/dprokop)
+- **[v9.0.x] Snapshots:** Fix deleting external snapshots when using RBAC (#51897). [#51904](https://github.com/grafana/grafana/pull/51904), [@idafurjes](https://github.com/idafurjes)
+
+<!-- 9.0.3 END -->
+<!-- 9.0.2 START -->
+
+# 9.0.2 (2022-06-28)
+
+### Features and enhancements
+
+- **Alerting:** Add support for images in Pushover alerts. [#51372](https://github.com/grafana/grafana/pull/51372), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Don't stop the migration when alert rule tags are invalid. [#51253](https://github.com/grafana/grafana/pull/51253), [@gotjosh](https://github.com/gotjosh)
+- **Alerting:** Don't stop the migration when alert rule tags are invalid (…. [#51341](https://github.com/grafana/grafana/pull/51341), [@gotjosh](https://github.com/gotjosh)
+- **Alerting:** Skip the default data source if incompatible. [#51452](https://github.com/grafana/grafana/pull/51452), [@gillesdemey](https://github.com/gillesdemey)
+- **AzureMonitor:** Parse non-fatal errors for Logs. [#51320](https://github.com/grafana/grafana/pull/51320), [@andresmgot](https://github.com/andresmgot)
+- **OAuth:** Restore debug log behavior. [#51244](https://github.com/grafana/grafana/pull/51244), [@Jguer](https://github.com/Jguer)
+- **Plugins:** Improved handling of symlinks. [#51324](https://github.com/grafana/grafana/pull/51324), [@marefr](https://github.com/marefr)
+
+### Bug fixes
+
+- **Alerting:** Code-gen parsing of URL parameters and fix related bugs. [#51353](https://github.com/grafana/grafana/pull/51353), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Code-gen parsing of URL parameters and fix related bugs. [#50731](https://github.com/grafana/grafana/pull/50731), [@alexweav](https://github.com/alexweav)
+- **Annotations:** Fix annotation autocomplete causing panels to crash. [#51164](https://github.com/grafana/grafana/pull/51164), [@ashharrison90](https://github.com/ashharrison90)
+- **Barchart:** Fix warning not showing. [#51190](https://github.com/grafana/grafana/pull/51190), [@joshhunt](https://github.com/joshhunt)
+- **CloudWatch:** Enable custom session duration in AWS plugin auth. [#51322](https://github.com/grafana/grafana/pull/51322), [@sunker](https://github.com/sunker)
+- **Dashboards:** Fixes issue with the initial panel layout counting as an unsaved change. [#51315](https://github.com/grafana/grafana/pull/51315), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **Plugins:** Use a Grafana specific SDK logger implementation for core plugins. [#51229](https://github.com/grafana/grafana/pull/51229), [@marefr](https://github.com/marefr)
+- **Search:** Fix pagination in the new search page. [#51366](https://github.com/grafana/grafana/pull/51366), [@ArturWierzbicki](https://github.com/ArturWierzbicki)
+
+<!-- 9.0.2 END -->
+<!-- 9.0.1 START -->
+
+# 9.0.1 (2022-06-21)
+
+### Features and enhancements
+
+- **Alerting:** Add support for image annotation in Alertmanager alerts. [#50686](https://github.com/grafana/grafana/pull/50686), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Add support for images in SensuGo alerts. [#50718](https://github.com/grafana/grafana/pull/50718), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Add support for images in Threema alerts. [#50734](https://github.com/grafana/grafana/pull/50734), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Adds Mimir to Alertmanager data source implementation. [#50943](https://github.com/grafana/grafana/pull/50943), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Invalid setting of enabled for unified alerting should return error. [#49876](https://github.com/grafana/grafana/pull/49876), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **AzureMonitor:** Clean namespace when changing the resource. [#50311](https://github.com/grafana/grafana/pull/50311), [@andresmgot](https://github.com/andresmgot)
+- **AzureMonitor:** Update supported namespaces and filter resources by the right type. [#50788](https://github.com/grafana/grafana/pull/50788), [@andresmgot](https://github.com/andresmgot)
+- **CLI:** Allow relative symlinks in zip archives when installing plugins. [#50537](https://github.com/grafana/grafana/pull/50537), [@marefr](https://github.com/marefr)
+- **Dashboard:** Don't show unsaved changes modal for automatic schema changes. [#50822](https://github.com/grafana/grafana/pull/50822), [@torkelo](https://github.com/torkelo)
+- **Dashboard:** Unsaved changes warning should not trigger when only pluginVersion has changed. [#50677](https://github.com/grafana/grafana/pull/50677), [@torkelo](https://github.com/torkelo)
+- **Expression:** Execute hidden expressions. [#50636](https://github.com/grafana/grafana/pull/50636), [@yesoreyeram](https://github.com/yesoreyeram)
+- **Geomap:** Support showing tooltip content on click (not just hover). [#50985](https://github.com/grafana/grafana/pull/50985), [@ryantxu](https://github.com/ryantxu)
+- **Heatmap:** Remove alpha flag from new heatmap panel. [#50733](https://github.com/grafana/grafana/pull/50733), [@ryantxu](https://github.com/ryantxu)
+- **Instrumentation:** Define handlers for requests that are not handled with named handlers. [#50613](https://github.com/grafana/grafana/pull/50613), [@bergquist](https://github.com/bergquist)
+- **Log Panel:** Improve log row hover contrast and visibility. [#50908](https://github.com/grafana/grafana/pull/50908), [@Seyaji](https://github.com/Seyaji)
+- **Logs:** Handle backend-mode errors in histogram. [#50535](https://github.com/grafana/grafana/pull/50535), [@gabor](https://github.com/gabor)
+- **Loki:** Do not show histogram for instant queries. [#50711](https://github.com/grafana/grafana/pull/50711), [@gabor](https://github.com/gabor)
+- **Loki:** Handle data source configs with path in the url. [#50971](https://github.com/grafana/grafana/pull/50971), [@gabor](https://github.com/gabor)
+- **Loki:** Handle invalid query type values. [#50755](https://github.com/grafana/grafana/pull/50755), [@gabor](https://github.com/gabor)
+- **OAuth:** Redirect to login if no oauth module is found or if module is not configured. [#50661](https://github.com/grafana/grafana/pull/50661), [@kalleep](https://github.com/kalleep)
+- **OptionsUI:** Move internal options editors out of @grafana/ui. [#50739](https://github.com/grafana/grafana/pull/50739), [@ryantxu](https://github.com/ryantxu)
+- **Prometheus:** Don't show undefined for step in collapsed options in query editor when value is "auto". [#50511](https://github.com/grafana/grafana/pull/50511), [@aocenas](https://github.com/aocenas)
+- **Prometheus:** Show query patterns in all editor modes for Prometheus and Loki. [#50263](https://github.com/grafana/grafana/pull/50263), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Tempo:** Add link to Tempo Search with node service selected. [#49776](https://github.com/grafana/grafana/pull/49776), [@joey-grafana](https://github.com/joey-grafana)
+- **Time Series Panel:** Add Null Filling and "No Value" Support. [#50907](https://github.com/grafana/grafana/pull/50907), [@codeincarnate](https://github.com/codeincarnate)
+- **TimeSeries:** Add an option to set legend width. [#49126](https://github.com/grafana/grafana/pull/49126), [@bobrik](https://github.com/bobrik)
+- **Timeseries:** Improve cursor Y sync behavior. [#50740](https://github.com/grafana/grafana/pull/50740), [@ryantxu](https://github.com/ryantxu)
+- **Traces:** Do not use red in span colors as this looks like an error. [#50074](https://github.com/grafana/grafana/pull/50074), [@joey-grafana](https://github.com/joey-grafana)
+
+### Bug fixes
+
+- **Alerting:** Fix AM config overwrite when SQLite db is locked during sync. [#50951](https://github.com/grafana/grafana/pull/50951), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Fix alert instances filtering for prom rules. [#50850](https://github.com/grafana/grafana/pull/50850), [@konrad147](https://github.com/konrad147)
+- **Alerting:** Fix alert rule page crashing when datasource contained URL unsafe characters. [#51105](https://github.com/grafana/grafana/pull/51105), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Fix automatically select newly created folder option. [#50949](https://github.com/grafana/grafana/pull/50949), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Fix removal of notification policy without labels matchers. [#50678](https://github.com/grafana/grafana/pull/50678), [@konrad147](https://github.com/konrad147)
+- **CloudWatch:** Allow hidden queries to be executed in case an ID is provided. [#50987](https://github.com/grafana/grafana/pull/50987), [@sunker](https://github.com/sunker)
+- **Dashboard:** Prevent non-repeating panels being dropped from repeated rows when collapsed/expanded. [#50764](https://github.com/grafana/grafana/pull/50764), [@ashharrison90](https://github.com/ashharrison90)
+- **Dashboards:** Fix folder picker not showing correct results when typing too fast. [#50303](https://github.com/grafana/grafana/pull/50303), [@joshhunt](https://github.com/joshhunt)
+- **Datasource:** Prevent panic when proxying for non-existing data source. [#50667](https://github.com/grafana/grafana/pull/50667), [@wbrowne](https://github.com/wbrowne)
+- **Explore:** Fix log context scroll to bottom. [#50600](https://github.com/grafana/grafana/pull/50600), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Explore:** Revert "Remove support for compact format URLs (#49350)". [#50873](https://github.com/grafana/grafana/pull/50873), [@gelicia](https://github.com/gelicia)
+- **Expressions:** Fixes dashboard schema migration issue that casued Expression datasource to be set on panel level. [#50945](https://github.com/grafana/grafana/pull/50945), [@torkelo](https://github.com/torkelo)
+- **Formatting:** Fixes valueFormats for a value of 0. [#50719](https://github.com/grafana/grafana/pull/50719), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **GrafanaData:** Fix week start for non-English browsers. [#50582](https://github.com/grafana/grafana/pull/50582), [@AgnesToulet](https://github.com/AgnesToulet)
+- **LibraryPanel:** Resizing a library panel to 6x3 no longer crashes the dashboard on startup. [#50400](https://github.com/grafana/grafana/pull/50400), [@ashharrison90](https://github.com/ashharrison90)
+- **LogRow:** Fix placement of icon. [#51010](https://github.com/grafana/grafana/pull/51010), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix bug in labels framing. [#51015](https://github.com/grafana/grafana/pull/51015), [@gabor](https://github.com/gabor)
+- **Loki:** Fix issues with using query patterns. [#50414](https://github.com/grafana/grafana/pull/50414), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Fix showing of duplicated label values in dropdown in query builder. [#50680](https://github.com/grafana/grafana/pull/50680), [@ivanahuckova](https://github.com/ivanahuckova)
+- **MSSQL:** Fix ParseFloat error. [#50815](https://github.com/grafana/grafana/pull/50815), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Panels:** Fixes issue with showing 'Cannot visualize data' when query returned 0 rows. [#50485](https://github.com/grafana/grafana/pull/50485), [@torkelo](https://github.com/torkelo)
+- **Playlists:** Disable Create Playlist buttons for users with viewer role. [#50840](https://github.com/grafana/grafana/pull/50840), [@asymness](https://github.com/asymness)
+- **Plugins:** Fix typo in plugin data frames documentation. [#50554](https://github.com/grafana/grafana/pull/50554), [@osisoft-mbishop](https://github.com/osisoft-mbishop)
+- **Prometheus:** Fix body not being included in resource calls if they are POST. [#50833](https://github.com/grafana/grafana/pull/50833), [@aocenas](https://github.com/aocenas)
+- **RolePicker:** Fix submenu position on horizontal space overflow. [#50769](https://github.com/grafana/grafana/pull/50769), [@Clarity-89](https://github.com/Clarity-89)
+- **Tracing:** Fix trace links in traces panel. [#50028](https://github.com/grafana/grafana/pull/50028), [@connorlindsey](https://github.com/connorlindsey)
+
+### Deprecations
+
+Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation.
+
+You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=["now-1h","now"...]`. The standard explore URLs follow a key/value pattern, for example `&left={"datasource":"test"...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. Issue [#50873](https://github.com/grafana/grafana/issues/50873)
+
+<!-- 9.0.1 END -->
+<!-- 9.0.0 START -->
+
+# 9.0.0 (2022-06-10)
+
+### Features and enhancements
+
+- **API:** Add GET /api/annotations/:annotationId endpoint. [#47739](https://github.com/grafana/grafana/pull/47739), [@scottbock](https://github.com/scottbock)
+- **API:** Add endpoint for updating a data source by its UID. [#49396](https://github.com/grafana/grafana/pull/49396), [@papagian](https://github.com/papagian)
+- **AccessControl:** Add enterprise only setting for rbac permission cache. [#49006](https://github.com/grafana/grafana/pull/49006), [@kalleep](https://github.com/kalleep)
+- **AccessControl:** Document basic roles changes and provisioning V2. [#48910](https://github.com/grafana/grafana/pull/48910), [@gamab](https://github.com/gamab)
+- **AccessControl:** Enable RBAC by default. [#48813](https://github.com/grafana/grafana/pull/48813), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **AddDataSourceConfig:** Remove deprecated checkHealth prop. [#50296](https://github.com/grafana/grafana/pull/50296), [@kaydelaney](https://github.com/kaydelaney)
+- **Alerting:** Add Image URLs to Microsoft Teams notifier. [#49385](https://github.com/grafana/grafana/pull/49385), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Add RBAC actions and role for provisioning API routes. [#50459](https://github.com/grafana/grafana/pull/50459), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Add Screenshot URLs to Pagerduty Notifier. [#49377](https://github.com/grafana/grafana/pull/49377), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Add a "Reason" to Alert Instances to show underlying cause of state. [#49259](https://github.com/grafana/grafana/pull/49259), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Add a general screenshot service and alerting-specific image service. [#49293](https://github.com/grafana/grafana/pull/49293), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Add image url or file attachment to email notifications. [#49381](https://github.com/grafana/grafana/pull/49381), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Add image_urls to OpsGenie notification details. [#49379](https://github.com/grafana/grafana/pull/49379), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Add notification policy flow chart. [#49405](https://github.com/grafana/grafana/pull/49405), [@peterholmberg](https://github.com/peterholmberg)
+- **Alerting:** Attach image URL to alerts in Webhook notifier format. [#49378](https://github.com/grafana/grafana/pull/49378), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Attach image URLs or upload files to Discord notifications. [#49439](https://github.com/grafana/grafana/pull/49439), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Attach image URLs to Google Chat notifications. [#49445](https://github.com/grafana/grafana/pull/49445), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Attach screenshot data to Unified Alerting notifications. [#49374](https://github.com/grafana/grafana/pull/49374), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Create folder for alerting when start from the scratch. [#48866](https://github.com/grafana/grafana/pull/48866), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Modify alertmanager endpoints for proxying using the datasource UID. [#47978](https://github.com/grafana/grafana/pull/47978), [@papagian](https://github.com/papagian)
+- **Alerting:** Modify endpoint for testing a datasource rule using the UID. [#48070](https://github.com/grafana/grafana/pull/48070), [@papagian](https://github.com/papagian)
+- **Alerting:** Modify prometheus endpoints for proxying using the datasource UID. [#48052](https://github.com/grafana/grafana/pull/48052), [@papagian](https://github.com/papagian)
+- **Alerting:** State Manager takes screenshots. [#49338](https://github.com/grafana/grafana/pull/49338), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Use UID scope for folders authorization. [#48970](https://github.com/grafana/grafana/pull/48970), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** modify ruler endpoints for proxying using the datasource UID. [#48046](https://github.com/grafana/grafana/pull/48046), [@papagian](https://github.com/papagian)
+- **Angular:** Adds back two angular directives that are still used by remaining angular bits and plugins. [#50380](https://github.com/grafana/grafana/pull/50380), [@torkelo](https://github.com/torkelo)
+- **Azure Monitor:** Add Resource Picker to Metrics Queries. [#49029](https://github.com/grafana/grafana/pull/49029), [@sarahzinger](https://github.com/sarahzinger)
+- **Azure Monitor:** Add search feature to resource picker. [#48234](https://github.com/grafana/grafana/pull/48234), [@sarahzinger](https://github.com/sarahzinger)
+- **AzureMonitor:** Add support for selecting multiple options when using the equals and not equals dimension filters. [#48650](https://github.com/grafana/grafana/pull/48650), [@aangelisc](https://github.com/aangelisc)
+- **AzureMonitor:** Remove deprecated code. [#48328](https://github.com/grafana/grafana/pull/48328), [@andresmgot](https://github.com/andresmgot)
+- **Build:** Change names to PascalCase to match. [#48949](https://github.com/grafana/grafana/pull/48949), [@zuchka](https://github.com/zuchka)
+- **Chore:** Remove deprecated DataSourceAPI methods. [#49313](https://github.com/grafana/grafana/pull/49313), [@ifrost](https://github.com/ifrost)
+- **Chore:** Upgrade typescript to 4.6.4. [#49016](https://github.com/grafana/grafana/pull/49016), [@kaydelaney](https://github.com/kaydelaney)
+- **Cloud Monitoring:** Use new annotation API. [#49026](https://github.com/grafana/grafana/pull/49026), [@kevinwcyu](https://github.com/kevinwcyu)
+- **CloudMonitoring:** Allow to set a custom value or disable graph_period. [#48646](https://github.com/grafana/grafana/pull/48646), [@andresmgot](https://github.com/andresmgot)
+- **CloudWatch:** Add generic filter component to variable editor. [#47907](https://github.com/grafana/grafana/pull/47907), [@iwysiu](https://github.com/iwysiu)
+- **CloudWatch:** Added missing AWS/AppRunner metrics. [#49174](https://github.com/grafana/grafana/pull/49174), [@Aton-Kish](https://github.com/Aton-Kish)
+- **CloudWatch:** Enable support for dynamic labels with migrated alias patterns. [#49173](https://github.com/grafana/grafana/pull/49173), [@sunker](https://github.com/sunker)
+- **Cloudwatch:** Pass label in deep link. [#49160](https://github.com/grafana/grafana/pull/49160), [@sunker](https://github.com/sunker)
+- **Cloudwatch:** Use new annotation API. [#48102](https://github.com/grafana/grafana/pull/48102), [@sunker](https://github.com/sunker)
+- **Dashboard:** Validate dashboards against schema on save. [#48252](https://github.com/grafana/grafana/pull/48252), [@sdboyer](https://github.com/sdboyer)
+- **DashboardPickerByID:** Add option to exclude dashboards. [#49211](https://github.com/grafana/grafana/pull/49211), [@Clarity-89](https://github.com/Clarity-89)
+- **DashboardPickerById:** Add optionLabel prop. [#47556](https://github.com/grafana/grafana/pull/47556), [@Clarity-89](https://github.com/Clarity-89)
+- **Dashboards:** Display values of 0 with the configured decimal places. [#48155](https://github.com/grafana/grafana/pull/48155), [@wx1322](https://github.com/wx1322)
+- **Data:** Remove deprecated types and functions from valueMappings. [#50035](https://github.com/grafana/grafana/pull/50035), [@kaydelaney](https://github.com/kaydelaney)
+- **Elasticsearch:** Remove browser access mode. [#49014](https://github.com/grafana/grafana/pull/49014), [@gabor](https://github.com/gabor)
+- **Elasticsearch:** Remove support for versions after their end of the life (<7.10.0). [#48715](https://github.com/grafana/grafana/pull/48715), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Encryption:** Add support for multiple data keys per day. [#47765](https://github.com/grafana/grafana/pull/47765), [@joanlopez](https://github.com/joanlopez)
+- **Encryption:** Enable envelope encryption by default. [#49301](https://github.com/grafana/grafana/pull/49301), [@joanlopez](https://github.com/joanlopez)
+- **Explore:** Remove support for legacy, compact format URLs. [#49350](https://github.com/grafana/grafana/pull/49350), [@gelicia](https://github.com/gelicia)
+- **Explore:** Skip Angular error handling when Angular support is disabled. [#49311](https://github.com/grafana/grafana/pull/49311), [@ifrost](https://github.com/ifrost)
+- **Explore:** simplify support for multiple query editors. [#48701](https://github.com/grafana/grafana/pull/48701), [@Elfo404](https://github.com/Elfo404)
+- **FeatureToggles:** Support changing feature toggles with URL parameters. [#50275](https://github.com/grafana/grafana/pull/50275), [@ryantxu](https://github.com/ryantxu)
+- **FileUpload:** Make component accessible by keyboard navigation. [#47497](https://github.com/grafana/grafana/pull/47497), [@tolzhabayev](https://github.com/tolzhabayev)
+- **Formatting:** Make SI number formats more robust. [#50117](https://github.com/grafana/grafana/pull/50117), [@kaydelaney](https://github.com/kaydelaney)
+- **Graph:** Deprecate Graph (old) and make it no longer a visualization option for new panels. [#48034](https://github.com/grafana/grafana/pull/48034), [@torkelo](https://github.com/torkelo)
+- **IconButton:** IconButtons are now correctly aligned in Safari. [#48759](https://github.com/grafana/grafana/pull/48759), [@ashharrison90](https://github.com/ashharrison90)
+- **Logger:** Enable new logging format by default. [#47584](https://github.com/grafana/grafana/pull/47584), [@ying-jeanne](https://github.com/ying-jeanne)
+- **Loki:** Add more query patterns. [#50248](https://github.com/grafana/grafana/pull/50248), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** Enable new visual query builder by default. [#48346](https://github.com/grafana/grafana/pull/48346), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Loki:** use the same dataframe-format for both live and normal queries. [#47153](https://github.com/grafana/grafana/pull/47153), [@gabor](https://github.com/gabor)
+- **OAuth:** Make allowed email domain case insensitive. [#49252](https://github.com/grafana/grafana/pull/49252), [@Jguer](https://github.com/Jguer)
+- **Panels:** Use the No value option when showing the no data message. [#47675](https://github.com/grafana/grafana/pull/47675), [@torkelo](https://github.com/torkelo)
+- **Plugins:** Remove plugin list panel. [#46914](https://github.com/grafana/grafana/pull/46914), [@tolzhabayev](https://github.com/tolzhabayev)
+- **Query History:** Enable new query history by default. [#49407](https://github.com/grafana/grafana/pull/49407), [@ifrost](https://github.com/ifrost)
+- **QueryEditorRow:** Show query errors next to query in a consistent way across Grafana. [#47613](https://github.com/grafana/grafana/pull/47613), [@torkelo](https://github.com/torkelo)
+- **SAML:** Implement Name Templates for assertion_attribute_name option. [#48022](https://github.com/grafana/grafana/pull/48022), [@mmandrus](https://github.com/mmandrus)
+- **Service accounts:** Do not display service accounts assigned to team. [#48995](https://github.com/grafana/grafana/pull/48995), [@eleijonmarck](https://github.com/eleijonmarck)
+- **Settings:** Use Grafana Azure SDK to pass Azure env vars for external plugins. [#48954](https://github.com/grafana/grafana/pull/48954), [@kostrse](https://github.com/kostrse)
+- **Shortcuts:** Add shortcut to show shortcuts to the list of shortcuts. [#48395](https://github.com/grafana/grafana/pull/48395), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Traces Panel:** Add new Traces Panel visualization. [#47534](https://github.com/grafana/grafana/pull/47534), [@joey-grafana](https://github.com/joey-grafana)
+- **Traces:** Filter by service/span name and operation in Tempo and Jaeger. [#48209](https://github.com/grafana/grafana/pull/48209), [@joey-grafana](https://github.com/joey-grafana)
+- **Transformations:** Allow more complex regex expressions in `Rename by regex`. [#48179](https://github.com/grafana/grafana/pull/48179), [@ashharrison90](https://github.com/ashharrison90)
+- **grafana/ui:** Add default type="button" to <Button>. [#48183](https://github.com/grafana/grafana/pull/48183), [@axelavargas](https://github.com/axelavargas)
+
+### Bug fixes
+
+- **Alerting:** Fix database unavailable removes rules from scheduler. [#49874](https://github.com/grafana/grafana/pull/49874), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **AzureMonitor:** Fix auto-selection of time-grain for metrics. [#49278](https://github.com/grafana/grafana/pull/49278), [@aangelisc](https://github.com/aangelisc)
+- **DataSources:** Fixes issue with expressions not being queried. [#50446](https://github.com/grafana/grafana/pull/50446), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **GraphNG:** Fix thresholds by color not following data update. [#48571](https://github.com/grafana/grafana/pull/48571), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Jaeger:** Update operations dropdown. [#49329](https://github.com/grafana/grafana/pull/49329), [@joey-grafana](https://github.com/joey-grafana)
+- **Login:** Fix mismatching label on auth_module in user list. [#49177](https://github.com/grafana/grafana/pull/49177), [@Jguer](https://github.com/Jguer)
+- **Playlists:** Save button now correctly creates a new playlist. [#50381](https://github.com/grafana/grafana/pull/50381), [@ashharrison90](https://github.com/ashharrison90)
+- **RBAC:** Fix migrations running in the wrong order causing inheritance problem in enterprise. [#50452](https://github.com/grafana/grafana/pull/50452), [@gamab](https://github.com/gamab)
+- **RBAC:** Fix migrations running into the wrong order. (Enterprise)
+- **ServiceAccounts:** Add identifiable token prefix to service account tokens. [#49011](https://github.com/grafana/grafana/pull/49011), [@Jguer](https://github.com/Jguer)
+- **Traces:** Fix missing CopyButton on KeyValueTables and overlapping of panels. [#49271](https://github.com/grafana/grafana/pull/49271), [@svennergr](https://github.com/svennergr)
+
+### Breaking changes
+
+The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly:
+
+```js
+// before
+import { selectOptionInTest } from '@grafana/ui';
+// ...test usage
+await selectOptionInTest(selectEl, 'Option 2');
+
+// after
+import { select } from 'react-select-event';
+// ...test usage
+await select(selectEl, 'Option 2', { container: document.body });
+```
+
+Issue [#50442](https://github.com/grafana/grafana/issues/50442)
+
+Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` config. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. Issue [#50296](https://github.com/grafana/grafana/issues/50296)
+
+Removes the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. Migration is as follows:
+| Old | New |
+| ------------- | ------------- |
+| `LegacyBaseMap` | `MappingType` |
+| `LegacyValueMapping` | `ValueMapping` |
+| `LegacyValueMap` | `ValueMap` |
+| `LegacyRangeMap` | `RangeMap` |
+| `getMappedValue` | `getValueMappingResult` | Issue [#50035](https://github.com/grafana/grafana/issues/50035)
+
+This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful.
+
+The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`. Issue [#49874](https://github.com/grafana/grafana/issues/49874)
+
+- Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0.
+- If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana v9.0.
+- In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).
+- As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana.
+- Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). Issue [#49301](https://github.com/grafana/grafana/issues/49301)
+
+- According to the dynamic labels documentation, you can use up to five dynamic values per label. There’s currently no such restriction in the alias pattern system, so if more than 5 patterns are being used the GetMetricData API will return an error.
+- Dynamic labels only allow ${LABEL} to be used once per query. There’s no such restriction in the alias pattern system, so in case more than 1 is being used the GetMetricData API will return an error.
+- When no alias is provided by the user, Grafana will no longer fallback with custom rules for naming the legend.
+- In case a search expression is being used and no data is returned, Grafana will no longer expand dimension values, for instance when using a multi-valued template variable or star wildcard `*` in the dimension value field. Ref https://github.com/grafana/grafana/issues/20729
+- Time series might be displayed in a different order. Using for example the dynamic label `${PROP('MetricName')}`, might have the consequence that the time series are returned in a different order compared to when the alias pattern `{{metric}}` is used
+
+Issue [#49173](https://github.com/grafana/grafana/issues/49173)
+
+In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode, please switch to server access mode on the datasource configuration page. Issue [#49014](https://github.com/grafana/grafana/issues/49014)
+
+Environment variables passed from Grafana to external Azure plugins have been renamed:
+
+- `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`
+- `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`
+- `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`
+
+There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. Issue [#48954](https://github.com/grafana/grafana/issues/48954)
+
+Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.
+Issue [#48715](https://github.com/grafana/grafana/issues/48715)
+
+Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. Please refer to the [documentation](https://grafana.com/docs/grafana/latest/datasources/azuremonitor/deprecated-application-insights/) for more information about this change.
+
+Issue [#48328](https://github.com/grafana/grafana/issues/48328)
+
+**grafana/ui: Button now specifies a default type="button"**
+
+The `Button` component provided by @grafana/ui now specifies a default `type="button"` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the [specification](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/button#attr-type)
+
+You can preserve the old behavior by explicitly setting the type attribute: `<Button type="submit" />`
+
+[Github Issue #41863](https://github.com/grafana/grafana/issues/41863).
+Issue [#48183](https://github.com/grafana/grafana/issues/48183)
+
+The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` Issue [#48179](https://github.com/grafana/grafana/issues/48179)
+
+`<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting `menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. Please see the original PR (https://github.com/grafana/grafana/pull/36398) for migration guides. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling.
+
+Issue [#48176](https://github.com/grafana/grafana/issues/48176)
+
+Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. Issue [#48070](https://github.com/grafana/grafana/issues/48070)
+
+Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. Issue [#48052](https://github.com/grafana/grafana/issues/48052)
+
+Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. Issue [#48046](https://github.com/grafana/grafana/issues/48046)
+
+Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. Issue [#47978](https://github.com/grafana/grafana/issues/47978)
+
+The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. Issue [#47584](https://github.com/grafana/grafana/issues/47584)
+
+In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a "labels" column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the "labels to fields" transformation with the logs data, please switch to the "extract fields" transformation. Issue [#47153](https://github.com/grafana/grafana/issues/47153)
+
+### Deprecations
+
+`setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. Please refer to https://grafana.com/docs/grafana/latest/developers/plugins/add-support-for-explore-queries/ for more information.
+Issue [#48701](https://github.com/grafana/grafana/issues/48701)
+
+### Plugin development fixes & changes
+
+- **Chore:** Remove react-testing-lib from bundles. [#50442](https://github.com/grafana/grafana/pull/50442), [@jackw](https://github.com/jackw)
+- **Select:** Portal menu by default. [#48176](https://github.com/grafana/grafana/pull/48176), [@ashharrison90](https://github.com/ashharrison90)
+
+<!-- 9.0.0 END -->
+<!-- 9.0.0-beta3 START -->
+
+# 9.0.0-beta3 (2022-06-06)
+
+### Features and enhancements
+
+- **Alerting:** Add provenance guard to config api. [#50147](https://github.com/grafana/grafana/pull/50147), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Make folder filter clearable in Alert list panel. [#50093](https://github.com/grafana/grafana/pull/50093), [@peterholmberg](https://github.com/peterholmberg)
+- **Alerting:** Provisioning API - Alert rules. [#47930](https://github.com/grafana/grafana/pull/47930), [@JohnnyQQQQ](https://github.com/JohnnyQQQQ)
+- **Alerting:** Remove Image Upload code from Slack notifier. [#50062](https://github.com/grafana/grafana/pull/50062), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Remove double quotes from matchers. [#50038](https://github.com/grafana/grafana/pull/50038), [@gotjosh](https://github.com/gotjosh)
+- **Cloudwatch:** Dynamic labels autocomplete. [#49794](https://github.com/grafana/grafana/pull/49794), [@sunker](https://github.com/sunker)
+- **Datasource:** Remove deprecated max_idle_connections_per_host setting. [#49948](https://github.com/grafana/grafana/pull/49948), [@marefr](https://github.com/marefr)
+- **Datasource:** Remove support for unencrypted passwords. [#49987](https://github.com/grafana/grafana/pull/49987), [@marefr](https://github.com/marefr)
+- **Dependencies:** Update to Golang version `1.17.11`. [#50253](https://github.com/grafana/grafana/pull/50253), [@dsotirakis](https://github.com/dsotirakis)
+- **Loki:** Run query when pressing Enter on line-filters. [#49913](https://github.com/grafana/grafana/pull/49913), [@svennergr](https://github.com/svennergr)
+- **Metrics:** Remove support for using summaries instead of histogram for HTTP instrumentation. [#49985](https://github.com/grafana/grafana/pull/49985), [@bergquist](https://github.com/bergquist)
+- **Plugins:** Remove deprecated /api/tsdb/query metrics endpoint. [#49916](https://github.com/grafana/grafana/pull/49916), [@wbrowne](https://github.com/wbrowne)
+- **Plugins:** Support headers field for check health. [#49930](https://github.com/grafana/grafana/pull/49930), [@marefr](https://github.com/marefr)
+- **Prometheus/Loki:** Add raw query and syntax highlight in explain mode. [#50070](https://github.com/grafana/grafana/pull/50070), [@aocenas](https://github.com/aocenas)
+- **Prometheus:** Migrate metadata queries to use resource calls. [#49921](https://github.com/grafana/grafana/pull/49921), [@srclosson](https://github.com/srclosson)
+- **RBAC:** Make RBAC action names more consistent. [#49730](https://github.com/grafana/grafana/pull/49730), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **RBAC:** Make RBAC action names more consistent. (Enterprise)
+- **Settings:** Sunset non-duration based login lifetime config. [#49944](https://github.com/grafana/grafana/pull/49944), [@sakjur](https://github.com/sakjur)
+- **[9.0.x] Alerting:** Update alert rule diff to not see difference between nil and empty map. [#50198](https://github.com/grafana/grafana/pull/50198), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+### Bug fixes
+
+- **Alerting:** Fix alert list panel showing firing alerts with no instances. [#50069](https://github.com/grafana/grafana/pull/50069), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Fix notification policy "Override grouping" form save. [#50031](https://github.com/grafana/grafana/pull/50031), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Remove double quotes from matchers. [#50046](https://github.com/grafana/grafana/pull/50046), [@alexweav](https://github.com/alexweav)
+- **Alerting:** Use correct permission scope for external AM updates. [#50159](https://github.com/grafana/grafana/pull/50159), [@gillesdemey](https://github.com/gillesdemey)
+- **Datasource:** Fix allowed cookies to be forwarded as header to backend datasources. [#49541](https://github.com/grafana/grafana/pull/49541), [@marefr](https://github.com/marefr)
+- **Licensing:** Fix trial expiration warning. (Enterprise)
+- **Loki:** Fix uncaught errors if `labelKey` contains special characters. [#49887](https://github.com/grafana/grafana/pull/49887), [@svennergr](https://github.com/svennergr)
+- **Prometheus:** Fix aligning of labels of exemplars after backend migration. [#49924](https://github.com/grafana/grafana/pull/49924), [@aocenas](https://github.com/aocenas)
+- **SharePDF:** Fix repeated datasource variables in PDF. (Enterprise)
+- **State Timeline:** Fix Null Value Filling and Value Transformation. [#50054](https://github.com/grafana/grafana/pull/50054), [@codeincarnate](https://github.com/codeincarnate)
+- **Usage stats:** Divide collection into multiple functions to isolate failures. [#49928](https://github.com/grafana/grafana/pull/49928), [@sakjur](https://github.com/sakjur)
+
+### Breaking changes
+
+Removes support for storing/using datasource `password` and `basicAuthPassword` unencrypted which was [deprecated in Grafana v8.1.0](https://grafana.com/docs/grafana/latest/installation/upgrading/#use-of-unencrypted-passwords-for-data-sources-no-longer-supported). Please use `secureJsonData.password` and `secureJsonData.basicAuthPassword`. Issue [#49987](https://github.com/grafana/grafana/issues/49987)
+
+Removes the option to instrument HTTP request in Grafana using summaries instead of histograms. Issue [#49985](https://github.com/grafana/grafana/issues/49985)
+
+Removes support for deprecated dataproxy.max_idle_connections_per_host setting. Please use max_idle_connections instead. Issue [#49948](https://github.com/grafana/grafana/issues/49948)
+
+Removes the deprecated `getFormStyles` function from grafana-ui.
+Prefer using `GrafanaTheme2` and the `useStyles2` hook. Issue [#49945](https://github.com/grafana/grafana/issues/49945)
+
+The configuration options `auth.login_maximum_inactive_lifetime_days` and `auth.login_maximum_lifetime_days` were deprecated in Grafana v7.2.0 and have now been removed. Use `login_maximum_inactive_lifetime_duration` and `login_maximum_lifetime_duration` to customize the maximum lifetime of a login session. Issue [#49944](https://github.com/grafana/grafana/issues/49944)
+
+Removed the deprecated `isFocused` and `isInvalid` props from the `InlineLabel` component. These props haven't done anything for a while, so migration is just a matter of removing the props. Issue [#49929](https://github.com/grafana/grafana/issues/49929)
+
+Removed the deprecated `onColorChange` prop from `ColorPicker`. Moving forward the `onChange` prop should be used. Issue [#49923](https://github.com/grafana/grafana/issues/49923)
+
+`/api/tsdb/query` API has been removed. Use [/api/ds/query](https://grafana.com/docs/grafana/latest/http_api/data_source/#query-a-data-source) instead.
+Issue [#49916](https://github.com/grafana/grafana/issues/49916)
+
+`onClipboardCopy` and `onClipboardError` APIs have been changed such that the callback's argument is just the text that's been copied rather than the old `ClipboardEvent` interface.
+Migration should just be a matter of going from
+
+```tsx
+<ClipboardButton
+  {/*other props... */}
+  onClipboardCopy={(e) => {
+    console.log(`Text "${e.text}" was copied!`);
+  }}
+/>
+```
+
+to
+
+````tsx
+<ClipboardButton
+  {/* other props... */}
+  onClipboardCopy={(copiedText) => {
+    console.log(`Text "${copiedText}" was copied!`);
+  }}
+/>
+```
+
+Issue [#49847](https://github.com/grafana/grafana/issues/49847)
+
+The following RBAC action renames have been carried out:
+
+- `users.authtoken:update` -> `users.authtoken:write`;
+- `users.password:update` -> `users.password:write`;
+- `users.permissions:update` -> `users.permissions:write`;
+- `users.quotas:update` -> `users.quotas:write`;
+- `org.users.role:update` -> `org.users:write`;
+- `alert.instances:update` -> `alert.instances:write`;
+- `alert.rules:update` -> `alert.rules:write`;
+- `users.authtoken:list` -> `users.authtoken:read`;
+- `users.quotas:list` -> `users.quotas:read`;
+- `users.teams:read` -> replaced by `users.read` + `teams:read`
+
+We've added a migration from the old action names to the new names and have updated our documentation. But you will have to update any scripts and provisioning files that are using the old action names. Issue [#49730](https://github.com/grafana/grafana/issues/49730)
+
+The following RBAC action renames have been carried out:
+
+- `reports.admin:write` -> `reports:write`;
+- `reports.admin:create` -> `reports:create`;
+- `licensing:update` -> `licensing:write`;
+- `roles:list` -> `roles:read`;
+- `teams.roles:list` -> `teams.roles:read`;
+- `users.roles:list` -> `users.roles:read`;
+- `users.permissions:list` -> `users.permissions:read`
+
+We've added a migration from the old action names to the new names and have updated our documentation. But you will have to update any scripts and provisioning files that are using the old action names. Issue [#3372](https://github.com/grafana/grafana/issues/3372)
+
+### Plugin development fixes & changes
+
+- **UI:** Remove deprecated getFormStyles function. [#49945](https://github.com/grafana/grafana/pull/49945), [@kaydelaney](https://github.com/kaydelaney)
+- **InlineLabel:** Remove deprecated props. [#49929](https://github.com/grafana/grafana/pull/49929), [@kaydelaney](https://github.com/kaydelaney)
+- **ColorPicker:** Remove deprecated onColorChange prop. [#49923](https://github.com/grafana/grafana/pull/49923), [@kaydelaney](https://github.com/kaydelaney)
+- **ClipboardButton:** Simplify callbacks. [#49847](https://github.com/grafana/grafana/pull/49847), [@kaydelaney](https://github.com/kaydelaney)
+
+<!-- 9.0.0-beta3 END -->
+<!-- 9.0.0-beta2 START -->
+
+# 9.0.0-beta2 (2022-05-31)
+
+### Features and enhancements
+
+- **Alerting:** Add legacy indicator to navbar. [#49511](https://github.com/grafana/grafana/pull/49511), [@peterholmberg](https://github.com/peterholmberg)
+- **Alerting:** Add templated subject config to email notifier. [#49742](https://github.com/grafana/grafana/pull/49742), [@JacobsonMT](https://github.com/JacobsonMT)
+- **Alerting:** Enable Unified Alerting for open source and enterprise. [#49834](https://github.com/grafana/grafana/pull/49834), [@grobinson-grafana](https://github.com/grobinson-grafana)
+- **Alerting:** Make alertmanager datasource stable. [#49485](https://github.com/grafana/grafana/pull/49485), [@gillesdemey](https://github.com/gillesdemey)
+- **Angular:** Remove deprecated angular modal support and libs. [#49781](https://github.com/grafana/grafana/pull/49781), [@torkelo](https://github.com/torkelo)
+- **AuthProxy:** Remove deprecated ldap_sync_ttl setting. [#49902](https://github.com/grafana/grafana/pull/49902), [@kalleep](https://github.com/kalleep)
+- **Build:** Enable long term caching for frontend assets. [#47625](https://github.com/grafana/grafana/pull/47625), [@jackw](https://github.com/jackw)
+- **Chore:** Remove deprecated TextDisplayOptions export. [#49705](https://github.com/grafana/grafana/pull/49705), [@kaydelaney](https://github.com/kaydelaney)
+- **Chore:** Remove deprecated `surface` prop from IconButton. [#49715](https://github.com/grafana/grafana/pull/49715), [@kaydelaney](https://github.com/kaydelaney)
+- **Chore:** Remove usage of deprecated getColorForTheme function. [#49519](https://github.com/grafana/grafana/pull/49519), [@kaydelaney](https://github.com/kaydelaney)
+- **DatePicker:** Add minDate prop. [#49503](https://github.com/grafana/grafana/pull/49503), [@alexanderzobnin](https://github.com/alexanderzobnin)
+- **Notification history:** Enable by default. [#49502](https://github.com/grafana/grafana/pull/49502), [@ashharrison90](https://github.com/ashharrison90)
+- **Prometheus:** Add pluginVersion to query. [#49414](https://github.com/grafana/grafana/pull/49414), [@toddtreece](https://github.com/toddtreece)
+- **Prometheus:** Enable prometheusStreamingJSONParser by default. [#49475](https://github.com/grafana/grafana/pull/49475), [@toddtreece](https://github.com/toddtreece)
+- **Prometheus:** Predefined scopes for Azure authentication. [#49557](https://github.com/grafana/grafana/pull/49557), [@kostrse](https://github.com/kostrse)
+- **Prometheus:** Streaming JSON parser performance improvements. [#48792](https://github.com/grafana/grafana/pull/48792), [@toddtreece](https://github.com/toddtreece)
+- **ValueMapping:** Add support for regex replacement over multiple lines. [#49607](https://github.com/grafana/grafana/pull/49607), [@ashharrison90](https://github.com/ashharrison90)
+
+### Bug fixes
+
+- **Accessibility:** Pressing escape in a Modal or DashboardSettings correctly closes the overlay. [#49500](https://github.com/grafana/grafana/pull/49500), [@ashharrison90](https://github.com/ashharrison90)
+- **Alerting:** Validate alert notification UID length. [#45546](https://github.com/grafana/grafana/pull/45546), [@wbrowne](https://github.com/wbrowne)
+- **BackendSrv:** Throw an error when fetching an invalid JSON. [#47493](https://github.com/grafana/grafana/pull/47493), [@leventebalogh](https://github.com/leventebalogh)
+- **Fix:** Timeseries migration regex override. [#49629](https://github.com/grafana/grafana/pull/49629), [@zoltanbedi](https://github.com/zoltanbedi)
+- **Loki:** Fix unwrap parsing in query builder. [#49732](https://github.com/grafana/grafana/pull/49732), [@ivanahuckova](https://github.com/ivanahuckova)
+- **Navigation:** Position hamburger menu correctly in mobile view. [#49603](https://github.com/grafana/grafana/pull/49603), [@ashharrison90](https://github.com/ashharrison90)
+- **PanelEditor:** Fixes issue with Table view and multi data frames. [#49854](https://github.com/grafana/grafana/pull/49854), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **Preferences:** Fix updating of preferences for Navbar and Query History. [#49677](https://github.com/grafana/grafana/pull/49677), [@ivanahuckova](https://github.com/ivanahuckova)
+- **TimeRange:** Fixes issue when zooming out on a timerange with timespan 0. [#49622](https://github.com/grafana/grafana/pull/49622), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+- **Variables:** Fixes DS variables not being correctly used in panel queries. [#49323](https://github.com/grafana/grafana/pull/49323), [@JoaoSilvaGrafana](https://github.com/JoaoSilvaGrafana)
+
+### Breaking changes
+
+Drop support for deprecated setting ldap_sync_ttl under [auth.proxy]
+Only sync_ttl will work from now on Issue [#49902](https://github.com/grafana/grafana/issues/49902)
+
+Removes support for deprecated `heading` and `description` props. Moving forward, the `Card.Heading` and `Card.Description` components should be used. Issue [#49885](https://github.com/grafana/grafana/issues/49885)
+
+Removes the deprecated `link` variant from the `Button` component.
+To migrate, replace any usage of `variant="link"` with `fill="text"`. Issue [#49843](https://github.com/grafana/grafana/issues/49843)
+
+Removes the deprecated `surface` prop from the `IconButton` component. This prop hasn't actually done anything for a while, so it should be safe to just remove any instances of its usage.
+Issue [#49715](https://github.com/grafana/grafana/issues/49715)
+
+Removes the deprecated `TextDisplayOptions` export from `@grafana/data` in favor of `VizTextDisplayOptions` from `@grafana/schema`. To migrate, just replace usage of `TextDisplayOptions` with `VizTextDisplayOptions`. Issue [#49705](https://github.com/grafana/grafana/issues/49705)
+
+Removed support for the deprecated `getColorForTheme(color: string, theme: GrafanaTheme)` function in favor of the
+`theme.visualization.getColorByName(color: string)` method. The output of this method is identical to the removed function, so migration should just be a matter of rewriting calls of `getColorForTheme(myColor, myTheme)` to `myTheme.visualization.getColorByName(myColor)`.
+Issue [#49519](https://github.com/grafana/grafana/issues/49519)
+
+In the Prometheus data source, for consistency and performance reasons, we changed how we represent `NaN` (not a number) values received from Prometheus. In the past versions, we converted these to `null` in the frontend (for dashboard and explore), and kept as `NaN` in the alerting path. Starting with this version, we will always keep it as `NaN`. This change should be mostly invisible for the users. Issue [#49475](https://github.com/grafana/grafana/issues/49475)
+
+Plugins using custom Webpack configs could potentially break due to the changes between webpack@4 and webpack@5. Please refer to the [official migration guide](https://webpack.js.org/migrate/5/) for assistance.
+
+Webpack 5 does not include polyfills for node.js core modules by default (e.g. `buffer`, `stream`, `os`). This can result in failed builds for plugins. If polyfills are required it is recommended to create a custom webpack config in the root of the plugin repo and add the required fallbacks:
+
+```js
+// webpack.config.js
+
+module.exports.getWebpackConfig = (config, options) => ({
+  ...config,
+  resolve: {
+    ...config.resolve,
+    fallback: {
+      os: require.resolve('os-browserify/browser'),
+      stream: require.resolve('stream-browserify'),
+      timers: require.resolve('timers-browserify'),
+    },
+  },
+});
+```
+
+Please refer to the webpack build error messages or the [official migration guide](https://webpack.js.org/migrate/5/) for assistance with fallbacks.
+
+**Which issue(s) this PR fixes**:
+
+<!--
+
+- Automatically closes linked issue when the Pull Request is merged.
+
+Usage: "Fixes #<issue number>", or "Fixes (paste link of issue)"
+
+-->
+
+Fixes #
+
+**Special notes for your reviewer**:
+
+It does not bump the following dependencies to the very latest due to the latest versions being ES modules:
+
+- ora
+- globby
+- execa
+- chalk
+  Issue [#47826](https://github.com/grafana/grafana/issues/47826)
+
+We have changed the internals of `backendSrv.fetch()` to throw an error when the response is an incorrect JSON.
+
+```javascript
+// PREVIOUSLY: this was returning with an empty object {} - in case the response is an invalid JSON
+return await getBackendSrv().post(`${API_ROOT}/${id}/install`);
+
+// AFTER THIS CHANGE: the following will throw an error - in case the response is an invalid JSON
+return await getBackendSrv().post(`${API_ROOT}/${id}/install`);
+```
+
+**When is the response handled as JSON?**
+
+- If the response has the `"Content-Type: application/json"` header, OR
+- If the backendSrv options ([`BackendSrvRequest`](https://github.com/grafana/grafana/blob/e237ff20a996c7313632b2e28f38032012f0e340/packages/grafana-runtime/src/services/backendSrv.ts#L8)) specify the response as JSON: `{ responseType: 'json' }`
+
+**How does it work after this change?**
+
+- In case it is recognised as a JSON response and the response is empty, it returns an empty object `{}`
+- In case it is recognised as a JSON response and it has formatting errors, it throws an error
+
+**How to migrate?**
+Make sure to handle possible errors on the callsite where using `backendSrv.fetch()` (or any other `backendSrv` methods). Issue [#47493](https://github.com/grafana/grafana/issues/47493)
+
+### Plugin development fixes & changes
+
+- **UI/Card:** Remove deprecated props. [#49885](https://github.com/grafana/grafana/pull/49885), [@kaydelaney](https://github.com/kaydelaney)
+- **UI/Button:** Remove deprecated "link" variant. [#49843](https://github.com/grafana/grafana/pull/49843), [@kaydelaney](https://github.com/kaydelaney)
+- **Toolkit:** Bump dependencies. [#47826](https://github.com/grafana/grafana/pull/47826), [@jackw](https://github.com/jackw)
+
+<!-- 9.0.0-beta2 END -->
+
+<!-- 9.0.0-beta1 START -->
+
+# 9.0.0-beta1 (2022-05-24)
+
+### Features and enhancements
+
+- **AccessControl:** Add setting for permission cache. (Enterprise)
+- **AccessControl:** Check dashboard permissions for reports. (Enterprise)
+- **Auth:** Remove grafana ui dependency to the aws sdk. [#43559](https://github.com/grafana/grafana/pull/43559), [@sunker](https://github.com/sunker)
+- **BasicRoles:** Add API endpoint to reset basic roles permissions to factory. (Enterprise)
+- **LDAP Mapping:** Allow Grafana Admin mapping without org role. [#37189](https://github.com/grafana/grafana/pull/37189), [@krzysdabro](https://github.com/krzysdabro)
+- **Licensing:** Only enforce total number of users. (Enterprise)
+- **Loki:** do not convert NaN to null. [#45389](https://github.com/grafana/grafana/pull/45389), [@gabor](https://github.com/gabor)
+- **Report:** API support for multiple dashboards. (Enterprise)
+- **Report:** Support sending embedded image in the report email. (Enterprise)
+- **Report:** UI for multiple dashboards. (Enterprise)
+- **Reporting:** Remove redundant empty attachment when export to CSV is enabled. (Enterprise)
+- **SAML:** Implement Name Templates for assertion_attribute_name option. (Enterprise)
+- **SSE/Alerting:** Support prom instant vector responses. [#44865](https://github.com/grafana/grafana/pull/44865), [@kylebrandt](https://github.com/kylebrandt)
+- **Tracing:** Add trace to metrics config behind feature toggle. [#46298](https://github.com/grafana/grafana/pull/46298), [@connorlindsey](https://github.com/connorlindsey)
+
+### Bug fixes
+
+- **Fix:** Prevent automatic parsing of string data types to numbers. [#46035](https://github.com/grafana/grafana/pull/46035), [@joshhunt](https://github.com/joshhunt)
+- **Prometheus:** Fix inconsistent labels in exemplars resulting in marshal json error. [#46135](https://github.com/grafana/grafana/pull/46135), [@hanjm](https://github.com/hanjm)
+
+### Breaking changes
+
+In the Loki data source, for consistency and performance reasons, we changed how we represent `NaN` (not a number) values received from Loki. In the past versions, we converted these to `null` in the frontend (for dashboard and explore), and kept as `NaN` in the alerting path. Starting with this version, we will always keep it as `NaN`. This change should be mostly invisible for the users. Issue [#45389](https://github.com/grafana/grafana/issues/45389)
+
+The dependency to [grafana/aws-sdk](https://github.com/grafana/grafana-aws-sdk-react) is moved from [grafana/ui](https://github.com/grafana/grafana/blob/main/packages/grafana-ui/package.json) to the plugin. This means that any plugin that use SIGV4 auth need to pass a SIGV4 editor component as a prop to the `DataSourceHttpSettings` component. Issue [#43559](https://github.com/grafana/grafana/issues/43559)
+
+<!-- 9.0.0-beta1 END -->
+<!-- 8.5.4 START -->
+
+# 8.5.4 (2022-05-30)
+
+### Features and enhancements
+
+- **Alerting:** Remove disabled flag for data source when migrating alerts. [#48559](https://github.com/grafana/grafana/pull/48559), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Show notification tab of legacy alerting only to editor. [#49624](https://github.com/grafana/grafana/pull/49624), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Update migration to migrate only alerts that belong to existing org\dashboard. [#49192](https://github.com/grafana/grafana/pull/49192), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **AzureMonitor:** Do not quote variables when a custom "All" variable option is used. [#49428](https://github.com/grafana/grafana/pull/49428), [@andresmgot](https://github.com/andresmgot)
+- **AzureMonitor:** Update allowed namespaces. [#48468](https://github.com/grafana/grafana/pull/48468), [@jcolladokuri](https://github.com/jcolladokuri)
+- **CloudMonitor:** Correctly encode default project response. [#49510](https://github.com/grafana/grafana/pull/49510), [@aangelisc](https://github.com/aangelisc)
+- **Cloudwatch:** Add support for new AWS/RDS EBS\* metrics. [#48798](https://github.com/grafana/grafana/pull/48798), [@szymonpk](https://github.com/szymonpk)
+- **InfluxDB:** Use backend for influxDB by default via feature toggle. [#48453](https://github.com/grafana/grafana/pull/48453), [@yesoreyeram](https://github.com/yesoreyeram)
+- **Legend:** Use correct unit for percent and count calculations. [#49004](https://github.com/grafana/grafana/pull/49004), [@dprokop](https://github.com/dprokop)
+- **LokI:** use millisecond steps in Grafana 8.5.x. [#48630](https://github.com/grafana/grafana/pull/48630), [@gabor](https://github.com/gabor)
+- **Plugins:** Introduce HTTP 207 Multi Status response to api/ds/query. [#48550](https://github.com/grafana/grafana/pull/48550), [@wbrowne](https://github.com/wbrowne)
+- **Reporting:** Improve PDF file size using grid layout. (Enterprise)
+- **Transformations:** Add an All Unique Values Reducer. [#48653](https://github.com/grafana/grafana/pull/48653), [@josiahg](https://github.com/josiahg)
+- **Transformers:** avoid error when the ExtractFields source field is missing. [#49368](https://github.com/grafana/grafana/pull/49368), [@wardbekker](https://github.com/wardbekker)
+- **[v8.5.x] Alerting:** Update migration to migrate only alerts that belong to existing org\dashboard. [#49199](https://github.com/grafana/grafana/pull/49199), [@grafanabot](https://github.com/grafanabot)
+- **[v8.5.x] Reporting:** Improve PDF file size using grid layout. (Enterprise)
+
+### Bug fixes
+
+- **Alerting:** Allow disabling override timings for notification policies. [#48648](https://github.com/grafana/grafana/pull/48648), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Allow serving images from custom url path. [#49022](https://github.com/grafana/grafana/pull/49022), [@gillesdemey](https://github.com/gillesdemey)
+- **Alerting:** Apply Custom Headers to datasource queries. [#47860](https://github.com/grafana/grafana/pull/47860), [@joeblubaugh](https://github.com/joeblubaugh)
+- **Alerting:** Fix RBAC actions for notification policies. [#49185](https://github.com/grafana/grafana/pull/49185), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Fix access to alerts for viewer with editor permissions when RBAC is disabled. [#49270](https://github.com/grafana/grafana/pull/49270), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** Fix anonymous access to alerting. [#49203](https://github.com/grafana/grafana/pull/49203), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **Alerting:** correctly show all alerts in a folder. [#48684](https://github.com/grafana/grafana/pull/48684), [@gillesdemey](https://github.com/gillesdemey)
+- **AzureMonitor:** Fixes metric definition for Azure Storage queue/file/blob/table resources. [#49101](https://github.com/grafana/grafana/pull/49101), [@aangelisc](https://github.com/aangelisc)
+- **Dashboard:** Fix dashboard update permission check. [#48746](https://github.com/grafana/grafana/pull/48746), [@IevaVasiljeva](https://github.com/IevaVasiljeva)
+- **DashboardExport:** Fix exporting and importing dashboards where query data source ended up as incorrect. [#48410](https://github.com/grafana/grafana/pull/48410), [@torkelo](https://github.com/torkelo)
+- **FileUpload:** clicking the `Upload file` button now opens the modal correctly. [#48766](https://github.com/grafana/grafana/pull/48766), [@ashharrison90](https://github.com/ashharrison90)
+- **GrafanaUI:** Fix color of links in error Tooltips in light theme. [#49327](https://github.com/grafana/grafana/pull/49327), [@joshhunt](https://github.com/joshhunt)
+- **LibraryPanels:** Fix library panels not connecting properly in imported dashboards. [#49161](https://github.com/grafana/grafana/pull/49161), [@joshhunt](https://github.com/joshhunt)
+- **Loki:** Improve unpack parser handling. [#49074](https://github.com/grafana/grafana/pull/49074), [@gabor](https://github.com/gabor)
+- **RolePicker:** Fix menu position on smaller screens. [#48429](https://github.com/grafana/grafana/pull/48429), [@Clarity-89](https://github.com/Clarity-89)
+- **TimeRange:** Fixes updating time range from url and browser history. [#48657](https://github.com/grafana/grafana/pull/48657), [@torkelo](https://github.com/torkelo)
+- **TimeSeries:** Fix detection & rendering of sparse datapoints. [#48841](https://github.com/grafana/grafana/pull/48841), [@leeoniya](https://github.com/leeoniya)
+- **Timeseries:** Fix outside range stale state. [#49633](https://github.com/grafana/grafana/pull/49633), [@ryantxu](https://github.com/ryantxu)
+- **Tooltip:** Fix links not legible in Tooltips when using light theme. [#48748](https://github.com/grafana/grafana/pull/48748), [@joshhunt](https://github.com/joshhunt)
+- **Tooltip:** Sort decimals using standard numeric compare. [#49084](https://github.com/grafana/grafana/pull/49084), [@dprokop](https://github.com/dprokop)
+- **Transforms:** Labels to fields, fix label picker layout. [#49304](https://github.com/grafana/grafana/pull/49304), [@torkelo](https://github.com/torkelo)
+- **Variables:** Fixes issue with data source variables not updating queries with variable. [#49478](https://github.com/grafana/grafana/pull/49478), [@torkelo](https://github.com/torkelo)
+- **[v8.5.x] Alerting:** Fix RBAC actions for notification policies (#49185). [#49348](https://github.com/grafana/grafana/pull/49348), [@yuri-tceretian](https://github.com/yuri-tceretian)
+- **[v8.5.x] Alerting:** Fix access to alerts for viewer with editor permissions when RBAC is disabled. [#49427](https://github.com/grafana/grafana/pull/49427), [@konrad147](https://github.com/konrad147)
+- **[v8.5.x] Alerting:** Fix anonymous access to alerting. [#49268](https://github.com/grafana/grafana/pull/49268), [@yuri-tceretian](https://github.com/yuri-tceretian)
+
+### Breaking changes
+
+For a data source query made via /api/ds/query :
+
+- If the `DatasourceQueryMultiStatus` feature is enabled and
+  - The data source response has an error set as part of the `DataResponse`, the resulting HTTP status code is now `207 Multi Status` instead of `400 Bad gateway`
+- If the `DatasourceQueryMultiStatus` feature is **not** enabled and
+  - The data source response has an error set as part of the `DataResponse`, the resulting HTTP status code is `400 Bad Request` (no breaking change)
+    --> Issue [#48550](https://github.com/grafana/grafana/issues/48550)
+
+<!-- 8.5.4 END -->
 <!-- 8.5.3 START -->
 
 # 8.5.3
@@ -106,7 +888,7 @@ The change in behavior is that negative-valued series are now stacked downwards
 
 The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards. Issue [#45132](https://github.com/grafana/grafana/issues/45132)
 
-The Tooltip component provided by `@grafana/ui` is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new `interactive` property to true.  
+The Tooltip component provided by `@grafana/ui` is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new `interactive` property to true.
  Issue [#45053](https://github.com/grafana/grafana/issues/45053)
 
 ### Deprecations
@@ -4545,3 +5327,4 @@ repo on July 1st. Make sure you have switched to the new repo by then. The new r
 - **Dashboard**: Panel property `minSpan` replaced by `maxPerRow`. Dashboard migration will automatically migrate all dashboard panels using the `minSpan` property to the new `maxPerRow` property [#12991](https://github.com/grafana/grafana/pull/12991)
 
 For older release notes, refer to the [CHANGELOG_ARCHIVE.md](https://github.com/grafana/grafana/blob/master/CHANGELOG_ARCHIVE.md)
+````

Dockerfile

@@ -20,14 +20,13 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.9-alpine3.15 as go-builder
+FROM golang:1.17.12-alpine3.15 as go-builder
 
 RUN apk add --no-cache gcc g++ make
 
 WORKDIR /grafana
 
 COPY go.mod go.sum embed.go Makefile build.go package.json ./
-COPY cue cue
 COPY packages/grafana-schema packages/grafana-schema
 COPY public/app/plugins public/app/plugins
 COPY public/api-spec.json public/api-spec.json

Dockerfile.ubuntu

@@ -21,7 +21,7 @@ COPY emails emails
 ENV NODE_ENV production
 RUN yarn build
 
-FROM golang:1.17.9 AS go-builder
+FROM golang:1.17.12 AS go-builder
 
 WORKDIR /src/grafana
 
@@ -29,7 +29,6 @@ COPY go.mod go.sum embed.go ./
 COPY Makefile build.go package.json ./
 COPY .bingo .bingo
 COPY pkg pkg/
-COPY cue cue/
 COPY cue.mod cue.mod/
 COPY packages/grafana-schema packages/grafana-schema/
 COPY public/app/plugins public/app/plugins/

LICENSING.md

@@ -17,6 +17,8 @@ packages/grafana-toolkit/
 packages/grafana-ui/
 packages/jaeger-ui-components/
 packaging/
+pkg/coremodel/
+pkg/framework/coremodel/
 grafana-mixin/
 cue/
 ```

Makefile

@@ -50,7 +50,7 @@ $(SPEC_TARGET): $(API_DEFINITION_FILES) ## Generate API spec
 	-x "github.com/prometheus/alertmanager" \
 	-i /grafana/pkg/api/docs/tags.json
 
-swagger-api-spec: gen-go $(SPEC_TARGET) $(MERGED_SPEC_TARGET)
+swagger-api-spec: gen-go $(SPEC_TARGET) $(MERGED_SPEC_TARGET) validate-api-spec
 
 $(NGALERT_SPEC_TARGET):
 	+$(MAKE) -C pkg/services/ngalert/api/tooling api.json
@@ -67,7 +67,7 @@ ensure_go-swagger_mac:
 	-x "github.com/prometheus/alertmanager" \
 	-i pkg/api/docs/tags.json
 
-swagger-api-spec-mac: gen-go --swagger-api-spec-mac $(MERGED_SPEC_TARGET)
+swagger-api-spec-mac: gen-go --swagger-api-spec-mac $(MERGED_SPEC_TARGET) validate-api-spec
 
 validate-api-spec: $(MERGED_SPEC_TARGET) ## Validate API spec
 	docker run --rm -it \

conf/defaults.ini

@@ -125,7 +125,7 @@ path = grafana.db
 # For "sqlite3" only. cache mode setting used for connecting to the database
 cache_mode = private
 
-# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 locking_attempt_timeout_sec = 0
 
 #################################### Cache server #############################
@@ -305,7 +305,7 @@ content_security_policy = false
 # $ROOT_PATH is server.root_url without the protocol.
 content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
 
-# Controls if old angular plugins are supported or not. This will be disabled by default in Grafana v9.
+# Controls if old angular plugins are supported or not. This will be disabled by default in future release
 angular_support_enabled = true
 
 [security.encryption]
@@ -477,6 +477,8 @@ token_url = https://gitlab.com/oauth/token
 api_url = https://gitlab.com/api/v4
 allowed_domains =
 allowed_groups =
+role_attribute_path =
+role_attribute_strict = false
 
 #################################### Google Auth #########################
 [auth.google]
@@ -582,8 +584,6 @@ enabled = false
 header_name = X-WEBAUTH-USER
 header_property = username
 auto_sign_up = true
-# Deprecated, use sync_ttl instead
-ldap_sync_ttl = 60
 sync_ttl = 60
 whitelist =
 headers =
@@ -842,9 +842,9 @@ max_attempts = 3
 min_interval = 10s
 
 [unified_alerting.screenshots]
-# Enable screenshots in notifications. This option requires a remote HTTP image rendering service. Please
-# see [rendering] for further configuration options.
-enabled =
+# Enable screenshots in notifications. This option requires the Grafana Image Renderer plugin.
+# For more information on configuration options, refer to [rendering].
+capture = false
 
 # The maximum number of screenshots that can be taken at the same time. This option is different from
 # concurrent_render_request_limit as max_concurrent_screenshots sets the number of concurrent screenshots
@@ -972,6 +972,7 @@ url = https://grafana.com
 url = https://grafana.com
 
 #################################### Distributed tracing ############
+# Opentracing is deprecated use opentelemetry instead
 [tracing.jaeger]
 # jaeger destination (ex localhost:6831)
 address =
@@ -1051,6 +1052,8 @@ container_name =
 server_url =
 # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
 callback_url =
+# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
+renderer_token = -
 # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
 # which this setting can help protect against by only allowing a certain amount of concurrent requests.
 concurrent_render_request_limit = 30
@@ -1174,9 +1177,6 @@ promQueryBuilder = true
 # The new loki visual query builder
 lokiQueryBuilder = true
 
-# InfluxDB backend migration
-influxdbBackendMigration = true
-
 # Experimental Explore to Dashboard workflow
 explore2Dashboard = true
 
@@ -1186,9 +1186,6 @@ commandPalette = true
 # Use dynamic labels in CloudWatch datasource
 cloudWatchDynamicLabels = true
 
-# New expandable navigation
-newNavigation = true
-
 # feature1 = true
 # feature2 = false
 

conf/provisioning/datasources/sample.yaml

@@ -19,8 +19,6 @@ apiVersion: 1
 #   orgId: 1
 #   # <string> url
 #   url: http://localhost:8080
-#   # <string> database password, if used
-#   password:
 #   # <string> database user, if used
 #   user:
 #   # <string> database name, if used
@@ -29,8 +27,6 @@ apiVersion: 1
 #   basicAuth:
 #   # <string> basic auth username
 #   basicAuthUser:
-#   # <string> basic auth password
-#   basicAuthPassword:
 #   # <bool> enable/disable with credentials headers
 #   withCredentials:
 #   # <bool> mark as default datasource. Max one per org

conf/sample.ini

@@ -126,7 +126,7 @@
 # For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared)
 ;cache_mode = private
 
-# For "mysql" only if lockingMigration feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
+# For "mysql" only if migrationLocking feature toggle is set. How many seconds to wait before failing to lock the database for the migrations, default is 0.
 ;locking_attempt_timeout_sec = 0
 
 ################################### Data sources #########################
@@ -305,7 +305,7 @@
 # $ROOT_PATH is server.root_url without the protocol.
 ;content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""
 
-# Controls if old angular plugins are supported or not. This will be disabled by default in Grafana v9.
+# Controls if old angular plugins are supported or not. This will be disabled by default in future release
 ;angular_support_enabled = true
 
 [security.encryption]
@@ -937,6 +937,7 @@
 ;url = https://grafana.com
 
 #################################### Distributed tracing ############
+# Opentracing is deprecated use opentelemetry instead
 [tracing.jaeger]
 # Enable by setting the address sending traces to jaeger (ex localhost:6831)
 ;address = localhost:6831
@@ -1013,6 +1014,8 @@
 ;server_url =
 # If the remote HTTP image renderer service runs on a different server than the Grafana server you may have to configure this to a URL where Grafana is reachable, e.g. http://grafana.domain/.
 ;callback_url =
+# An auth token that will be sent to and verified by the renderer. The renderer will deny any request without an auth token matching the one configured on the renderer side.
+;renderer_token = -
 # Concurrent render request limit affects when the /render HTTP endpoint is used. Rendering many images at the same time can overload the server,
 # which this setting can help protect against by only allowing a certain amount of concurrent requests.
 ;concurrent_render_request_limit = 30

contribute/create-pull-request.md

@@ -117,11 +117,14 @@ If you're unsure, see the existing [changelog](https://github.com/grafana/grafan
 
 ### Pull request titles
 
+The pull request title should be formatted according to `<Area>: <Summary>` (Both "Area" and "Summary" should start with a capital letter).
+
 The Grafana team _squashes_ all commits into one when we accept a pull request. The title of the pull request becomes the subject line of the squashed commit message. We still encourage contributors to write informative commit messages, as they becomes a part of the Git commit body.
 
 We use the pull request title when we generate change logs for releases. As such, we strive to make the title as informative as possible.
 
-Make sure that the title for your pull request uses the same format as the subject line in the commit message.
+**Example:**
+`Docs: Change url to URL in all documentation files`
 
 ## Configuration changes
 

contribute/developer-guide.md

@@ -136,17 +136,23 @@ Running the backend tests on Windows currently needs some tweaking, so use the b
 go run build.go test
 ```
 
-### Run PostgreSQL and MySQL integration tests
+### Run SQLLite, PostgreSQL and MySQL integration tests
 
-To run PostgreSQL and MySQL integration tests locally, you need to start the docker blocks for MySQL and/or PostgreSQL test data sources by running `make devenv sources=mysql_tests,postgres_tests`. When your test data sources are running, you can execute integration tests by running:
+By default, Grafana runs SQLite to run tests with SQLite.
 
+```bash
+go test -covermode=atomic -tags=integration ./pkg/...
 ```
+
+To run PostgreSQL and MySQL integration tests locally, start the Docker blocks for MySQL and/or PostgreSQL test data sources by running `make devenv sources=mysql_tests,postgres_tests`. When your test data sources are running, you can execute integration tests by running:
+
+```bash
 GRAFANA_TEST_DB=mysql go test -covermode=atomic -tags=integration ./pkg/...
 ```
 
 and/or
 
-```
+```bash
 GRAFANA_TEST_DB=postgres go test -covermode=atomic -tags=integration ./pkg/...
 ```
 

contribute/localization.md

@@ -191,4 +191,4 @@ import { Plural } from "@lingui/macro"
 
 ## Documentation
 
-[Grafana's documentation](https://grafana.com/docs/grafana/latest/) is not yet open for translation and should be authored in English only.
+[Grafana's documentation](https://grafana.com/docs/grafana/latest/) is not yet open for translation and should be authored in American English only.

contribute/merge-pull-request.md

@@ -27,10 +27,15 @@ Before you can merge a pull request, it must have a review approval, and all the
 
 ### Format the pull request title
 
-The pull request title should be formatted according to `<Area>: <Summary>`. Keep the summary short and understandable for the community as a whole.
+The pull request title should be formatted according to `<Area>: <Summary>` (Both "Area" and "Summary" should start with a capital letter).
+
+Keep the summary short and understandable for the community as a whole.
 
 All commits in a pull request are squashed when merged and the pull request title will be the default subject line of the squashed commit message. It's also used for [changelog/release notes](#include-in-changelog-and-release-notes).
 
+**Example:**
+`Docs: Change url to URL in all documentation files`
+
 See [formatting guidelines](create-pull-request.md#formatting-guidelines) for more information.
 
 ### Assign a milestone

devenv/dev-dashboards/e2e-repeats/Repeating-a-row-with-a-non-repeating-panel-and-horizontal-repeating-panel.json

@@ -36,7 +36,7 @@
       "id": 2,
       "panels": [],
       "repeat": "row",
-      "title": "Row title $row",
+      "title": "Row $row",
       "type": "row"
     },
     {
@@ -111,7 +111,7 @@
           "sort": "none"
         }
       },
-      "title": "Panel Title",
+      "title": "Row $row non-repeating panel",
       "type": "timeseries"
     },
     {
@@ -188,7 +188,7 @@
       },
       "repeat": "horizontal",
       "repeatDirection": "h",
-      "title": "Horizontal repeating $horizontal",
+      "title": "Row $row repeating panel $horizontal",
       "type": "timeseries"
     }
   ],

devenv/dev-dashboards/feature-templating/global-variables-and-interpolation.json

@@ -34,7 +34,7 @@
       },
       "id": 11,
       "options": {
-        "content": "## Global variables\n\n* `__dashboard` = `${__dashboard}`\n* `__dashboard.name` = `${__dashboard.name}`\n* `__dashboard.uid` = `${__dashboard.uid}`\n* `__org.name` = `${__org.name}`\n* `__org.id` = `${__org.id}`\n* `__user.id` = `${__user.id}`\n* `__user.login` = `${__user.login}`\n* `__user.email` = `${__user.email}`\n         \n## Formats\n\n* `Server:raw` = `${Server:raw}`\n* `Server:regex` = `${Server:regex}`\n* `Server:lucene` = `${Server:lucene}`\n* `Server:glob` = `${Server:glob}`\n* `Server:pipe` = `${Server:pipe}`\n* `Server:distributed` = `${Server:distributed}`\n* `Server:csv` = `${Server:csv}`\n* `Server:html` = `${Server:html}`\n* `Server:json` = `${Server:json}`\n* `Server:percentencode` = `${Server:percentencode}`\n* `Server:singlequote` = `${Server:singlequote}`\n* `Server:doublequote` = `${Server:doublequote}`\n* `Server:sqlstring` = `${Server:sqlstring}`\n* `Server:date` = `${Server:date}`\n* `Server:text` = `${Server:text}`\n* `Server:queryparam` = `${Server:queryparam}`\n\n",
+        "content": "## Global variables\n\n* `__dashboard` = `${__dashboard}`\n* `__dashboard.name` = `${__dashboard.name}`\n* `__dashboard.uid` = `${__dashboard.uid}`\n* `__org.name` = `${__org.name}`\n* `__org.id` = `${__org.id}`\n* `__user.id` = `${__user.id}`\n* `__user.login` = `${__user.login}`\n* `__user.email` = `${__user.email}`\n         \n## Formats\n\n* `Server:raw` = `${Server:raw}`\n* `Server:regex` = `${Server:regex}`\n* `Server:lucene` = `${Server:lucene}`\n* `Server:glob` = `${Server:glob}`\n* `Server:pipe` = `${Server:pipe}`\n* `Server:distributed` = `${Server:distributed}`\n* `Server:csv` = `${Server:csv}`\n* `Server:html` = `${Server:html}`\n* `Server:json` = `${Server:json}`\n* `Server:percentencode` = `${Server:percentencode}`\n* `Server:singlequote` = `${Server:singlequote}`\n* `Server:doublequote` = `${Server:doublequote}`\n* `Server:sqlstring` = `${Server:sqlstring}`\n* `Server:date` = `${Server:date}`\n* `Server:text` = `${Server:text}`\n* `Server:queryparam` = `${Server:queryparam}`\n\n## Sanitization\n\n * `1 < 2`\n\n## Link interpolation\n\n* [Example: ${__url_time_range}](https://example.com/?${__url_time_range})",
         "mode": "markdown"
       },
       "pluginVersion": "7.1.0",

devenv/dev-dashboards/panel-graph/graph-ng-stacking2.json

@@ -3382,6 +3382,89 @@
       ],
       "title": "'undefined' join artifacts (lines)",
       "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "testdata",
+        "uid": "PD8C576611E62080A"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "axisSoftMin": 0,
+            "fillOpacity": 80,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineWidth": 1,
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 9,
+        "w": 12,
+        "x": 0,
+        "y": 65
+      },
+      "id": 39,
+      "options": {
+        "barRadius": 0,
+        "barWidth": 0.97,
+        "groupWidth": 0.7,
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "orientation": "auto",
+        "showValue": "auto",
+        "stacking": "percent",
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        },
+        "xTickLabelRotation": 0,
+        "xTickLabelSpacing": 0
+      },
+      "pluginVersion": "9.1.0-pre",
+      "targets": [
+        {
+          "csvContent": "name, number, number2, number3, number4\nName1, 40, 5, 20, 10\nName2, 0,0,0,0\nName3, 6, 3, 5, 1\nName4, 1, 1, 1, 2",
+          "datasource": {
+            "type": "testdata",
+            "uid": "PD8C576611E62080A"
+          },
+          "refId": "A",
+          "scenarioId": "csv_content"
+        }
+      ],
+      "title": "Bar chart stack with 0 only series",
+      "type": "barchart"
     }
   ],
   "refresh": false,
@@ -3405,4 +3488,4 @@
   "uid": "1KxMUdE7k",
   "version": 5,
   "weekStart": ""
-}
+}

devenv/dev-dashboards/panel-heatmap/heatmap-calculate-log.json

@@ -0,0 +1,553 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "target": {
+          "limit": 100,
+          "matchAny": false,
+          "tags": [],
+          "type": "dashboard"
+        },
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 1,
+  "links": [],
+  "liveNow": false,
+  "panels": [
+    {
+      "datasource": {
+        "type": "testdata",
+        "uid": "PD8C576611E62080A"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "drawStyle": "points",
+            "fillOpacity": 0,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "lineInterpolation": "linear",
+            "lineWidth": 1,
+            "pointSize": 2,
+            "scaleDistribution": {
+              "log": 2,
+              "type": "log"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "none"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 8,
+        "x": 0,
+        "y": 0
+      },
+      "id": 3,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom"
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "9.0.0-pre",
+      "targets": [
+        {
+          "datasource": {
+            "type": "testdata",
+            "uid": "PD8C576611E62080A"
+          },
+          "max": 500000,
+          "min": 0.01,
+          "refId": "A",
+          "scenarioId": "random_walk",
+          "seriesCount": 2,
+          "spread": 1000,
+          "startValue": 0.01
+        }
+      ],
+      "title": "Time series",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "-- Dashboard --"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 8,
+        "x": 8,
+        "y": 0
+      },
+      "id": 6,
+      "options": {
+        "bucket": {
+          "layout": "auto"
+        },
+        "calculate": true,
+        "calculation": {
+          "yBuckets": {
+            "scale": {
+              "log": 2,
+              "type": "log"
+            }
+          }
+        },
+        "cellGap": 1,
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "scale": "exponential",
+          "scheme": "Spectral",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "mode": "calculate",
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        },
+        "yAxisLabels": "auto",
+        "yAxisReverse": false
+      },
+      "pluginVersion": "9.0.0-pre",
+      "targets": [
+        {
+          "datasource": {
+            "type": "datasource",
+            "uid": "-- Dashboard --"
+          },
+          "panelId": 3,
+          "refId": "A"
+        }
+      ],
+      "title": "log2",
+      "type": "heatmap-new"
+    },
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "-- Dashboard --"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 8,
+        "x": 16,
+        "y": 0
+      },
+      "id": 7,
+      "options": {
+        "bucket": {
+          "layout": "auto"
+        },
+        "calculate": true,
+        "calculation": {
+          "yBuckets": {
+            "scale": {
+              "log": 2,
+              "type": "log"
+            },
+            "value": "2"
+          }
+        },
+        "cellGap": 1,
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "scale": "exponential",
+          "scheme": "Spectral",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "mode": "calculate",
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        },
+        "yAxisLabels": "auto",
+        "yAxisReverse": false
+      },
+      "pluginVersion": "9.0.0-pre",
+      "targets": [
+        {
+          "datasource": {
+            "type": "datasource",
+            "uid": "-- Dashboard --"
+          },
+          "panelId": 3,
+          "refId": "A"
+        }
+      ],
+      "title": "log2 split 2",
+      "type": "heatmap-new"
+    },
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "-- Dashboard --"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 8,
+        "x": 0,
+        "y": 14
+      },
+      "id": 4,
+      "options": {
+        "bucket": {
+          "layout": "auto"
+        },
+        "calculate": true,
+        "cellGap": 1,
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "scale": "exponential",
+          "scheme": "Spectral",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "mode": "calculate",
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        },
+        "yAxisLabels": "auto",
+        "yAxisReverse": false
+      },
+      "pluginVersion": "9.0.0-pre",
+      "targets": [
+        {
+          "datasource": {
+            "type": "datasource",
+            "uid": "-- Dashboard --"
+          },
+          "panelId": 3,
+          "refId": "A"
+        }
+      ],
+      "title": "linear",
+      "type": "heatmap-new"
+    },
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "-- Dashboard --"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 8,
+        "x": 8,
+        "y": 14
+      },
+      "id": 5,
+      "options": {
+        "bucket": {
+          "layout": "auto"
+        },
+        "calculate": true,
+        "calculation": {
+          "yBuckets": {
+            "scale": {
+              "log": 10,
+              "type": "log"
+            }
+          }
+        },
+        "cellGap": 1,
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "scale": "exponential",
+          "scheme": "Spectral",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "mode": "calculate",
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        },
+        "yAxisLabels": "auto",
+        "yAxisReverse": false
+      },
+      "pluginVersion": "9.0.0-pre",
+      "targets": [
+        {
+          "datasource": {
+            "type": "datasource",
+            "uid": "-- Dashboard --"
+          },
+          "panelId": 3,
+          "refId": "A"
+        }
+      ],
+      "title": "log10",
+      "type": "heatmap-new"
+    },
+    {
+      "datasource": {
+        "type": "datasource",
+        "uid": "-- Dashboard --"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "scaleDistribution": {
+              "type": "linear"
+            }
+          }
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 14,
+        "w": 8,
+        "x": 16,
+        "y": 14
+      },
+      "id": 8,
+      "options": {
+        "bucket": {
+          "layout": "auto"
+        },
+        "calculate": true,
+        "calculation": {
+          "yBuckets": {
+            "scale": {
+              "log": 10,
+              "type": "log"
+            },
+            "value": "2"
+          }
+        },
+        "cellGap": 1,
+        "color": {
+          "exponent": 0.5,
+          "fill": "dark-orange",
+          "mode": "scheme",
+          "scale": "exponential",
+          "scheme": "Spectral",
+          "steps": 64
+        },
+        "exemplars": {
+          "color": "rgba(255,0,255,0.7)"
+        },
+        "filterValues": {
+          "le": 1e-9
+        },
+        "legend": {
+          "show": true
+        },
+        "mode": "calculate",
+        "tooltip": {
+          "show": true,
+          "yHistogram": false
+        },
+        "yAxis": {
+          "axisPlacement": "left",
+          "reverse": false
+        },
+        "yAxisLabels": "auto",
+        "yAxisReverse": false
+      },
+      "pluginVersion": "9.0.0-pre",
+      "targets": [
+        {
+          "datasource": {
+            "type": "datasource",
+            "uid": "-- Dashboard --"
+          },
+          "panelId": 3,
+          "refId": "A"
+        }
+      ],
+      "title": "log10 split 2",
+      "type": "heatmap-new"
+    }
+  ],
+  "schemaVersion": 36,
+  "style": "dark",
+  "tags": ["gdev", "panel-tests", "graph-ng"],
+  "templating": {
+    "list": []
+  },
+  "time": {
+    "from": "now-6h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "",
+  "title": "Heatmap calculate (log)",
+  "uid": "ZXYQTA97ZZ",
+  "version": 1,
+  "weekStart": ""
+}

devenv/docker/blocks/influxdb/config.yaml

@@ -1 +0,0 @@
-http-bind-address: :8086

devenv/docker/blocks/influxdb/docker-compose.yaml

@@ -5,6 +5,7 @@
       - '8086:8086'
     environment:
       INFLUXD_REPORTING_DISABLED: 'true'
+      INFLUXD_HTTP_BIND_ADDRESS: ':8086'
       DOCKER_INFLUXDB_INIT_MODE: 'setup'
       DOCKER_INFLUXDB_INIT_USERNAME: 'grafana'
       DOCKER_INFLUXDB_INIT_PASSWORD: 'grafana12345'
@@ -12,7 +13,6 @@
       DOCKER_INFLUXDB_INIT_BUCKET: 'mybucket'
       DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: 'mytoken'
     volumes:
-      - ./docker/blocks/influxdb/config.yaml:/etc/influxdb2/config.yaml
       - ./docker/blocks/influxdb/setup_influxql.sh:/docker-entrypoint-initdb.d/setup_influxql.sh
 
   telegraf:

devenv/docker/loadtest/annotations_by_tag_test.js

@@ -57,7 +57,7 @@ export default (data) => {
         requests.push({ method: 'GET', url: '/api/annotations?from=1580825186534&to=1580846786535' });
 
         for (let n = 0; n < batchCount; n++) {
-          requests.push({ method: 'POST', url: '/api/tsdb/query', body: payload });
+          requests.push({ method: 'POST', url: '/api/ds/query', body: payload });
         }
 
         let responses = client.batch(requests);

devenv/docker/loadtest/auth_key_test.js

@@ -62,7 +62,7 @@ export default (data) => {
         requests.push({ method: 'GET', url: '/api/annotations?dashboardId=2074&from=1548078832772&to=1548082432772' });
 
         for (let n = 0; n < batchCount; n++) {
-          requests.push({ method: 'POST', url: '/api/tsdb/query', body: payload });
+          requests.push({ method: 'POST', url: '/api/ds/query', body: payload });
         }
 
         let responses = client.batch(requests);

devenv/docker/loadtest/auth_token_slow_test.js

@@ -59,7 +59,7 @@ export default (data) => {
         requests.push({ method: 'GET', url: '/api/annotations?dashboardId=2074&from=1548078832772&to=1548082432772' });
 
         for (let n = 0; n < batchCount; n++) {
-          requests.push({ method: 'POST', url: '/api/tsdb/query', body: payload });
+          requests.push({ method: 'POST', url: '/api/ds/query', body: payload });
         }
 
         let responses = client.batch(requests);

devenv/docker/loadtest/auth_token_test.js

@@ -58,7 +58,7 @@ export default (data) => {
         requests.push({ method: 'GET', url: '/api/annotations?dashboardId=2074&from=1548078832772&to=1548082432772' });
 
         for (let n = 0; n < batchCount; n++) {
-          requests.push({ method: 'POST', url: '/api/tsdb/query', body: payload });
+          requests.push({ method: 'POST', url: '/api/ds/query', body: payload });
         }
 
         let responses = client.batch(requests);

docs/sources/_index.md

@@ -1,31 +1,38 @@
-+++
-aliases = ["/docs/grafana/latest/", "/docs/grafana/latest/guides/reference/admin/", "/docs/grafana/v1.1/", "/docs/grafana/v3.1/"]
-description = "Guides, Installation and Feature Documentation"
-keywords = ["grafana", "installation", "documentation"]
-title = "Grafana documentation"
-+++
+---
+aliases:
+  - /docs/grafana/latest/
+  - /docs/grafana/latest/guides/reference/admin/
+  - /docs/grafana/v1.1/
+  - /docs/grafana/v3.1/
+description: Guides, Installation and Feature Documentation
+keywords:
+  - grafana
+  - installation
+  - documentation
+title: Grafana documentation
+---
 
 # Grafana documentation
 
 ## Installing Grafana
 
 <div class="nav-cards">
-    <a href="{{< relref "installation/debian.md" >}}" class="nav-cards__item nav-cards__item--install">
+    <a href="{{< relref "setup-grafana/installation/debian/" >}}" class="nav-cards__item nav-cards__item--install">
         <div class="nav-cards__icon fa fa-linux">
         </div>
         <h5>Install on Linux</h5>
     </a>
-    <a href="{{< relref "installation/mac.md" >}}" class="nav-cards__item nav-cards__item--install">
+    <a href="{{< relref "setup-grafana/installation/mac/" >}}" class="nav-cards__item nav-cards__item--install">
         <div class="nav-cards__icon fa fa-apple">
         </div>
         <h5>Install on macOS</h5>
     </a>
-    <a href="{{< relref "installation/windows.md" >}}" class="nav-cards__item nav-cards__item--install">
+    <a href="{{< relref "setup-grafana/installation/windows/" >}}" class="nav-cards__item nav-cards__item--install">
         <div class="nav-cards__icon fa fa-windows">
         </div>
         <h5>Install on Windows</h5>
     </a>
-    <a href="{{< relref "installation/docker.md" >}}" class="nav-cards__item nav-cards__item--install">
+    <a href="{{< relref "setup-grafana/installation/docker/" >}}" class="nav-cards__item nav-cards__item--install">
         <img src="/static/img/logos/logo-docker.svg">
         <h5>Run Docker image</h5>
     </a>
@@ -44,28 +51,28 @@ title = "Grafana documentation"
 ## Guides
 
 <div class="nav-cards">
-    <a href="{{< relref "getting-started/getting-started.md" >}}" class="nav-cards__item nav-cards__item--guide">
+    <a href="{{< relref "getting-started/build-first-dashboard/" >}}" class="nav-cards__item nav-cards__item--guide">
         <h4>Getting started</h4>
         <p>Learn the basics of using Grafana.</p>
     </a>
-    <a href="{{< relref "basics/_index.md" >}}" class="nav-cards__item nav-cards__item--guide">
+    <a href="{{< relref "basics/" >}}" class="nav-cards__item nav-cards__item--guide">
         <h4>Grafana basics</h4>
         <p>Learn basic observability.</p>
     </a>
-    <a href="{{< relref "administration/configuration.md" >}}" class="nav-cards__item nav-cards__item--guide">
+    <a href="{{< relref "setup-grafana/configure-grafana/" >}}" class="nav-cards__item nav-cards__item--guide">
         <h4>Configure Grafana</h4>
         <p>Review the configuration and setup options.</p>
     </a>
-    <a href="{{< relref "basics/timeseries.md" >}}" class="nav-cards__item nav-cards__item--guide">
+    <a href="{{< relref "basics/timeseries/" >}}" class="nav-cards__item nav-cards__item--guide">
         <h4>Intro to time series</h4>
         <p>Learn about time series data.</p>
     </a>
-    <a href="{{< relref "administration/provisioning.md" >}}" class="nav-cards__item nav-cards__item--guide">
+    <a href="{{< relref "administration/provisioning/" >}}" class="nav-cards__item nav-cards__item--guide">
         <h4>Provisioning</h4>
         <p>Learn how to automate your Grafana configuration.</p>
     </a>
-    <a href="{{< relref "whatsnew/whats-new-in-v8-0.md" >}}" class="nav-cards__item nav-cards__item--guide">
-        <h4>What's new in v8.0</h4>
+    <a href="{{< relref "whatsnew/whats-new-in-v9-0/" >}}" class="nav-cards__item nav-cards__item--guide">
+        <h4>What's new in v9.0</h4>
         <p>Explore the features and enhancements in the latest release.</p>
     </a>
 
@@ -74,51 +81,51 @@ title = "Grafana documentation"
 ## Data source guides
 
 <div class="nav-cards">
-    <a href="{{< relref "datasources/graphite.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/graphite/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_graphite.svg" >
       <h5>Graphite</h5>
     </a>
-    <a href="{{< relref "datasources/elasticsearch.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/elasticsearch/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_elasticsearch.svg" >
       <h5>Elasticsearch</h5>
     </a>
-    <a href="{{< relref "datasources/influxdb/_index.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/influxdb/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_influxdb.svg" >
       <h5>InfluxDB</h5>
     </a>
-    <a href="{{< relref "datasources/prometheus.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/prometheus/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_prometheus.svg" >
       <h5>Prometheus</h5>
     </a>
-    <a href="{{< relref "datasources/google-cloud-monitoring/_index.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/google-cloud-monitoring/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_cloudmonitoring.svg">
       <h5>Google Cloud Monitoring</h5>
     </a>
-    <a href="{{< relref "datasources/aws-cloudwatch/_index.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/aws-cloudwatch/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_cloudwatch.svg">
       <h5>AWS CloudWatch</h5>
     </a>
-    <a href="{{< relref "datasources/azuremonitor/_index.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/azuremonitor/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_azure_monitor.jpg">
       <h5>Azure Monitor</h5>
     </a>
-    <a href="{{< relref "datasources/loki.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/loki/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_loki.svg">
       <h5>Loki</h5>
     </a>
-    <a href="{{< relref "datasources/mysql.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/mysql/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_mysql.png" >
       <h5>MySQL</h5>
     </a>
-    <a href="{{< relref "datasources/postgres.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/postgres/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_postgres.svg" >
       <h5>Postgres</h5>
     </a>
-    <a href="{{< relref "datasources/mssql.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/mssql/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/sql_server_logo.svg">
       <h5>Microsoft SQL Server</h5>
     </a>
-    <a href="{{< relref "datasources/opentsdb.md" >}}" class="nav-cards__item nav-cards__item--ds">
+    <a href="{{< relref "datasources/opentsdb/" >}}" class="nav-cards__item nav-cards__item--ds">
       <img src="/static/img/docs/logos/icon_opentsdb.png" >
       <h5>OpenTSDB</h5>
     </a>

docs/sources/administration/_index.md

@@ -1,17 +1,13 @@
-+++
-aliases = ["/docs/grafana/latest/administration/"]
-description = "Administration"
-title = "Administration"
-weight = 40
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/
+description: Administration
+title: Administration
+weight: 40
+---
 
 # Administration
 
 This section includes information for Grafana administrators, team administrators, and users performing administrative tasks:
 
-- [Change Preferences]({{< relref "preferences" >}})
-- [Configuration]({{< relref "configuration" >}})
-- [Configure Docker image]({{< relref "configure-docker" >}})
-- [Security]({{< relref "security" >}})
-- [Database encryption]({{< relref "database-encryption" >}})
-- [Service accounts]({{< relref "service-accounts" >}})
+{{< section >}}

docs/sources/administration/api-keys/_index.md

@@ -1,19 +1,46 @@
 ---
 aliases:
+  - /docs/grafana/latest/administration/api-keys/about-api-keys/
   - /docs/grafana/latest/administration/api-keys/
+  - /docs/grafana/latest/administration/api-keys/create-api-key/
 description: This section contains information about API keys in Grafana
 keywords:
   - API keys
   - Service accounts
 menuTitle: API keys
-title: API keys in Grafana
-weight: 300
+title: API keys
+weight: 700
 ---
 
-# API keys in Grafana
+# API keys
 
-API Keys can be used to interact with Grafana HTTP APIs.
+An API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
 
-We recommend using service accounts instead of API keys if you are on Grafana 8.5+, for more information refer to [About service accounts]({{< relref "../service-accounts/about-service-accounts.md#" >}}).
+When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources.
+
+> **Note:** If you use Grafana v8.5 or newer, use service accounts instead of API keys. For more information, refer to [Service accounts]({{< relref "../service-accounts/" >}}).
 
 {{< section >}}
+
+## Create an API key
+
+Create an API key when you want to manage your computed workload with a user.
+
+This topic shows you how to create an API key using the Grafana UI. You can also create an API key using the Grafana HTTP API. For more information about creating API keys via the API, refer to [Create API key via API]({{< relref "../../developers/http_api/create-api-tokens-for-org/#how-to-create-a-new-organization-and-an-api-token" >}}).
+
+### Before you begin:
+
+- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+**To create an API key:**
+
+1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
+1. Click **New API key**.
+1. Enter a unique name for the key.
+1. In the **Role** field, select one of the following access levels you want to assign to the key.
+   - **Admin**: Enables a user to use APIs at the broadest, most powerful administrative level.
+   - **Editor** or **Viewer** to limit the key's users to those levels of power.
+1. In the **Time to live** field, specify how long you want the key to be valid.
+   - The maximum length of time is 30 days (one month). You enter a number and a letter. Valid letters include `s` for seconds,`m` for minutes, `h` for hours, `d `for days, `w` for weeks, and `M `for month. For example, `12h` is 12 hours and `1M` is 1 month (30 days).
+   - If you are unsure about how long an API key should be valid, we recommend that you choose a short duration, such as a few hours. This approach limits the risk of having API keys that are valid for a long time.
+1. Click **Add**.

docs/sources/administration/api-keys/about-api-keys.md

@@ -1,14 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/administration/api-keys/about-api-keys/
-description: Learn about using API keys in Grafana
-menuTitle: About API keys
-title: About API keys in Grafana
-weight: 30
----
-
-# About API keys in Grafana
-
-An API key is a randomly generated string that external systems use to interact with Grafana HTTP APIs.
-
-When you create an API key, you specify a **Role** that determines the permissions associated with the API key. Role permissions control that actions the API key can perform on Grafana resources. For more information about creating API keys, refer to [Create an API key]({{< relref "./create-api-key.md#" >}}).

docs/sources/administration/api-keys/create-api-key.md

@@ -1,36 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/administration/api-keys/create-api-key/
-description: How to create an API key in Grafana
-keywords:
-  - API keys
-  - Service accounts
-menuTitle: Create an API key
-title: Create an API key in Grafana
-weight: 50
----
-
-# Create an API key in Grafana
-
-Create an API key when you want to manage your computed workload with a user.
-
-For more information about API keys, refer to [About API keys in Grafana]({{< relref "./about-api-keys.md" >}}).
-
-This topic shows you how to create an API key using the Grafana UI. You can also create an API key using the Grafana HTTP API. For more information about creating API keys via the API, refer to [Create API key via API]({{< relref "../../developers/http_api/create-api-tokens-for-org.md#how-to-create-a-new-organization-and-an-api-token" >}}).
-
-## Before you begin:
-
-- Ensure you have permission to create and edit API keys. For more information about permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#" >}}).
-
-**To create an API key:**
-
-1. Sign in to Grafana, hover your cursor over **Configuration** (the gear icon), and click **API Keys**.
-1. Click **New API key**.
-1. Enter a unique name for the key.
-1. In the **Role** field, select one of the following access levels you want to assign to the key.
-   - **Admin**: Enables a user to use APIs at the broadest, most powerful administrative level.
-   - **Editor** or **Viewer** to limit the key's users to those levels of power.
-1. In the **Time to live** field, specify how long you want the key to be valid.
-   - The maximum length of time is 30 days (one month). You enter a number and a letter. Valid letters include `s` for seconds,`m` for minutes, `h` for hours, `d `for days, `w` for weeks, and `M `for month. For example, `12h` is 12 hours and `1M` is 1 month (30 days).
-   - If you are unsure about how long an API key should be valid, we recommend that you choose a short duration, such as a few hours. This approach limits the risk of having API keys that are valid for a long time.
-1. Click **Add**.

docs/sources/administration/data-source-management/_index.md

@@ -0,0 +1,99 @@
+---
+aliases:
+  - /docs/grafana/latest/datasources/add-a-data-source/
+  - /docs/grafana/latest/features/datasources/add-a-data-source/
+  - /docs/grafana/latest/enterprise/datasource_permissions/
+  - /docs/sources/permissions/datasource_permissions/
+title: Data source management
+description: Data source management information for Grafana administrators
+weight: 100
+---
+
+# Data source management
+
+Grafana supports many different storage backends for your time series data (data source). Refer to [data sources]({{< relref "../../datasources/" >}}) for more information about using data sources in Grafana. Only users with the organization admin role can add data sources.
+
+## Add a data source
+
+Before you can create your first dashboard, you need to add your data source.
+
+> **Note:** Only users with the organization Admin role can add data sources.
+
+To add a data source:
+
+1. Move your cursor to the cog icon on the side menu which will show the configuration options.
+
+   {{< figure src="/static/img/docs/v75/sidemenu-datasource-7-5.png" max-width="150px" class="docs-image--no-shadow">}}
+
+1. Click on **Data sources**. The data sources page opens showing a list of previously configured data sources for the Grafana instance.
+
+1. Click **Add data source** to see a list of all supported data sources.
+
+   {{< figure src="/static/img/docs/v75/add-data-source-7-5.png" max-width="600px" class="docs-image--no-shadow">}}
+
+1. Search for a specific data source by entering the name in the search dialog. Or you can scroll through supported data sources grouped into time series, logging, tracing and other categories.
+
+1. Move the cursor over the data source you want to add.
+
+   {{< figure src="/static/img/docs/v75/select-data-source-7-5.png" max-width="700px" class="docs-image--no-shadow">}}
+
+1. Click **Select**. The data source configuration page opens.
+
+1. Configure the data source following instructions specific to that data source. See [Data sources]({{< relref "../../datasources" >}}) for links to configuration instructions for all supported data sources.
+
+## Data source permissions
+
+Data source permissions allow you to restrict access for users to query a data source. For each data source there is a permission page that allows you to enable permissions and restrict query permissions to specific **Users** and **Teams**.
+
+> **Note:** Available in [Grafana Enterprise]({{< relref "../../enterprise/" >}}) and [Grafana Cloud Pro and Advanced]({{< ref "/grafana-cloud" >}}).
+
+### Enable data source permissions
+
+{{< figure src="/static/img/docs/enterprise/datasource_permissions_enable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/static/img/docs/enterprise/datasource_permissions_enable.gif" >}}
+
+By default, data sources in an organization can be queried by any user in that organization. For example, a user with the `Viewer` role can issue any possible query to a data source, not just
+queries that exist on dashboards they have access to.
+
+When permissions are enabled for a data source in an organization, the user who created the datasource can edit the datasource and in addition, viewers can query the datasource.
+
+**Enable permissions for a data source:**
+
+1. Navigate to **Configuration > Data Sources**.
+1. Select the data source you want to enable permissions for.
+1. On the Permissions tab, click **Enable**.
+
+<div class="clearfix"></div>
+
+> **Caution:** Enabling permissions for the default data source makes users not listed in the permissions unable to invoke queries. Panels using default data source will return `Access denied to data source` error for those users.
+
+### Allow users and teams to query a data source
+
+{{< figure src="/static/img/docs/enterprise/datasource_permissions_add_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/static/img/docs/enterprise/datasource_permissions_add.gif" >}}
+
+After you have enabled permissions for a data source you can assign query permissions to users and teams which will allow access to query the data source.
+
+**Assign query permission to users and teams:**
+
+1. Navigate to **Configuration > Data Sources**.
+1. Select the data source you want to assign query permissions for.
+1. On the Permissions tab, click **Add Permission**.
+1. Select **Team** or **User**.
+1. Select the entity you want to allow query access and then click **Save**.
+
+<div class="clearfix"></div>
+
+### Disable data source permissions
+
+{{< figure src="/static/img/docs/enterprise/datasource_permissions_disable_still.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" animated-gif="/static/img/docs/enterprise/datasource_permissions_disable.gif" >}}
+
+If you have enabled permissions for a data source and want to return data source permissions to the default, then you can disable permissions with a click of a button.
+
+Note that _all_ existing permissions created for the data source will be deleted.
+
+**Disable permissions for a data source:**
+
+1. Navigate to **Configuration > Data Sources**.
+1. Select the data source you want to disable permissions for.
+1. On the Permissions tab, click **Disable Permissions**.
+
+<div class="clearfix"></div>

docs/sources/administration/enterprise-licensing/_index.md

@@ -0,0 +1,245 @@
+---
+aliases:
+  - /docs/grafana/latest/enterprise/license/
+  - /docs/grafana/latest/enterprise/activate-license/
+  - /docs/grafana/latest/enterprise/license/activate-license/
+  - /docs/grafana/latest/enterprise/license-expiration/
+  - /docs/grafana/latest/enterprise/license/license-expiration/
+  - /docs/grafana/latest/enterprise/license-restrictions/
+  - /docs/grafana/latest/enterprise/license/license-restrictions/
+description: Activate and manage a Grafana Enterprise license
+keywords:
+  - grafana
+  - licensing
+  - enterprise
+title: Enterprise licensing
+weight: 500
+---
+
+# Grafana Enterprise license
+
+When you become a Grafana Enterprise customer, you gain access to Grafana's premium observability features, including enterprise data source plugins, reporting, and role-based access control. In order to use these [enhanced features of Grafana Enterprise]({{< relref "../../enterprise/" >}}), you must purchase and activate a Grafana Enterprise license.
+
+To purchase a license directly from Grafana Labs, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise). To activate an Enterprise license purchased from Grafana Labs, refer to [Activate an Enterprise license]({{< ref "#activate-an-enterprise-license" >}}).
+
+You can also purchase a Grafana Enterprise license through the AWS Marketplace. To learn more about activating a license purchased through AWS, refer to [Activate a Grafana Enterprise license purchased through AWS Marketplace]({{< relref "./activate-aws-marketplace-license/" >}}).
+
+{{< section >}}
+
+## Activate an Enterprise license
+
+Follow these steps to activate your Grafana Enterprise license:
+
+### Step 1. Download your license file
+
+To download your Grafana Enterprise license:
+
+1. Sign in to your [Grafana Cloud](https://grafana.com) account.
+1. Go to **My Account** and select an organization from the drop-down menu at the top left of the page. On the Overview page for each organization, you can see a section for Grafana Enterprise licenses. Click **Details** next to a license.
+1. At the bottom of the license details page, select **Download token** to download the `license.jwt` file that contains your license.
+
+### Step 2. Add your license to a Grafana instance
+
+There is more than one way to add the license to a Grafana instance:
+
+#### Upload the license file via the Grafana server administrator page
+
+This is the preferred option for single instance installations of Grafana Enterprise.
+
+1. Sign in as a Grafana server administrator.
+1. Navigate to **Server Admin > Upgrade** within Grafana.
+1. Click **Upload license token file**.
+1. Select your license file, and upload it.
+
+#### Put the `license.jwt` file into the data directory of Grafana
+
+On Linux systems, the data directory is usually at `/var/lib/grafana`.
+
+You can also configure a custom location for the license file using the grafana.ini setting:
+
+```bash
+[enterprise]
+license_path = /company/secrets/license.jwt
+```
+
+This setting can also be set with an environment variable, which is useful if you're running Grafana with Docker and have a custom volume where you have placed the license file. In this case, set the environment variable `GF_ENTERPRISE_LICENSE_PATH` to point to the location of your license file.
+
+#### Set the content of the license file as a configuration option
+
+You can add a license by pasting the content of the `license.jwt`
+to the grafana.ini configuration file:
+
+```bash
+[enterprise]
+license_text = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0aGlzIjoiaXMiLCJub3QiOiJhIiwidmFsaWQiOiJsaWNlbnNlIn0.bxDzxIoJlYMwiEYKYT_l2s42z0Y30tY-6KKoyz9RuLE
+```
+
+This option can be set using the `GF_ENTERPRISE_LICENSE_TEXT`
+environment variable.
+
+### Step 3. Ensure that the license file's root URL matches the root_url configuration option
+
+Update the [`root_url`]({{< relref "../../setup-grafana/configure-grafana/#root-url" >}}) in your configuration. It should be the URL that users type in their browsers to access the frontend, not the node hostname(s).
+
+This is important, because as part of the validation checks at startup, Grafana compares the license URL to the [`root_url`]({{< relref "../../setup-grafana/configure-grafana/#root-url" >}}) in your configuration.
+
+In your configuration file:
+
+```
+[server]
+root_url = https://grafana.example.com/
+```
+
+Or with an environment variable:
+
+```
+GF_SERVER_ROOT_URL=https://grafana.example.com/
+```
+
+### Step 4. Restart Grafana
+
+To finalize the installation of Grafana Enterprise, restart Grafana to enable all Grafana Enterprise features. Refer to [restart Grafana]({{< relref "../../setup-grafana/restart-grafana/" >}}) for more information.
+
+## License expiration
+
+If your license has expired, most of Grafana keeps working as normal. Some enterprise functionality stops or runs with reduced functionality and Grafana displays a banner informing the users that Grafana is running on an expired license. Your Grafana admin needs to upload a new license file to restore full functionality.
+
+> Replace your license as soon as possible. Running Grafana Enterprise with an expired license is unsupported and can lead to unexpected consequences.
+
+### Update your license
+
+1. Locate your current `license.jwt` file. In a standard installation it is stored inside the Grafana data directory, which on a typical Linux installation is in `/var/lib/grafana/data`. This location might be overridden in the ini file [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}).
+
+   ```ini
+   [enterprise]
+   license_path = /path/to/your/license.jwt
+   ```
+
+   The configuration file's location may also be overridden by the `GF_ENTERPRISE_LICENSE_PATH` environment variable.
+
+2. Log in to your [Grafana Cloud Account](https://grafana.com/login) and make sure you're in the correct organization in the dropdown at the top of the page.
+3. Under the **Grafana Enterprise** section in the menu bar to the left, choose licenses and download the currently valid license with which you want to run Grafana. If you cannot see a valid license on Grafana.com, please contact your account manager at Grafana Labs to renew your subscription.
+4. Replace the current `license.jwt`-file with the one you've just downloaded.
+5. [Restart Grafana]({{< relref "../../setup-grafana/restart-grafana/" >}}).
+
+### If your license expires
+
+If your Grafana Enterprise license expires, you can expect the following changes in feature behavior.
+
+#### Data source permissions
+
+Your current data source permissions will keep working as expected, but you'll be unable to add new data source permissions until the license has been renewed.
+
+#### LDAP authentication
+
+- LDAP synchronization is not affected by an expired license.
+- Team sync debugging is unavailable.
+
+#### SAML authentication
+
+SAML authentication is not affected by an expired license.
+
+#### Role-based access control (RBAC)
+
+- Creating, updating and deleting custom roles is not available.
+- Modifying permissions for custom roles is not available.
+
+#### Reporting
+
+- You're unable to configure new reports or generate previews.
+- Existing reports continue to be sent.
+
+#### Enterprise plugins
+
+Enterprise plugins might stop working.
+
+#### White labeling
+
+The white labeling feature is turned off, meaning that any white labeling options will not have any effect.
+
+#### Usage insights
+
+Exporting usage insights logs to Loki will be turned off for licenses expired for more than 7 days.
+
+All the other usage insights features are turned off as soon as the license expires, meaning that you will not be able to see dashboard usage, presence indicators, or use improved search. Grafana continues to collect usage data and you will have access to it as soon as you update your license.
+
+#### Vault integration
+
+Vault integration is not affected by an expired license.
+
+#### Auditing
+
+Auditing is not affected by an expired license.
+
+#### License restrictions
+
+The concurrent session limit remains active for seven days after the expiration date, after which it will be turned off.
+
+The active users limit is turned off immediately.
+
+#### Settings updates at runtime
+
+Settings updates at runtime are not affected by an expired license.
+
+## Grafana Enterprise license restrictions
+
+When you become a Grafana Enterprise customer, you receive a license that governs your use of Grafana Enterprise.
+
+### Active users limit
+
+Your Grafana license includes a maximum number of active users.
+
+- An _active user_ is a user who has signed in to Grafana within the last 30 days. This is a rolling window that is updated daily.
+- When you reach the maximum number of active users, only currently active users (users who have signed in over the past 30 days) can sign in. When a new user or a previously-inactive user tries to sign in, the user will see an error message indicating that Grafana has reached its license limit.
+- The user's role, number of dashboards that a user can view or edit, and the number of organizations that they can access does not affect the active user count.
+- A license limit banner appears to administrators when Grafana reaches its active user limit; editors and viewers do not see the banner.
+
+#### Determine the number of active users
+
+To determine the number of active users:
+
+1. Sign in to Grafana Enterprise as a System Administrator.
+
+1. Click **Server Admin** (the shield icon).
+
+1. Click **Statistics and licensing**.
+
+1. Review the utilization count on the **Utilization** panel.
+
+### Tiered licensing (deprecated)
+
+A tiered license defines dashboard viewers, and dashboard editors and administrators, as two distinct user types that each have their own user limit.
+
+As of Grafana Enterprise version 9.0, Grafana only counts and enforces the _total_ number of active users in your Grafana instance. For example, if you purchase 150 active users, you can have 20 admins, 70 editors, and 60 viewers, or you can have 150 admins. Grafana will enforce the total number of active users even if you use a license that grants a specific number of admins or editors and a certain number of viewers. This is a more permissive policy than before, which gives you the flexibility to change users' roles.
+
+If you are running a pre-9.0 version of Grafana Enterprise, please refer to the documentation for that version to learn more about license enforcement in your current version.
+
+### Additional license restrictions
+
+Your license is controlled by the following rules:
+
+**License expiration date:** The license includes an expiration date, which is the date when a license becomes inactive.
+
+As the license expiration date approaches, you will see a banner in Grafana that encourages you to renew. To learn about how to renew your license and what happens in Grafana when a license expires, refer to [License expiration]({{< ref "#license-expiration" >}}).
+
+**Grafana License URL:** Your license does not work with an instance of Grafana with a different root URL.
+
+The License URL is the complete URL of your Grafana instance, for example `https://grafana.your-company.com/`. It is defined in the [root_url]({{< relref "../../setup-grafana/configure-grafana/#root_url" >}}) configuration setting.
+
+**Concurrent sessions limit**: As of Grafana Enterprise 7.5, users can initiate up to three concurrent sessions of Grafana.
+
+The system creates a session when a user signs in to Grafana from a new device, a different browser, or an incognito window. If a user signs in to Grafana from another tab or window within the same browser, only one session is used.
+
+When a user reaches the session limit, the fourth connection succeeds and the longest inactive session is signed out.
+
+### Request usage billing
+
+You can request Grafana Labs to activate usage billing which allows an unlimited number of active users. When usage billing is enabled, Grafana does not enforce active user limits or display warning banners. Instead, you are charged for active users that exceed the limit, according to your customer contract.
+
+Usage billing involves a contractual agreement between you and Grafana Labs, and it is only available if Grafana Enterprise is configured to [automatically refresh its license token]({{< relref "../../setup-grafana/configure-grafana/enterprise-configuration/#auto_refresh_license" >}}).
+
+### Request a change to your license
+
+To increase the number of licensed users within Grafana, extend a license, or change your licensed URL, contact [Grafana support](https://grafana.com/profile/org#support) or your Grafana Labs account team. They will update your license, which you can activate from within Grafana.
+
+For instructions about how to activate your license after it is updated, refer to [Activate an Enterprise license]({{< ref "#activate-an-enterprise-license" >}}).

docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/_index.md

@@ -1,21 +1,31 @@
-+++
-aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/about-ge-license-through-aws/", "/docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/about-ge-license-through-aws/"]
-description = "About Grafana Enterprise licenses from AWS Marketplace"
-keywords = ["grafana", "about", "enterprise", "overview", "aws", "marketplace"]
-title = "About Grafana Enterprise licenses from AWS Marketplace"
-weight = 100
-+++
+---
+aliases:
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/
+  - /docs/grafana/latest/enterprise/activate-aws-marketplace-license/about-ge-license-through-aws/
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/about-ge-license-through-aws/
+description: Activate your Grafana Enterprise license purchased in AWS Marketplace to take advantage of Grafana Enterprise observability features
+keywords:
+  - grafana
+  - aws
+  - marketplace
+  - enterprise
+  - license
+title: Enterprise licenses through AWS Marketplace
+weight: 400
+---
 
-# About Grafana Enterprise licenses from AWS Marketplace
+# Activate a Grafana Enterprise license purchased through AWS Marketplace
 
 AWS Marketplace is a convenient place for AWS customers to buy and manage a license for Grafana Enterprise versions 8.3.0 and later.
 
+{{< section >}}
+
 You can deploy Grafana Enterprise in the following ways:
 
 - Using AWS services like ECS, EKS or EC2.
 - In an instance outside AWS.
 
-In each case, you must activate the Grafana Enterprise license purchased in AWS Marketplace to take advantage of Grafana Enterprise observability features. Grafana Enterprise licenses purchased through AWS Marketplace are subject to the same [restrictions]({{< relref "../license-restrictions.md" >}}) as Grafana Enterprise licensed purchased directly from Grafana Labs.
+In each case, you must activate the Grafana Enterprise license purchased in AWS Marketplace to take advantage of Grafana Enterprise observability features. Grafana Enterprise licenses purchased through AWS Marketplace are subject to the same [restrictions]({{< relref "../#license-restrictions" >}}) as Grafana Enterprise licensed purchased directly from Grafana Labs.
 
 > To purchase a license directly from Grafana Labs or learn more about other Grafana offerings, [Contact a Grafana Labs representative](https://grafana.com/contact?about=grafana-enterprise).
 

docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/activate-license-on-ecs.md

@@ -1,10 +1,18 @@
-+++
-aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-ecs/", "/docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/activate-license-on-ecs/"]
-description = "Activate a Grafana Enterprise license from AWS Marketplace on ECS"
-keywords = ["grafana", "ecs", "enterprise", "aws", "marketplace", "activate"]
-title = "Activate a Grafana Enterprise license from AWS Marketplace on ECS"
-weight = 250
-+++
+---
+aliases:
+  - /docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-ecs/
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/activate-license-on-ecs/
+description: Activate a Grafana Enterprise license from AWS Marketplace on ECS
+keywords:
+  - grafana
+  - ecs
+  - enterprise
+  - aws
+  - marketplace
+  - activate
+title: Activate a Grafana Enterprise license from AWS Marketplace on ECS
+weight: 250
+---
 
 # Activate a Grafana Enterprise license from AWS Marketplace on ECS
 
@@ -36,7 +44,7 @@ Grafana requires that you configure a database to hold dashboards, users, and ot
 ### Before you begin
 
 - Ensure that you have a supported Grafana database available.
-  - For a list of supported databases, refer to [Supported databases]({{< relref "../../../installation/requirements.md#supported-databases" >}}).
+  - For a list of supported databases, refer to [Supported databases]({{< relref "../../../setup-grafana/installation/#supported-databases" >}}).
   - For information about creating a database, refer to [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html).
 - Review the information required to connect to the RDS DB instance. For more information, refer to [Connecting to an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.Connect.html).
 
@@ -44,7 +52,7 @@ To configure Grafana for high availability:
 
 1. In AWS ECS, use environment variables to update the `database` parameters.
 
-   For a list of database parameters, refer to [Configuration]({{< relref "../../../administration/configuration.md#database" >}}).
+   For a list of database parameters, refer to [Configuration]({{< relref "../../../setup-grafana/configure-grafana/#database" >}}).
 
 1. Create a revision of the task definition for the ECS Task that runs Grafana Enterprise.
 

docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/activate-license-on-eks.md

@@ -1,10 +1,18 @@
-+++
-aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-eks/", "/docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/activate-license-on-eks/"]
-description = "Activate a Grafana Enterprise license from AWS Marketplace on EKS"
-keywords = ["grafana", "enterprise", "aws", "marketplace", "eks", "activate"]
-title = "Activate a Grafana Enterprise license from AWS Marketplace on EKS"
-weight = 200
-+++
+---
+aliases:
+  - /docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-eks/
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/activate-license-on-eks/
+description: Activate a Grafana Enterprise license from AWS Marketplace on EKS
+keywords:
+  - grafana
+  - enterprise
+  - aws
+  - marketplace
+  - eks
+  - activate
+title: Activate a Grafana Enterprise license from AWS Marketplace on EKS
+weight: 200
+---
 
 # Activate a Grafana Enterprise license from AWS Marketplace on EKS
 
@@ -38,7 +46,7 @@ Grafana requires that you configure a database to hold dashboards, users, and ot
 ### Before you begin
 
 - Ensure that you have a supported Grafana database available.
-  - For a list of supported databases, refer to [Supported databases]({{< relref "../../../installation/requirements.md#supported-databases" >}}).
+  - For a list of supported databases, refer to [Supported databases]({{< relref "../../../setup-grafana/installation/#supported-databases" >}}).
   - For information about creating a database, refer to [Creating an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html).
 - Review the information required to connect to the RDS DB instance. For more information, refer to [Connecting to an Amazon RDS DB instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.Connect.html).
 
@@ -70,7 +78,7 @@ To configure Grafana for high availability, choose **one** of the following opti
     value: [database password]
   ```
 
-For more information on Grafana High Availability setup, refer to [Set up Grafana for high availability]({{< relref "../../../administration/set-up-for-high-availability.md" >}}).
+For more information on Grafana High Availability setup, refer to [Set up Grafana for high availability]({{< relref "../../../setup-grafana/set-up-for-high-availability/" >}}).
 
 ## Task 3: Configure Grafana Enterprise to validate its license with AWS
 
@@ -87,7 +95,7 @@ In this task, you configure Grafana Enterprise to validate the license with AWS
 
    For more information about AWS license permissions, refer to [Actions, resources, and condition keys for AWS License Manager](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awslicensemanager.html).
 
-1. Choose **one** of the following options to update the [license_validation_type]({{< relref "../../enterprise-configuration.md#license_validation_type" >}}) configuration to `aws`:
+1. Choose **one** of the following options to update the [license_validation_type]({{< relref "../../../setup-grafana/configure-grafana/enterprise-configuration/#license_validation_type" >}}) configuration to `aws`:
 
    - **Option 1:** Use `kubectl edit configmap grafana` to edit `grafana.ini` add the following section to the configuration:
 
@@ -113,6 +121,6 @@ To restart Grafana on a Kubernetes cluster,
 
 1. After you update the service, navigate to your Grafana instance, sign in with Grafana Admin credentials, and navigate to the Statistics and Licensing page to validate that your license is active.
 
-For more information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../installation/restart-grafana" >}}).
+For more information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../setup-grafana/restart-grafana/" >}}).
 
 > If you experience issues when you update the EKS cluster, refer to [Amazon EKS troubleshooting](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html).

docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/activate-license-on-instance-outside-aws.md

@@ -1,10 +1,19 @@
-+++
-aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-instance-outside-aws/", "/docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/activate-license-on-instance-outside-aws/"]
-description = "Activate a Grafana Enterprise license from AWS on an instance deployed outside of AWS"
-keywords = ["grafana", "enterprise", "aws", "marketplace", "activate"]
-title = "Activate a Grafana Enterprise license from AWS on an instance deployed outside of AWS"
-weight = 300
-+++
+---
+aliases:
+  - /docs/grafana/latest/enterprise/activate-aws-marketplace-license/activate-license-on-instance-outside-aws/
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/activate-license-on-instance-outside-aws/
+description: Activate a Grafana Enterprise license from AWS on an instance deployed
+  outside of AWS
+keywords:
+  - grafana
+  - enterprise
+  - aws
+  - marketplace
+  - activate
+title: Activate a Grafana Enterprise license from AWS on an instance deployed outside
+  of AWS
+weight: 300
+---
 
 # Activate a Grafana Enterprise license from AWS on an instance deployed outside of AWS
 
@@ -22,9 +31,9 @@ To activate a Grafana Enterprise license from AWS on a Grafana Enterprise instan
 
 To install Grafana, refer to the documentation specific to your implementation.
 
-- [Install Grafana]({{< relref "../../../installation/" >}}).
-- [Run Grafana Docker image]({{< relref "../../../installation/docker" >}}).
-- [Deploy Grafana on Kubernetes]({{< relref "../../../installation/kubernetes/#deploy-grafana-enterprise-on-kubernetes" >}}).
+- [Install Grafana]({{< relref "../../../setup-grafana/installation/" >}}).
+- [Run Grafana Docker image]({{< relref "../../../setup-grafana/installation/docker/" >}}).
+- [Deploy Grafana on Kubernetes]({{< relref "../../../setup-grafana/installation/kubernetes/#deploy-grafana-enterprise-on-kubernetes" >}}).
 
 ## Task 2: Create an AWS IAM user with access to your Grafana Enterprise license
 
@@ -97,7 +106,7 @@ To retrieve your license, Grafana Enterprise requires access to your AWS account
 
 In this task you configure Grafana Enterprise to validate the license with AWS instead of Grafana Labs.
 
-Choose one of the following options to update the [license_validation_type]({{< relref "../../enterprise-configuration.md#license_validation_type" >}}) configuration to `aws`:
+Choose one of the following options to update the [license_validation_type]({{< relref "../../../setup-grafana/configure-grafana/enterprise-configuration/#license_validation_type" >}}) configuration to `aws`:
 
 - **Option 1:** In the `[enterprise]` section of the grafana.ini configuration file, add `license_validation_type=aws`.
 
@@ -118,4 +127,4 @@ Choose one of the following options to update the [license_validation_type]({{<
 
 To activate Grafana Enterprise features, start (or restart) Grafana.
 
-For information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../installation/restart-grafana" >}}).
+For information about restarting Grafana, refer to [Restart Grafana]({{< relref "../../../setup-grafana/restart-grafana/" >}}).

docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/manage-license-in-aws-marketplace.md

@@ -1,10 +1,20 @@
-+++
-aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/manage-license-in-aws-marketplace/", "/docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/manage-license-in-aws-marketplace/"]
-description = "Manage your Grafana Enterprise license in AWS Marketplace"
-keywords = ["grafana", "enterprise", "aws", "marketplace", "manage", "add", "remove", "users"]
-title = "Manage your Grafana Enterprise license in AWS Marketplace"
-weight = 400
-+++
+---
+aliases:
+  - /docs/grafana/latest/enterprise/activate-aws-marketplace-license/manage-license-in-aws-marketplace/
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/manage-license-in-aws-marketplace/
+description: Manage your Grafana Enterprise license in AWS Marketplace
+keywords:
+  - grafana
+  - enterprise
+  - aws
+  - marketplace
+  - manage
+  - add
+  - remove
+  - users
+title: Manage your Grafana Enterprise license in AWS Marketplace
+weight: 400
+---
 
 ## Manage your Grafana Enterprise license in AWS Marketplace
 
@@ -28,4 +38,4 @@ You can use AWS Marketplace to make the following modifications to your Grafana
 
    This action retrieves updated license information from AWS.
 
-> To learn more about licensing and active users, refer to [Understanding Grafana Enterprise licensing]({{< relref "../../license/license-restrictions" >}}).
+> To learn more about licensing and active users, refer to [Understanding Grafana Enterprise licensing]({{< relref "../#license-restrictions" >}}).

docs/sources/administration/enterprise-licensing/activate-aws-marketplace-license/transfer-ge-license.md

@@ -1,10 +1,18 @@
-+++
-aliases = ["/docs/grafana/latest/enterprise/activate-aws-marketplace-license/transfer-ge-license/", "/docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/transfer-ge-license/"]
-description = "Transfer your AWS Marketplace Grafana Enterprise license"
-keywords = ["grafana", "enterprise", "aws", "marketplace", "transfer", "move"]
-title = "Transfer your AWS Marketplace Grafana Enterprise license"
-weight = 400
-+++
+---
+aliases:
+  - /docs/grafana/latest/enterprise/activate-aws-marketplace-license/transfer-ge-license/
+  - /docs/grafana/latest/enterprise/license/activate-aws-marketplace-license/transfer-ge-license/
+description: Transfer your AWS Marketplace Grafana Enterprise license
+keywords:
+  - grafana
+  - enterprise
+  - aws
+  - marketplace
+  - transfer
+  - move
+title: Transfer your AWS Marketplace Grafana Enterprise license
+weight: 400
+---
 
 # Transfer your AWS Marketplace Grafana Enterprise license
 

docs/sources/administration/jaeger-instrumentation.md

@@ -1,17 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/jaeger-instrumentation/"]
-description = "Jaeger traces emitted and propagation by Grafana"
-keywords = ["grafana", "jaeger", "tracing"]
-title = "Jaeger instrumentation"
-weight = 900
-+++
-
-# Jaeger instrumentation
-
-Grafana supports [Jaeger tracing](https://www.jaegertracing.io/).
-
-Grafana can emit Jaeger traces for its HTTP API endpoints and propagate Jaeger trace information to data sources.
-All HTTP endpoints are logged evenly (annotations, dashboard, tags, and so on).
-When a trace ID is propagated, it is reported with operation 'HTTP /datasources/proxy/:id/\*'.
-
-Refer to [Configuration]({{< relref "configuration.md#tracing-jaeger" >}}) for information about enabling Jaeger tracing.

docs/sources/administration/manage-users-and-permissions/manage-org-users/_index.md

@@ -1,13 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/", "/docs/grafana/latest/manage-users/org-admin/"]
-title = "Manage users in an organization"
-weight = 400
-+++
-
-# Manage users in an organization
-
-Organization administrators can invite users to join their organization. Organization users have access to organization resources based on their role, which is **Admin**, **Editor**, or **Viewer**. Permissions associated with each role determine the tasks a user can perform in the system.
-
-For more information about organization user permissions, refer to [Organization users and permissions]({{< relref "../about-users-and-permissions/#organization-users-and-permissions" >}}).
-
-{{< section >}}

docs/sources/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions.md

@@ -1,27 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions/"]
-title = "Change a user's organization permissions"
-weight = 30
-+++
-
-# Change a user's organization permissions
-
-Update user permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
-
-## Before you begin
-
-- Ensure you have organization administrator privileges
-
-**To change the organization role of a user**:
-
-1. Sign in to Grafana as an organization administrator.
-1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
-1. Find the user account for which you want to change the role.
-
-   If necessary, use the search field to filter the list.
-
-1. Locate the user on the list and in the **Role** column, click the user role.
-1. Select the role that you want to assign.
-1. Click **Update**.
-
-> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can also [change a user's organization permissions]({{< relref "../../manage-users-and-permissions/manage-server-users/change-user-org-permissions.md" >}}) in the Server Admin section.

docs/sources/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org.md

@@ -1,44 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org/"]
-title = "Invite a user to join an organization"
-weight = 10
-+++
-
-# Invite a user to join an organization
-
-When you invite users to join an organization, you assign the **Admin**, **Editor**, or **Viewer** role which controls user access to the dashboards and data sources owned by the organization. Users receive an email that prompts them to accept the invitation.
-
-- If you know that the user already has access Grafana and you know their user name, then you issue an invitation by entering their user name.
-- If the user is new to Grafana, then use their email address to issue an invitation. The system automatically creates the user account on first sign in.
-
-> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can also manually [add a user to an organization]({{< relref "../../manage-users-and-permissions/manage-server-users/add-remove-user-to-org.md" >}}).
-
-## Before you begin
-
-- Ensure you have organization administrator privileges.
-- If the user already has access to Grafana, obtain their user name.
-- Determine the permissions you want to assign to the user. For more information about organization permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
-
-**To invite or add an existing user account to your organization**:
-
-1. Sign in to Grafana as an organization administrator.
-1. To switch to the organization to which you want to invite a user, hover your mouse over your profile and click **Switch organization** and select an organization.
-
-   > **Note**: It might be that you are currently in the proper organization and don't need to switch organizations.
-
-1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
-1. Click **Invite**.
-1. Enter the following information:
-
-   | Field             | Description                                                                                                                                                                                                                                                              |
-   | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-   | Email or username | Either the email or username that the user will use to sign in to Grafana.                                                                                                                                                                                               |
-   | Name              | The user's name.                                                                                                                                                                                                                                                         |
-   | Role              | Click the organization role to assign this user. For more information about organization roles, refer to [Organization roles]({{< relref "../about-users-and-permissions#organization-roles" >}})..                                                                      |
-   | Send invite email | Switch to on if your organization has configured. The system sends an email to the user inviting them to sign in to Grafana and join the organization. Switch to off if you are not using email. The user can sign in to Grafana with the email or username you entered. |
-
-1. Click **Submit**.
-
-If the invitee is not already a user, the system adds them.
-
-![Invite User](/static/img/docs/manage-users/org-invite-user-7-3.png).

docs/sources/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites.md

@@ -1,31 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites/"]
-title = "Manage a pending invitation"
-weight = 20
-+++
-
-# Manage a pending invitation
-
-Periodically review invitations you have sent so that you can see a list of users that have not yet accepted the invitation or cancel a pending invitation.
-
-> **Note:** The **Pending Invites** button is only visible if there are unanswered invitations.
-
-## Before you begin
-
-- Ensure you have organization administrator privileges
-
-**To manage a pending invitation**:
-
-1. Sign in to Grafana as an organization administrator.
-1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
-1. Click **Pending Invites**.
-
-   The **Pending Invites** button appears only when there are unaccepted invitations.
-
-   ![Pending Invites button](/static/img/docs/manage-users/pending-invites-button-7-3.png)
-
-To cancel an invitation, click the red **X** next to the invitation.
-
-To copy an invitation link and send it directly to a user, click Copy Invite. You can then paste the invite link into a message.
-
-![Pending Invites list](/static/img/docs/manage-users/pending-invites-list-7-3.png)

docs/sources/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org.md

@@ -1,27 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org/"]
-title = "Remove a user from an organization"
-weight = 40
-+++
-
-# Remove a user from an organization
-
-You can remove a user from an organization when they no longer require access to the dashboard or data sources owned by the organization. No longer requiring access to an organization might occur when the user has left your company or has internally moved to another organization.
-
-This action does not remove the user account from the Grafana server.
-
-## Before you begin
-
-- Ensure you have organization administrator privileges
-
-**To remove a user from an organization**:
-
-1. Sign in to Grafana as an organization administrator.
-1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
-1. Find the user account that you want to remove from the organization.
-
-   Use the search field to filter the list, if necessary.
-
-1. Click the red **X** to remove the user from the organization.
-
-> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can also [remove a user from an organization]({{< relref "../../manage-users-and-permissions/manage-server-users/add-remove-user-to-org.md#remove-a-user-from-an-organization" >}}) on the Users page of the Server Admin section.

docs/sources/administration/manage-users-and-permissions/manage-org-users/view-list-org-users.md

@@ -1,22 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/view-list-org-users/"]
-title = "View a list of organization users"
-weight = 50
-+++
-
-# View a list of organization users
-
-You can see a list of users with accounts in your Grafana organization. If necessary, you can use the search field to filter the list.
-
-## Before you begin
-
-- Ensure you have organization administrator privileges
-
-**To view a list of organization users**:
-
-1. Sign in to Grafana as an organization administrator.
-1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
-
-![Org Admin user list](/static/img/docs/manage-users/org-user-list-7-3.png)
-
-> **Note:** If you have [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can also [view a global list of users]({{< relref "../../manage-users-and-permissions/manage-server-users/view-list-users.md" >}}) in the Server Admin section of Grafana.

docs/sources/administration/manage-users-and-permissions/manage-server-users/_index.md

@@ -1,17 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/", "/docs/grafana/latest/manage-users/server-admin/", "/docs/grafana/latest/manage-users/server-admin/server-admin-manage-users/"]
-title = "Manage users globally"
-weight = 300
-+++
-
-# Manage users globally
-
-A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system.
-
-If you have [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions in Grafana, you can manage all users for a Grafana instance in the Server Admin section:
-
-{{< section >}}
-
-If you have [organization administrator]({{< relref "../about-users-and-permissions.md#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, refer to [Manage users in a organization]({{< relref "../../manage-users-and-permissions/manage-org-users/_index.md" >}}).
-
-For more information about users and permissions, refer to [About users and permissions]({{< relref "../about-users-and-permissions" >}}).

docs/sources/administration/manage-users-and-permissions/manage-server-users/add-remove-user-to-org.md

@@ -1,51 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-remove-user-to-org/", "/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user-to-org/"]
-title = "Add or remove a user from an organization"
-weight = 30
-+++
-
-# Add a user to an organization
-
-Add a user to an organization when you want the user to have access to organization resources such as dashboards, data sources, and playlists. A user must belong to at least one organization.
-
-You are required to specify an Admin role for each organization. The first user you add to an organization becomes the Admin by default. After you assign the Admin role to a user, you can add other users to an organization as either Admins, Editors, or Viewers.
-
-## Before you begin
-
-- [Create an organization]({{< relref "../../manage-organizations/_index.md" >}})
-- [Add a user]({{< relref "./add-user.md" >}}) to Grafana
-- Ensure you have Grafana server administrator privileges
-
-**To add a user to an organization**:
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-1. Click a user.
-1. In the **Organizations** section, click **Add user to organization**.
-1. Select an organization and a role.
-
-   For more information about user permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
-
-1. Click **Add to organization**.
-
-The next time the user signs in, they will be able to navigate to their new organization using the Switch Organizations option in the user profile menu.
-
-> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions.md#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can still [invite a user to join an organization]({{< relref "../../manage-users-and-permissions/manage-org-users/invite-user-join-org.md" >}}).
-
-# Remove a user from an organization
-
-Remove a user from an organization when they no longer require access to the dashboards, data sources, or alerts in that organization.
-
-## Before you begin
-
-- Ensure you have Grafana server administrator privileges
-
-**To remove a user from an organization**:
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-1. Click a user.
-1. In the **Organization** section, click **Remove from organization** next to the organization from which you want to remove the user.
-1. Click **Confirm removal**.
-
-> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions.md#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can still [remove a user from an organization]({{< relref "../../manage-users-and-permissions/manage-org-users/remove-user-from-org.md" >}}) in the Users section of organization configuration.

docs/sources/administration/manage-users-and-permissions/manage-server-users/add-user.md

@@ -1,28 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user/"]
-title = "Add a user"
-weight = 10
-+++
-
-# Add a user
-
-Add users when you want to manually provide individuals with access to Grafana.
-
-When you create a user using this method, you must create their password. The user does not receive a notification by email. To invite a user to Grafana and allow them to create their own password, [invite a user to join an organization]({{< relref "../manage-org-users/invite-user-join-org.md" >}}).
-
-When you configure advanced authentication using Oauth, SAML, LDAP, or the Auth proxy, users are created automatically.
-
-## Before you begin
-
-- Ensure that you have Grafana server administrator privileges
-
-**To add a user**:
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-1. Click **New user**.
-1. Complete the fields and click **Create user**.
-
-When you create a user, the system assigns the user viewer permissions in a default organization, which you can change. You can now [add a user to a second organization]({{< relref "./add-remove-user-to-org.md" >}}).
-
-> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions.md#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can still add users by [inviting a user to join an organization]({{< relref "../../manage-users-and-permissions/manage-org-users/invite-user-join-org.md" >}}).

docs/sources/administration/manage-users-and-permissions/manage-server-users/force-user-logout.md

@@ -1,24 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/force-user-logout/"]
-title = "Force a user to logout from Grafana"
-weight = 90
-+++
-
-# Force a user to log out of Grafana
-
-If you suspect a user account is compromised or is no longer authorized to access the Grafana server, then you can force the user to log out of Grafana.
-
-The force logout action can apply to one device that is logged in to Grafana, or all devices logged in to Grafana.
-
-## Before you begin
-
-- Ensure you have Grafana server administrator privileges
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-1. Click a user.
-1. Scroll down to the **Sessions** section.
-1. Perform one of the following actions:
-   - Click **Force logout** next to the session entry that you want logged out of Grafana.
-   - Click **Force logout from all devices**.
-1. Confirm the logout.

docs/sources/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account.md

@@ -1,68 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account/", "/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-user-account-details/"]
-title = "View and edit a user account"
-weight = 110
-+++
-
-# View user details
-
-View user details when you want to see login, and organizations and permissions settings associated with a user.
-
-## Before you begin:
-
-- Ensure you have Grafana server administrator privileges
-
-**To view user details**:
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-1. Click a user.
-
-A user account contains the following sections.
-
-### User information
-
-This section contains basic user information, which users can update.
-
-![Server Admin user information section](/static/img/docs/manage-users/server-admin-user-information-7-3.png)
-
-### Permissions
-
-This indicates whether the user account has the Grafana administrator flag applied. If the flag is set to **Yes**, then the user is a Grafana server administrator.
-
-![Server Admin Permissions section](/static/img/docs/manage-users/server-admin-permissions-7-3.png)
-
-### Organisations
-
-This section lists the organizations the user belongs to and their assigned role.
-
-![Server Admin Organizations section](/static/img/docs/manage-users/server-admin-organisations-7-3.png)
-
-### Sessions
-
-This section includes recent user sessions and information about the time the user logged in and they system they used. You can force logouts, if necessary.
-
-![Server Admin Sessions section](/static/img/docs/manage-users/server-admin-sessions-7-3.png)
-
-# Edit a user account
-
-Edit a user account when you want to modify user login credentials, or delete, disable, or enable a user.
-
-## Before you begin
-
-- Ensure you have Grafana server administrator privileges
-
-**To edit a user account**:
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-1. Click a user.
-1. Complete any of the following actions, as necessary.
-
-| Action                          | Description                                                                                                                                                     |
-| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Update name, email, or username | **Is the user notified of these changes?**. Click **Save** after you make a change.                                                                             |
-| Change the user's password      | The new password must be at least four characters long. Click **Save** after you make a change.                                                                 |
-| Delete a user                   | This action permanently removes the user from the Grafana server. The user can no longer sign in after you make this change.                                    |
-| Disable user account            | This action prevents a user from signing in with this account, but does not delete the account. You might disable an account if a colleague goes on sabbatical. |
-| Enable a user account           | This action enables a user account.                                                                                                                             |

docs/sources/administration/manage-users-and-permissions/manage-server-users/view-list-users.md

@@ -1,22 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-list-users/"]
-title = "View a list of users"
-weight = 100
-+++
-
-# View a list of users
-
-You can see a list of users with accounts on your Grafana server. This action might be useful when you want to know which role you assigned to each user.
-
-## Before you begin
-
-- Ensure you have Grafana server administrator privileges
-
-**To view a list of users**:
-
-1. Sign in to Grafana as a server administrator.
-1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
-
-![Server Admin user list](/static/img/docs/manage-users/server-user-list-7-3.png)
-
-> **Note:** If you have [organization administrator]({{< relref "../about-users-and-permissions.md#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../about-users-and-permissions.md#grafana-server-administrators" >}}) permissions, you can still [view of list of users in a given organization]({{< relref "../../manage-users-and-permissions/manage-org-users/view-list-org-users.md" >}}).

docs/sources/administration/organization-management/_index.md

@@ -10,7 +10,7 @@ keywords:
   - dashboards
 menuTitle: Manage organizations
 title: Manage organizations
-weight: 300
+weight: 200
 ---
 
 # Manage organizations
@@ -42,7 +42,7 @@ The following table summarizes the resources you can share and/or isolate using
 
 The member of one organization cannot view dashboards assigned to another organization. However, a user can belong to multiple organizations.
 
-Grafana Server Administrators are responsible for creating organizations. For more information about the Grafana Server Administrator role, refer to [Grafana server administrators]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#Grafana server administrators" >}}).
+Grafana Server Administrators are responsible for creating organizations. For more information about the Grafana Server Administrator role, refer to [Grafana server administrators]({{< relref "../roles-and-permissions/#grafana-server-administrators" >}}).
 
 ## View a list of organizations
 
@@ -80,9 +80,9 @@ Create an organization when you want to isolate dashboards and other resources f
 
 1. On the **Preferences** tab, select a home dashboard, time zone, and week start.
 
-   For more information about preferences, refer to [Preferences]({{< relref "../preferences/_index.md" >}}).
+   For more information about preferences, refer to [Preferences]({{< relref "../organization-preferences/" >}}).
 
-For more information about adding users to an organization, refer to [Add a user to an organization]({{< relref "../manage-users-and-permissions/manage-server-users/add-remove-user-to-org.md" >}}).
+For more information about adding users to an organization, refer to [Add a user to an organization]({{< relref "../user-management/server-user-management/add-remove-user-to-org/" >}}).
 
 ## Delete an organization
 

docs/sources/administration/organization-preferences/_index.md

@@ -0,0 +1,238 @@
+---
+aliases:
+  - /docs/grafana/latest/administration/preferences/
+  - /docs/grafana/latest/administration/preferences/change-grafana-name/
+  - /docs/grafana/latest/administration/preferences/change-grafana-theme/
+  - /docs/grafana/latest/administration/preferences/change-grafana-timezone/
+  - /docs/grafana/latest/administration/change-home-dashboard/
+  - /docs/grafana/latest/administration/preferences/change-home-dashboard/
+title: Organization preferences
+weight: 500
+---
+
+# Organization preferences
+
+Grafana preferences are basic settings. They control the Grafana UI theme, home dashboard, time zone, and so on.
+
+Preferences are sometimes confusing because they can be set at four different levels, listed from highest level to lowest:
+
+- **Server -** Affects all users on the Grafana server. Set by a [Grafana server admin]({{< relref "../roles-and-permissions/#grafana-server-administrators" >}}).
+- **Organization -** Affects all users in an organization. Set by an [Organization admin]({{< relref "../roles-and-permissions/#organization-roles" >}}).
+- **Team -** Affects all users assigned to a team. Set by an Organization Admin or Team Admin. To learn more about these roles, refer to [Teams and permissions]({{< relref "../roles-and-permissions/#teams-and-permissions" >}}).
+- **User account -** Affects the individual user. Set by the user on their own account.
+
+The lowest level always takes precedence. For example, if a user sets their theme to **Light**, then their visualization of Grafana displays the light theme. Nothing at any higher level can override that.
+
+If the user is aware of the change and intended it, then that's great! But if the user is a Server Admin who made the change to their user preferences a long time ago, they might have forgotten they did that. Then, if that Server Admin is trying to change the theme at the server level, they'll get frustrated as none of their changes have any effect that they can see. (Also, the users on the server might be confused, because _they_ can see the server-level changes!)
+
+## Change Grafana name and email
+
+In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
+
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
+
+### Change organization name
+
+Grafana server administrators and organization administrators can change organization names.
+
+#### Grafana Server Admin change organization name
+
+Follow these instructions if you are a Grafana Server Admin.
+
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears.
+1. Click **Orgs**.
+1. In the organization list, click the name of the organization that you want to change.
+1. In **Name**, enter the new organization name.
+1. Click **Update**.
+
+#### Organization Admin change organization name
+
+If you are an Organization Admin, follow these steps:
+
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In **Organization name**, enter the new name.
+1. Click **Update organization name**.
+
+### Change team name or email
+
+Organization administrators and team administrators can change team names and email addresses.
+To change the team name or email, follow these steps:
+
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
+1. In the team list, click the name of the team that you want to change.
+1. Click the **Settings** tab.
+1. In the Team Settings section, you can edit the following:
+   - **Name -** Edit this field to change the display name associated with the team.
+   - **Email -** Edit this field to change the email address associated with the team.
+1. Click **Update**.
+
+### Change user name or email
+
+To learn how to edit your user information, refer to [Edit your profile]({{< relref "../user-management/user-preferences/#edit-your-profile" >}}).
+
+## Change Grafana UI theme
+
+In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
+
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
+
+### Theme options
+
+The theme affects how Grafana displays graphs, menus, other UI elements.
+
+#### Default
+
+**Default** is either the dark theme or the theme selected in a higher level. For example, if an Organization administrator set the **Light** theme, then that is the default for all the teams in that organization.
+
+#### Dark
+
+Here is an example of the dark theme.
+
+![Dark theme example](/static/img/docs/preferences/dark-theme-7-4.png)
+
+#### Light
+
+Here is an example of the light theme.
+
+![Light theme example](/static/img/docs/preferences/light-theme-7-4.png)
+
+### Change server UI theme
+
+Grafana server administrators can change the Grafana UI theme for all users on the server by setting the [default_theme]({{< relref "../../setup-grafana/configure-grafana/#default-theme" >}}) option in the Grafana configuration file.
+
+To see what the current settings are, refer to [View server settings]({{< relref "../stats-and-license#view-server-settings" >}}).
+
+### Change organization UI theme
+
+Organization administrators can change the UI theme for all users in an organization.
+
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
+
+### Change team UI theme
+
+Organization and team administrators can change the UI theme for all users in a team.
+
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
+1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
+
+### Change your personal UI theme
+
+You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
+
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. In the Preferences section, select the **UI theme**.
+1. Click **Save**.
+
+## Change the Grafana default timezone
+
+By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
+
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
+
+### Set server timezone
+
+Grafana server administrators can choose a default timezone for all users on the server by setting the [default_timezone]({{< relref "../../setup-grafana/configure-grafana/#default-timezone" >}}) option in the Grafana configuration file.
+
+### Set organization timezone
+
+Organization administrators can choose a default timezone for their organization.
+
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/time-range-controls/" >}}) for more information about Grafana time settings.
+1. Click **Save**.
+
+### Set team timezone
+
+Organization administrators and team administrators can choose a default timezone for all users in a team.
+
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
+1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/time-range-controls/" >}}) for more information about Grafana time settings.
+1. Click **Save**.
+
+### Set your personal timezone
+
+You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
+
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. Click to select an option in the **Timezone** list. **Default** is either the browser local timezone or the timezone selected at a higher level. Refer to [Time range controls]({{< relref "../../dashboards/time-range-controls/" >}}) for more information about Grafana time settings.
+1. Click **Save**.
+
+## Change the default home dashboard
+
+The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
+
+Some tasks require certain permissions. For more information about roles, refer to [Roles and permissions]({{< relref "../roles-and-permissions/" >}}).
+
+### Navigate to the home dashboard
+
+The home dashboard is the first dashboard a user sees when they sign in to Grafana. You can also navigate to the home dashboard manually.
+
+1. Hover your cursor over the **Dashboards** (four squares) icon.
+1. Click **Home**.
+
+### Set the home dashboard for the server
+
+Users with the Grafana Server Admin flag on their account or access to the configuration file can define a JSON file to use as the home dashboard for all users on the server.
+
+#### [Optional] Convert an existing dashboard into a JSON file
+
+1. Navigate to the page of the dashboard you want to use as the home dashboard.
+1. Click the **Share dashboard** icon next to the dashboard title.
+1. In the Export tab, click **Save to file**. Grafana converts the dashboard to a JSON file and saves it locally.
+
+#### Use a JSON file as the home dashboard
+
+1. Save your JSON file somewhere that Grafana can access it. For example, in the Grafana `data` folder of Grafana.
+1. Update your configuration file to set the path to the JSON file. Refer to [default_home_dashboard_path]({{< relref "../../setup-grafana/configure-grafana/#default_home_dashboard_path" >}}) for more information about modifying the Grafana configuration files.
+
+```ini
+[dashboards]
+# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
+default_home_dashboard_path = data/main-dashboard.json
+```
+
+> **Note:** On Linux, Grafana uses `/usr/share/grafana/public/dashboards/home.json` as the default home dashboard location.
+
+### Set the home dashboard for your organization
+
+Organization administrators can choose a home dashboard for their organization.
+
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. Hover your cursor over the **Configuration** (gear) icon.
+1. Click **Preferences**.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.
+
+### Set home dashboard for your team
+
+Organization administrators and Team Admins can choose a home dashboard for a team.
+
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
+1. Click **Teams**. Grafana displays the team list.
+1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.
+
+### Set your personal home dashboard
+
+You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
+
+1. Navigate to the dashboard you want to set as the home dashboard.
+1. Click the star next to the dashboard title to mark the dashboard as a favorite if it is not already.
+1. On the left menu, hover your cursor over your avatar and then click **Preferences**.
+1. In the **Home Dashboard** field, select the dashboard that you want to use for your home dashboard. Options include all starred dashboards.
+1. Click **Save**.

docs/sources/administration/plugin-management/_index.md

@@ -0,0 +1,203 @@
+---
+aliases:
+  - /docs/grafana/latest/plugins/
+  - /docs/grafana/latest/plugins/catalog/
+  - /docs/grafana/latest/plugins/installation/
+  - /docs/grafana/latest/plugins/plugin-signature-verification/
+  - /docs/grafana/latest/plugins/plugin-signatures/
+title: Plugin management
+weight: 600
+---
+
+# Plugin management
+
+Besides the wide range of visualizations and data sources that are available immediately after you install Grafana, you can extend your Grafana experience with _plugins_.
+
+You can [install]({{< ref "#install-a-plugin" >}}) one of the plugins built by the Grafana community, or [build one yourself]({{< relref "../../developers/plugins/" >}}).
+
+Grafana supports three types of plugins: [panels](https://grafana.com/grafana/plugins?type=panel), [data sources](https://grafana.com/grafana/plugins?type=datasource), and [apps](https://grafana.com/grafana/plugins?type=app).
+
+## Panel plugins
+
+Add new visualizations to your dashboard with panel plugins, such as the [Worldmap Panel](https://grafana.com/grafana/plugins/grafana-worldmap-panel), [Clock](https://grafana.com/grafana/plugins/grafana-clock-panel), and [Pie Chart](https://grafana.com/grafana/plugins/grafana-piechart-panel).
+
+Use panel plugins when you want to:
+
+- Visualize data returned by data source queries.
+- Navigate between dashboards.
+- Control external systems, such as smart home devices.
+
+## Data source plugins
+
+Data source plugins add support for new databases, such as [Google BigQuery](https://grafana.com/grafana/plugins/doitintl-bigquery-datasource).
+
+Data source plugins communicate with external sources of data and return the data in a format that Grafana understands. By adding a data source plugin, you can immediately use the data in any of your existing dashboards.
+
+Use data source plugins when you want to import data from external systems.
+
+## App plugins
+
+Applications, or _app plugins_, bundle data sources and panels to provide a cohesive experience, such as the [Zabbix](https://grafana.com/grafana/plugins/alexanderzobnin-zabbix-app) app.
+
+Apps can also add custom pages for things like control panels.
+
+Use app plugins when you want to create an custom out-of-the-box monitoring experience.
+
+## Plugin catalog
+
+The Plugin catalog allows you to browse and manage plugins from within Grafana. Only Grafana server administrators and organization administrators can access and use the plugin catalog. The following access rules apply depending on the user role:
+
+| Org Admin | Server Admin | Permissions                                                                                 |
+| --------- | ------------ | ------------------------------------------------------------------------------------------- |
+| &check;   | &check;      | <ul><li>Can configure app plugins</li><li>Can install/uninstall/update plugins</li></ul>    |
+| &check;   | &times;      | <ul><li>Can configure app plugins</li><li>Cannot install/uninstall/update plugins</li></ul> |
+| &times;   | &check;      | <ul><li>Cannot configure app plugins</li><li>Can install/uninstall/update plugins</li></ul> |
+
+> **Note:** The Plugin catalog is designed to work with a single Grafana server instance only. Support for Grafana clusters will be added in future Grafana releases.
+
+<div class="medium-6 columns">
+  <video width="700" height="600" controls>
+    <source src="/static/assets/videos/plugins-catalog-install-8-1.mp4" type="video/mp4">
+    Your browser does not support the video tag.
+  </video>
+</div>
+
+In order to be able to install / uninstall / update plugins using plugin catalog, you must enable it via the `plugin_admin_enabled` flag in the [configuration]({{< relref "../../setup-grafana/configure-grafana/#plugin_admin_enabled" >}}) file.
+Before following the steps below, make sure you are logged in as a Grafana administrator.
+
+<a id="#plugin-catalog-entry"></a>
+Currently, there are two entry points to the Plugin catalog.
+
+- Grafana server administrators can find it at **Server Admin >
+  Plugins**.
+- Organization administrators can find it at **Configuration > Plugins**.
+
+### Browse plugins
+
+To browse for available plugins:
+
+1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
+1. Click the **All** filter to browse all available plugins.
+1. Click the **Data sources**, **Panels**, or **Applications** buttons to filter by plugin type.
+
+![Plugin catalog browse](/static/img/docs/plugins/plugins-catalog-browse-8-1.png)
+
+### Install a plugin
+
+To install a plugin:
+
+1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
+1. Browse and find a plugin.
+1. Click on the plugin logo.
+1. Click **Install**.
+
+When the update is complete, you see a confirmation message that the installation was successful.
+
+![Plugin catalog install](/static/img/docs/plugins/plugins-catalog-install-8-1.png)
+
+### Update a plugin
+
+To update a plugin:
+
+1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
+1. Click on the plugin logo.
+1. Click **Update**.
+
+When the update is complete, you see a confirmation message that the update was successful.
+
+![Plugin catalog update](/static/img/docs/plugins/plugins-catalog-update-8-1.png)
+
+### Uninstall a plugin
+
+To uninstall a plugin:
+
+1. In Grafana, [navigate to the Plugin catalog](#plugin-catalog-entry) to view installed plugins.
+1. Click on the plugin logo.
+1. Click **Uninstall**.
+
+When the update is complete, you see a confirmation message that the uninstall was successful.
+
+![Plugin catalog uninstall](/static/img/docs/plugins/plugins-catalog-uninstall-8-1.png)
+
+## Install Grafana plugins
+
+Grafana supports data source, panel, and app plugins. Having panels as plugins makes it easy to create and add any kind of panel, to show your data, or improve your favorite dashboards. Apps enable the bundling of data sources, panels, dashboards, and Grafana pages into a cohesive experience.
+
+1. In a web browser, navigate to the official [Grafana Plugins page](https://grafana.com/plugins) and find a plugin that you want to install.
+1. Click the plugin, and then click the **Installation** tab.
+
+### Install plugin on Grafana Cloud
+
+On the Installation tab, in the **For** field, click the name of the Grafana instance that you want to install the plugin on.
+
+Grafana Cloud handles the plugin installation automatically.
+
+If you are logged in to Grafana Cloud when you add a plugin, log out and back in again to use the new plugin.
+
+### Install plugin on local Grafana
+
+Follow the instructions on the Install tab. You can either install the plugin with a Grafana CLI command or by downloading and uncompress a .zip file into the Grafana plugins directory. We recommend using Grafana CLI in most instances. The .zip option is available if your Grafana server does not have access to the internet.
+
+For more information about Grafana CLI plugin commands, refer to [Plugin commands]({{< relref "../../cli/#plugins-commands" >}}).
+
+As of Grafana v8.0, a plugin catalog app was introduced in order to make managing plugins easier. For more information, refer to [Plugin catalog]({{< ref "#plugin-catalog" >}}).
+
+#### Install a packaged plugin
+
+After the user has downloaded the archive containing the plugin assets, they can install it by extracting the archive into their plugin directory.
+
+```
+unzip my-plugin-0.2.0.zip -d YOUR_PLUGIN_DIR/my-plugin
+```
+
+The path to the plugin directory is defined in the configuration file. For more information, refer to [Configuration]({{< relref "../../setup-grafana/configure-grafana/#plugins" >}}).
+
+## Plugin signatures
+
+Plugin signature verification (signing) is a security measure to make sure plugins haven't been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.
+
+At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to **Configuration** -> **Plugins**.
+
+Grafana also writes an error message to the server log:
+
+```bash
+WARN[05-26|12:00:00] Some plugin scanning errors were found   errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"
+```
+
+If you are a plugin developer and want to know how to sign your plugin, refer to [Sign a plugin]({{< relref "../../developers/plugins/sign-a-plugin/" >}}).
+
+| Signature status   | Description                                                                     |
+| ------------------ | ------------------------------------------------------------------------------- |
+| Core               | Core plugin built into Grafana.                                                 |
+| Invalid signature  | The plugin has a invalid signature.                                             |
+| Modified signature | The plugin has changed since it was signed. This may indicate malicious intent. |
+| Unsigned           | The plugin is not signed.                                                       |
+| Signed             | The plugin signature was successfully verified.                                 |
+
+### Plugin signature levels
+
+All plugins is signed under a _signature level_. The signature level determines how the plugin can be distributed.
+
+| **Plugin Level** | **Description**                                                                                                                                                                                                          |
+| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Private          | <p>Private plugins are for use on your own Grafana. They may not be distributed to the Grafana community, and are not published in the Grafana catalog.</p>                                                              |
+| Community        | <p>Community plugins have dependent technologies that are open source and not for profit.</p><p>Community plugins are published in the official Grafana catalog, and are available to the Grafana community.</p>         |
+| Commercial       | <p>Commercial plugins have dependent technologies that are closed source or commercially backed.</p><p>Commercial Plugins are published on the official Grafana catalog, and are available to the Grafana community.</p> |
+
+### Allow unsigned plugins
+
+> **Note:** Unsigned plugins are not supported in Grafana Cloud.
+
+We strongly recommend that you don't run unsigned plugins in your Grafana instance. If you're aware of the risks and you still want to load an unsigned plugin, refer to [Configuration]({{< relref "../../setup-grafana/configure-grafana/#allow_loading_unsigned_plugins" >}}).
+
+If you've allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log:
+
+```bash
+WARN[06-01|16:45:59] Running an unsigned plugin   pluginID=<plugin id>
+```
+
+> **Note:** If you're developing a plugin, then you can enable development mode to allow all unsigned plugins.
+
+## Learn more
+
+- Browse the available [Plugins](https://grafana.com/grafana/plugins)

docs/sources/administration/preferences/_index.md

@@ -1,20 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/preferences/"]
-title = "Preferences"
-weight = 50
-+++
-
-# Grafana preferences
-
-Grafana preferences are basic settings. They control the Grafana UI theme, home dashboard, time zone, and so on.
-
-Preferences are sometimes confusing because they can be set at four different levels, listed from highest level to lowest:
-
-- **Server -** Affects all users on the Grafana server. Set by a [Grafana server admin]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#grafana-server-administrators" >}}).
-- **Organization -** Affects all users in an organization. Set by an [Organization admin]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#organization-roles" >}}).
-- **Team -** Affects all users assigned to a team. Set by an Organization Admin or Team Admin. To learn more about these roles, refer to [Teams and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#teams-and-permissions" >}}).
-- **User account -** Affects the individual user. Set by the user on their own account.
-
-The lowest level always takes precedence. For example, if a user sets their theme to **Light**, then their visualization of Grafana displays the light theme. Nothing at any higher level can override that.
-
-If the user is aware of the change and intended it, then that's great! But if the user is a Server Admin who made the change to their user preferences a long time ago, they might have forgotten they did that. Then, if that Server Admin is trying to change the theme at the server level, they'll get frustrated as none of their changes have any effect that they can see. (Also, the users on the server might be confused, because _they_ can see the server-level changes!)

docs/sources/administration/preferences/change-grafana-name.md

@@ -1,57 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/preferences/change-grafana-name/"]
-keywords = ["grafana", "configuration", "documentation", "home"]
-title = "Change name and email"
-weight = 100
-+++
-
-# Change Grafana name and email
-
-In Grafana, you can change your names and emails associated with groups or accounts in the Settings or Preferences. This topic provides instructions for each task.
-
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
-
-## Change organization name
-
-Grafana server administrators and organization administrators can change organization names.
-
-### Grafana Server Admin change organization name
-
-Follow these instructions if you are a Grafana Server Admin.
-
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-server-org-list.md" >}}
-
-1. In the organization list, click the name of the organization that you want to change.
-1. In **Name**, enter the new organization name.
-1. Click **Update**.
-   {{< /docs/list >}}
-
-### Organization Admin change organization name
-
-If you are an Organization Admin, follow these steps:
-
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-
-1. In **Organization name**, enter the new name.
-1. Click **Update organization name**.
-   {{< /docs/list >}}
-
-## Change team name or email
-
-Organization administrators and team administrators can change team names and email addresses.
-To change the team name or email, follow these steps:
-
-1. Hover your cursor over the **Configuration** (gear) icon in the side menu.
-1. Click **Teams**. Grafana displays the team list.
-1. In the team list, click the name of the team that you want to change.
-1. Click the **Settings** tab.
-1. In the Team Settings section, you can edit the following:
-   - **Name -** Edit this field to change the display name associated with the team.
-   - **Email -** Edit this field to change the email address associated with the team.
-1. Click **Update**.
-
-## Change user name or email
-
-To learn how to edit your user information, refer to [Edit your profile]({{< relref "../manage-user-preferences/_index.md#edit-your-profile" >}}).

docs/sources/administration/preferences/change-grafana-theme.md

@@ -1,68 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/preferences/change-grafana-theme/"]
-description = "How to set the Grafana UI theme"
-keywords = ["grafana", "configuration", "documentation", "home"]
-title = "Change UI theme"
-weight = 200
-+++
-
-# Change Grafana UI theme
-
-In Grafana, you can modify the UI theme configured in the Settings or Preferences. Set the UI theme for the server, an organization, a team, or your personal user account using the instructions in this topic.
-
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
-
-## Theme options
-
-The theme affects how Grafana displays graphs, menus, other UI elements.
-
-### Default
-
-**Default** is either the dark theme or the theme selected in a higher level. For example, if an Organization administrator set the **Light** theme, then that is the default for all the teams in that organization.
-
-### Dark
-
-Here is an example of the dark theme.
-
-![Dark theme example](/static/img/docs/preferences/dark-theme-7-4.png)
-
-### Light
-
-Here is an example of the light theme.
-
-![Light theme example](/static/img/docs/preferences/light-theme-7-4.png)
-
-## Change server UI theme
-
-Grafana server administrators can change the Grafana UI theme for all users on the server by setting the [default_theme]({{< relref "../configuration.md#default-theme" >}}) option in the Grafana configuration file.
-
-To see what the current settings are, refer to [View server settings]({{< relref "../view-server/view-server-settings.md" >}}).
-
-## Change organization UI theme
-
-Organization administrators can change the UI theme for all users in an organization.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
-{{< /docs/list >}}
-
-## Change team UI theme
-
-Organization and team administrators can change the UI theme for all users in a team.
-
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
-1. Click on the team that you want to change the UI theme for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-ui-theme-list.md" >}}
-   {{< /docs/list >}}
-
-## Change your personal UI theme
-
-You can change the UI theme for your user account. This setting overrides UI theme settings at higher levels.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-ui-theme-list.md" >}}
-{{< /docs/list >}}

docs/sources/administration/preferences/change-grafana-timezone.md

@@ -1,46 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/preferences/change-grafana-timezone/"]
-description = "How to change your Grafana timezone"
-keywords = ["grafana", "configuration", "documentation", "home"]
-title = "Change default timezone"
-weight = 400
-+++
-
-# Change the Grafana default timezone
-
-By default, Grafana uses the timezone in your web browser. However, you can override this setting at the server, organization, team, or individual user level. This topic provides instructions for each task.
-
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
-
-## Set server timezone
-
-Grafana server administrators can choose a default timezone for all users on the server by setting the [default_timezone]({{< relref "../configuration.md#default-timezone" >}}) option in the Grafana configuration file.
-
-## Set organization timezone
-
-Organization administrators can choose a default timezone for their organization.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
-{{< /docs/list >}}
-
-## Set team timezone
-
-Organization administrators and team administrators can choose a default timezone for all users in a team.
-
-{{< docs/list >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
-1. Click on the team you that you want to change the timezone for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-timezone-list.md" >}}
-   {{< /docs/list >}}
-
-## Set your personal timezone
-
-You can change the timezone for your user account. This setting overrides timezone settings at higher levels.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-timezone-list.md" >}}
-{{< /docs/list >}}

docs/sources/administration/preferences/change-home-dashboard.md

@@ -1,75 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/change-home-dashboard/", "/docs/grafana/latest/administration/preferences/change-home-dashboard/"]
-description = "How to replace the default home dashboard"
-keywords = ["grafana", "configuration", "documentation", "home"]
-title = "Change home dashboard"
-weight = 300
-+++
-
-# Change the default home dashboard
-
-The home dashboard you set is the one all users will see by default when they log in. You can set the home dashboard for the server, an organization, a team, or your personal user account. This topic provides instructions for each task.
-
-{{< docs/shared "preferences/some-tasks-require-permissions.md" >}}
-
-## Navigate to the home dashboard
-
-The home dashboard is the first dashboard a user sees when they sign in to Grafana. You can also navigate to the home dashboard manually.
-
-1. Hover your cursor over the **Dashboards** (four squares) icon.
-1. Click **Home**.
-
-## Set the home dashboard for the server
-
-Users with the Grafana Server Admin flag on their account or access to the configuration file can define a JSON file to use as the home dashboard for all users on the server.
-
-### [Optional] Convert an existing dashboard into a JSON file
-
-1. Navigate to the page of the dashboard you want to use as the home dashboard.
-1. Click the **Share dashboard** icon next to the dashboard title.
-1. In the Export tab, click **Save to file**. Grafana converts the dashboard to a JSON file and saves it locally.
-
-### Use a JSON file as the home dashboard
-
-1. Save your JSON file somewhere that Grafana can access it. For example, in the Grafana `data` folder of Grafana.
-1. Update your configuration file to set the path to the JSON file. Refer to [default_home_dashboard_path]({{< relref "../configuration.md#default_home_dashboard_path" >}}) for more information about modifying the Grafana configuration files.
-
-```ini
-[dashboards]
-# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
-default_home_dashboard_path = data/main-dashboard.json
-```
-
-> **Note:** On Linux, Grafana uses `/usr/share/grafana/public/dashboards/home.json` as the default home dashboard location.
-
-## Set the home dashboard for your organization
-
-Organization administrators can choose a home dashboard for their organization.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/org-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-{{< /docs/list >}}
-
-## Set home dashboard for your team
-
-Organization administrators and Team Admins can choose a home dashboard for a team.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "manage-users/view-team-list.md" >}}
-
-1. Click on the team that you want to change the home dashboard for and then navigate to the **Settings** tab.
-   {{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-   {{< /docs/list >}}
-
-## Set your personal home dashboard
-
-You can choose your own personal home dashboard. This setting overrides all home dashboards set at higher levels.
-
-{{< docs/list >}}
-{{< docs/shared "preferences/navigate-to-the-dashboard-list.md" >}}
-{{< docs/shared "preferences/navigate-user-preferences-list.md" >}}
-{{< docs/shared "preferences/select-home-dashboard-list.md" >}}
-{{< /docs/list >}}

docs/sources/administration/provisioning/_index.md

@@ -1,18 +1,22 @@
-+++
-aliases = ["/docs/grafana/latest/administration/provisioning/", "/docs/grafana/latest/installation/provisioning/"]
-description = ""
-keywords = ["grafana", "provisioning"]
-title = "Provisioning"
-weight = 800
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/provisioning/
+  - /docs/grafana/latest/installation/provisioning/
+description: Describes provisioning settings for Grafana using configuration files.
+keywords:
+  - grafana
+  - provisioning
+title: Provision Grafana
+weight: 600
+---
 
-# Provisioning Grafana
+# Provision Grafana
 
 In previous versions of Grafana, you could only use the API for provisioning data sources and dashboards. But that required the service to be running before you started creating dashboards and you also needed to set up credentials for the HTTP API. In v5.0 we decided to improve this experience by adding a new active provisioning system that uses config files. This will make GitOps more natural as data sources and dashboards can be defined via files that can be version controlled. We hope to extend this system to later add support for users, orgs and alerts as well.
 
 ## Config File
 
-Check out the [configuration]({{< relref "configuration.md" >}}) page for more information on what you can configure in `grafana.ini`
+See [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}) for more information on what you can configure in `grafana.ini`.
 
 ### Config File Locations
 
@@ -94,8 +98,6 @@ datasources:
     uid: my_unique_uid
     # <string> url
     url: http://localhost:8080
-    # <string> Deprecated, use secureJsonData.password
-    password:
     # <string> database user, if used
     user:
     # <string> database name, if used
@@ -104,8 +106,6 @@ datasources:
     basicAuth:
     # <string> basic auth username
     basicAuthUser:
-    # <string> Deprecated, use secureJsonData.basicAuthPassword
-    basicAuthPassword:
     # <bool> enable/disable with credentials headers
     withCredentials:
     # <bool> mark as default datasource. Max one per org
@@ -194,7 +194,7 @@ Since not all datasources have the same configuration settings we only have the
 
 `{"authType":"keys","defaultRegion":"us-west-2","timeField":"@timestamp"}`
 
-Secure json data is a map of settings that will be encrypted with [secret key]({{< relref "configuration.md#secret-key" >}}) from the Grafana config. The purpose of this is only to hide content from the users of the application. This should be used for storing TLS Cert and password that Grafana will append to the request on the server side. All of these settings are optional.
+Secure json data is a map of settings that will be encrypted with [secret key]({{< relref "../../setup-grafana/configure-grafana/#secret-key" >}}) from the Grafana config. The purpose of this is only to hide content from the users of the application. This should be used for storing TLS Cert and password that Grafana will append to the request on the server side. All of these settings are optional.
 
 > **Note:** Datasources tagged with _HTTP\*_ below denotes any data source which communicates using the HTTP protocol, e.g. all core data source plugins except MySQL, PostgreSQL and MSSQL.
 
@@ -233,7 +233,7 @@ datasources:
 
 > This feature is available from v7.1
 
-You can manage plugins in Grafana by adding one or more YAML config files in the [`provisioning/plugins`]({{< relref "configuration.md#provisioning" >}}) directory. Each config file can contain a list of `apps` that will be updated during start up. Grafana updates each app to match the configuration file.
+You can manage plugins in Grafana by adding one or more YAML config files in the [`provisioning/plugins`]({{< relref "../../setup-grafana/configure-grafana/#provisioning" >}}) directory. Each config file can contain a list of `apps` that will be updated during start up. Grafana updates each app to match the configuration file.
 
 ### Example plugin configuration file
 
@@ -261,7 +261,7 @@ apps:
 
 ## Dashboards
 
-You can manage dashboards in Grafana by adding one or more YAML config files in the [`provisioning/dashboards`]({{< relref "configuration.md" >}}) directory. Each config file can contain a list of `dashboards providers` that load dashboards into Grafana from the local filesystem.
+You can manage dashboards in Grafana by adding one or more YAML config files in the [`provisioning/dashboards`]({{< relref "../../setup-grafana/configure-grafana/" >}}) directory. Each config file can contain a list of `dashboards providers` that load dashboards into Grafana from the local filesystem.
 
 The dashboard provider config file looks somewhat like this:
 
@@ -316,7 +316,7 @@ Note: The JSON definition in the input field when using `Copy JSON to Clipboard`
 
 ### Reusable Dashboard URLs
 
-If the dashboard in the JSON file contains an [UID]({{< relref "../dashboards/json-model.md" >}}), Grafana forces insert/update on that UID. This allows you to migrate dashboards between Grafana instances and provisioning Grafana from configuration without breaking the URLs given because the new dashboard URL uses the UID as identifier.
+If the dashboard in the JSON file contains an [UID]({{< relref "../../dashboards/json-model/" >}}), Grafana forces insert/update on that UID. This allows you to migrate dashboards between Grafana instances and provisioning Grafana from configuration without breaking the URLs given because the new dashboard URL uses the UID as identifier.
 When Grafana starts, it updates/inserts all dashboards available in the configured folders. If you modify the file, then the dashboard is also updated.
 By default, Grafana deletes dashboards in the database if the file is removed. You can disable this behavior using the `disableDeletion` setting.
 
@@ -601,4 +601,4 @@ The following sections detail the supported settings and secure settings for eac
 
 Grafana Enterprise supports provisioning for the following resources:
 
-- [Role-based access control provisioning]({{< relref "../enterprise/access-control/rbac-provisioning.md" >}})
+- [Role-based access control provisioning]({{< relref "../roles-and-permissions/access-control/rbac-provisioning/" >}})

docs/sources/administration/roles-and-permissions/_index.md

@@ -1,12 +1,18 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/about-users-and-permissions/", "/docs/grafana/latest/manage-users/", "/docs/grafana/latest/permissions/", "/docs/grafana/latest/permissions/organization_roles/", "/docs/grafana/latest/permissions/overview/"]
-title = "About users and permissions"
-weight = 100
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/about-users-and-permissions/
+  - /docs/grafana/latest/manage-users/
+  - /docs/grafana/latest/permissions/
+  - /docs/grafana/latest/permissions/organization_roles/
+  - /docs/grafana/latest/permissions/overview/
+description: Information about Grafana user, team, and organization roles and permissions
+title: Roles and permissions
+weight: 300
+---
 
-# About users and permissions
+# Roles and permissions
 
-A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
+A _user_ is any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
 
 You can assign a user one of three types of permissions:
 
@@ -26,12 +32,14 @@ A server administrator can perform the following tasks:
 
 - Manage users and permissions
 - Create, edit, and delete organizations
-- View server-wide settings defined in the [Configuration]({{< relref "../../administration/configuration.md" >}}) file
+- View server-wide settings defined in the [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}) file
 - View Grafana server statistics, including total users and active sessions
 - Upgrade the server to Grafana Enterprise.
 
 > **Note:** The server administrator role does not exist in Grafana Cloud.
 
+To assign or remove server administrator privileges, see [Server user management]({{< relref "../user-management/server-user-management/assign-remove-server-admin-privileges/" >}}).
+
 ## Organization users and permissions
 
 All Grafana users belong to at least one organization. An organization is an entity that exists within your instance of Grafana.
@@ -50,9 +58,11 @@ Permissions assigned to a user within an organization control the extent to whic
 - library panels
 - API keys
 
+For more information about managing organization users, see [User management]({{< relref "../user-management/manage-org-users/" >}}).
+
 ### Organization roles
 
-Organization role-based permissions are global, which means that each permission level applies to all Grafana resources within an given organization. For example, an editor can see and update _all_ dashboards in an organization, unless those dashboards have been specifically restricted using [dashboard permissions]({{< relref "manage-dashboard-permissions/_index.md" >}}).
+Organization role-based permissions are global, which means that each permission level applies to all Grafana resources within an given organization. For example, an editor can see and update _all_ dashboards in an organization, unless those dashboards have been specifically restricted using [dashboard permissions]({{< relref "../user-management/manage-dashboard-permissions/" >}}).
 
 Grafana uses the following roles to control user access:
 
@@ -92,9 +102,9 @@ You can specify the following permissions to dashboards and folders.
 - **Edit**: Can create and edit dashboards. Editors _cannot_ change folder or dashboard permissions, or add, edit, or delete folders.
 - **View**: Can only view dashboards and folders.
 
-For more information about assigning dashboard folder permissions, refer to [Grant dashboard folder permissions]({{< relref "./manage-dashboard-permissions/_index.md#grant-dashboard-folder-permissions" >}}).
+For more information about assigning dashboard folder permissions, refer to [Grant dashboard folder permissions]({{< relref "../user-management/manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}).
 
-For more information about assigning dashboard permissions, refer to [Grant dashboard permissions]({{< relref "./manage-dashboard-permissions/_index.md#grant-dashboard-permissions" >}}).
+For more information about assigning dashboard permissions, refer to [Grant dashboard permissions]({{< relref "../user-management/manage-dashboard-permissions/#grant-dashboard-permissions" >}}).
 
 ## Editors with administrator permissions
 
@@ -104,18 +114,18 @@ If you have access to the Grafana server, you can modify the default editor role
 
 This setting can be used to enable self-organizing teams to administer their own dashboards.
 
-For more information about assigning administrator permissions to editors, refer to [Grant editors administrator permissions]({{< relref "./manage-server-users/grant-editor-admin-permissions.md" >}}).
+For more information about assigning administrator permissions to editors, refer to [Grant editors administrator permissions]({{< relref "../user-management/server-user-management/grant-editor-admin-permissions/" >}}).
 
 ## Viewers with dashboard preview and Explore permissions
 
 If you have access to the Grafana server, you can modify the default viewer role so that viewers can:
 
 - Edit and preview dashboards, but cannot save their changes or create new dashboards.
-- Access and use [Explore]({{< relref "../../explore/_index.md" >}}).
+- Access and use [Explore]({{< ref "/explore" >}}).
 
 Extending the viewer role is useful for public Grafana installations where you want anonymous users to be able to edit panels and queries, but not be able to save or create new dashboards.
 
-For more information about assigning dashboard preview permissions to viewers, refer to [Enable viewers to preview dashboards and use Explore]({{< relref "./manage-dashboard-permissions/_index.md#enable-viewers-to-preview-dashboards-and-use-explore" >}}).
+For more information about assigning dashboard preview permissions to viewers, refer to [Enable viewers to preview dashboards and use Explore]({{< relref "../user-management/manage-dashboard-permissions/#enable-viewers-to-edit-but-not-save-dashboards-and-use-explore" >}}).
 
 ## Teams and permissions
 
@@ -126,13 +136,15 @@ You can assign a team member one of the following permissions:
 - **Member**: Includes the user as a member of the team. Members do not have team administrator privileges.
 - **Admin**: Administrators have permission to manage various aspects of the team, including team membership, permissions, and settings.
 
-Because teams exist inside an organization, the organization administrator can manage all teams. When the `editors_can_admin` setting is enabled, editors can create teams and manage teams that they create. For more information about the `editors_can_admin` setting, refer to [Grant editors administrator permissions]({{< relref "./manage-server-users/grant-editor-admin-permissions.md" >}}).
+Because teams exist inside an organization, the organization administrator can manage all teams. When the `editors_can_admin` setting is enabled, editors can create teams and manage teams that they create. For more information about the `editors_can_admin` setting, refer to [Grant editors administrator permissions]({{< relref "../user-management/server-user-management/grant-editor-admin-permissions/" >}}).
+
+For details on managing teams, see [Team management]({{< relref "../team-management/" >}}).
 
 ## Grafana Enterprise user permissions features
 
 While Grafana OSS includes a robust set of permissions and settings that you can use to manage user access to server and organization resources, you might find that you require additional capabilities.
 
-Grafana Enterprise provides the following permissions-related features:
+[Grafana Enterprise]({{< relref "../../enterprise/">}}) provides the following permissions-related features:
 
 - Data source permissions
 - Role-based access control (RBAC)
@@ -141,13 +153,13 @@ Grafana Enterprise provides the following permissions-related features:
 
 By default, a user can query any data source in an organization, even if the data source is not linked to the user's dashboards.
 
-Data source permissions enable you to restrict data source query permissions to specific **Users** and **Teams**. For more information about assigning data source permissions, refer to [Data source permissions]({{< relref "../../enterprise/datasource_permissions.md" >}}).
+Data source permissions enable you to restrict data source query permissions to specific **Users** and **Teams**. For more information about assigning data source permissions, refer to [Data source permissions]({{< relref "../data-source-management/#data-source-permissions/" >}}).
 
 ### Role-based access control
 
 RBAC provides you a way of granting, changing, and revoking user read and write access to Grafana resources, such as users, reports, and authentication.
 
-For more information about RBAC, refer to [Role-based access control]({{< relref "../../enterprise/access-control" >}}).
+For more information about RBAC, refer to [Role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}).
 
 ### Learn more
 

docs/sources/administration/roles-and-permissions/access-control/_index.md

@@ -1,16 +1,23 @@
 ---
 aliases:
-  - /docs/grafana/latest/enterprise/access-control/', '/docs/grafana/latest/enterprise/access-control/roles/
+  - /docs/grafana/latest/enterprise/access-control/
+  - /docs/grafana/latest/enterprise/access-control/roles/
   - /docs/grafana/latest/enterprise/access-control/about-rbac/
 description: Role-based access control (RBAC) provides a standardized way of granting,
   changing, and revoking access so that users can view and modify Grafana resources,
   such as users and reports.
-menuTitle: About RBAC
-title: About RBAC in Grafana
-weight: 10
+menuTitle: Role-based access control (RBAC)
+title: Grafana Role-based access control (RBAC)
+weight: 120
 ---
 
-# About RBAC
+# Role-based access control (RBAC)
+
+RBAC provides a standardized way of granting, changing, and revoking access when it comes to viewing and modifying Grafana resources, such as dashboards, reports, and administrative settings.
+
+{{< section >}}
+
+## About RBAC
 
 Role-based access control (RBAC) provides a standardized way of granting, changing, and revoking access so that users can view and modify Grafana resources, such as users and reports.
 RBAC extends Grafana basic roles that are included in Grafana OSS, and enables you more granular control of users’ actions.
@@ -28,7 +35,7 @@ RBAC roles contain multiple permissions, each of which has an action and a scope
     - **Action:** `datasources:read`
     - **Scope:** `datasources:*`
 
-## Basic roles
+### Basic roles
 
 Basic roles are the standard roles that are available in Grafana OSS. If you have purchased a Grafana Enterprise license, you can still use basic roles.
 
@@ -50,61 +57,61 @@ Each basic role is comprised of a number of _permissions_. For example, the view
 
 > **Note:** You can't have a Grafana user without a basic role assigned.
 
-### Basic role modification
+#### Basic role modification
 
 You can use RBAC to modify the permissions associated with any basic role, which changes what viewers, editors, or admins can do. You can't delete basic roles.
 
 Note that any modification to any of these basic role is not propagated to the other basic roles.
 For example, if you modify Viewer basic role and grant additional permission, Editors or Admins won't have that additional grant.
 
-For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions#basic-role-assignments" >}}).
-To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "./manage-rbac-roles#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID.
+For more information about the permissions associated with each basic role, refer to [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
+To interact with the API and view or modify basic roles permissions, refer to [the table]({{< relref "./manage-rbac-roles/#basic-role-uid-mapping" >}}) that maps basic role names to the associated UID.
 
-## Fixed roles
+### Fixed roles
 
 Grafana Enterprise includes the ability for you to assign discrete fixed roles to users, teams, and service accounts. This gives you fine-grained control over user permissions than you would have with basic roles alone. These roles are called "fixed" because you cannot change or delete fixed roles. You can also create _custom_ roles of your own; see more information in the [custom roles section]({{< relref "#custom-roles" >}}) below.
 
 Assign fixed roles when the basic roles do not meet your permission requirements. For example, you might want a user with the basic viewer role to also edit dashboards. Or, you might want anyone with the editor role to also add and manage users. Fixed roles provide users more granular access to create, view, and update the following Grafana resources:
 
-- [Alerting]({{< relref "../../alerting/_index.md" >}})
-- [Annotations]({{< relref "../../dashboards/annotations.md" >}})
-- [API keys]({{< relref "../../administration/api-keys/_index.md" >}})
-- [Dashboards and folders]({{< relref "../../dashboards/_index.md" >}})
-- [Data sources]({{< relref "../../datasources/_index.md" >}})
-- [Explore]({{< relref "../../explore/_index.md" >}})
-- [Folders]({{< relref "../../dashboards/dashboard-folders.md" >}})
-- [LDAP]({{< relref "../../auth/ldap/_index.md" >}})
-- [Licenses]({{< relref "../license/_index.md" >}})
-- [Organizations]({{< relref "../../administration/manage-organizations/_index.md" >}})
-- [Provisioning]({{< relref "../../administration/provisioning/_index.md" >}})
-- [Reports]({{< relref "../reporting.md" >}})
-- [Roles]({{< relref "../../administration/manage-users-and-permissions/_index.md" >}})
-- [Settings]({{< relref "../settings-updates.md" >}})
-- [Service accounts]({{< relref "../../administration/service-accounts/_index.md" >}})
-- [Teams]({{< relref "../../administration/manage-users-and-permissions/manage-teams/_index.md" >}})
-- [Users]({{< relref "../../administration/manage-users-and-permissions/manage-server-users/_index.md" >}})
+- [Alerting]({{< relref "../../../alerting/" >}})
+- [Annotations]({{< relref "../../../dashboards/annotations/" >}})
+- [API keys]({{< relref "../../api-keys/" >}})
+- [Dashboards and folders]({{< relref "../../../dashboards/" >}})
+- [Data sources]({{< relref "../../../datasources/" >}})
+- [Explore]({{< relref "../../../explore/" >}})
+- [Folders]({{< relref "../../../dashboards/dashboard-folders/" >}})
+- [LDAP]({{< relref "../../../setup-grafana/configure-security/configure-authentication/ldap/" >}})
+- [Licenses]({{< relref "../../stats-and-license/" >}})
+- [Organizations]({{< relref "../../organization-management/" >}})
+- [Provisioning]({{< relref "../../provisioning/" >}})
+- [Reports]({{< relref "../../../enterprise/reporting/" >}})
+- [Roles]({{< relref "../../" >}})
+- [Settings]({{< relref "../../../enterprise/settings-updates/" >}})
+- [Service accounts]({{< relref "../../service-accounts/" >}})
+- [Teams]({{< relref "../../team-management/" >}})
+- [Users]({{< relref "../../user-management/" >}})
 
-To learn more about the permissions you can grant for each resource, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions.md" >}}).
+To learn more about the permissions you can grant for each resource, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/" >}}).
 
-## Custom roles
+### Custom roles
 
 If you are a Grafana Enterprise customer, you can create custom roles to manage user permissions in a way that meets your security requirements.
 
-Custom roles contain unique combinations of permissions _actions_ and _scopes_. An action defines the action a use can perform on a Grafana resource. For example, the `teams.roles:list` action allows a user to see a list of roles associated with each team.
+Custom roles contain unique combinations of permissions _actions_ and _scopes_. An action defines the action a use can perform on a Grafana resource. For example, the `teams.roles:read` action allows a user to see a list of roles associated with each team.
 
-A scope describes where an action can be performed. For example, the `teams:id:1` scope restricts the user's action to the team with ID `1`. When paired with the `teams.roles:list` action, this permission prohibits the user from viewing the roles for teams other than team `1`.
+A scope describes where an action can be performed. For example, the `teams:id:1` scope restricts the user's action to the team with ID `1`. When paired with the `teams.roles:read` action, this permission prohibits the user from viewing the roles for teams other than team `1`.
 
 Consider creating a custom role when fixed roles do not meet your permissions requirements.
 
-### Custom role creation
+#### Custom role creation
 
 You can use either of the following methods to create, assign, and manage custom roles:
 
-- Grafana provisioning: You can use a YAML file to configure roles. For more information about using provisioning to create custom roles, refer to [Manage RBAC roles]({{< relref "./manage-rbac-roles.md" >}}). For more information about using provisioning to assign RBAC roles to users or teams, refer to [Assign RBAC roles]({{< relref "./assign-rbac-roles.md" >}}).
-- RBAC API: As an alternative, you can use the Grafana HTTP API to create and manage roles. For more information about the HTTP API, refer to [RBAC API]({{< relref "../../developers/http_api/access_control.md" >}}).
+- Grafana provisioning: You can use a YAML file to configure roles. For more information about using provisioning to create custom roles, refer to [Manage RBAC roles]({{< relref "./manage-rbac-roles/" >}}). For more information about using provisioning to assign RBAC roles to users or teams, refer to [Assign RBAC roles]({{< relref "./assign-rbac-roles/" >}}).
+- RBAC API: As an alternative, you can use the Grafana HTTP API to create and manage roles. For more information about the HTTP API, refer to [RBAC API]({{< relref "../../../developers/http_api/access_control/" >}}).
 
-## Limitation
+### Limitation
 
 If you have created a folder with the name `General` or `general`, you cannot manage its permissions with RBAC.
 
-If you set [folder permissions]({{< relref "../../administration/manage-users-and-permissions/manage-dashboard-permissions/_index.md" >}}) for a folder named `General` or `general`, the system disregards the folder when RBAC is enabled.
+If you set [folder permissions]({{< relref "../../user-management/manage-dashboard-permissions/#grant-dashboard-folder-permissions" >}}) for a folder named `General` or `general`, the system disregards the folder when RBAC is enabled.

docs/sources/administration/roles-and-permissions/access-control/assign-rbac-roles.md

@@ -28,10 +28,10 @@ In both cases, the assignment applies only to the user or team within the affect
 
 **Before you begin:**
 
-- [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy.md" >}}).
+- [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy/" >}}).
 - Identify the fixed roles that you want to assign to the user or team.
 
-  For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions.md" >}}).
+  For more information about available fixed roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/" >}}).
 
 - Ensure that your own user account has the correct permissions:
   - If you are assigning permissions to a user or team within an organization, you must have organization administrator or server administrator permissions.
@@ -46,7 +46,7 @@ In both cases, the assignment applies only to the user or team within the affect
 1. Sign in to Grafana.
 2. Switch to the organization that contains the user or team.
 
-   For more information about switching organizations, refer to [Switch organizations](../../administration/manage-user-preferences/_index.md#switch-organizations).
+   For more information about switching organizations, refer to [Switch organizations]({{< relref "../../user-management/user-preferences/_index.md#switch-organizations" >}}).
 
 3. Hover your cursor over **Configuration** (the gear icon) in the left navigation menu, and click **Users** or **Teams**.
 4. In the **Role** column, select the fixed role that you want to assign to the user or team.
@@ -69,8 +69,8 @@ Instead of using the Grafana role picker, you can use file-based provisioning to
 
 **Before you begin:**
 
-- Refer to [Role provisioning]({{< relref "./rbac-provisioning#rbac-provisioning" >}})
-- Ensure that the team to which you are adding the fixed role exists. For more information about creating teams, refer to [Manage teams]({{< relref "../../administration/manage-users-and-permissions/manage-teams/_index.md">}})
+- Refer to [Role provisioning]({{< relref "./rbac-provisioning/#rbac-provisioning" >}})
+- Ensure that the team to which you are adding the fixed role exists. For more information about creating teams, refer to [Manage teams]({{< relref "../../team-management/" >}})
 
 **To assign a role to a team:**
 
@@ -78,25 +78,25 @@ Instead of using the Grafana role picker, you can use file-based provisioning to
 
 1. Refer to the following table to add attributes and values.
 
-   | Attribute                | Description                                                                                                                                                                                                      |
-   | ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-   | `roles`                  | Enter the custom role or custom roles you want to create/update.                                                                                                                                                 |
-   | `roles > name`           | Enter the name of the custom role.                                                                                                                                                                               |
-   | `roles > version`        | Enter the custom role version number. Role assignments are independent of the role version number.                                                                                                               |
-   | `roles > global`         | Enter `true`. You can specify the `orgId` otherwise.                                                                                                                                                             |
-   | `roles > permissions`    | Enter the permissions `action` and `scope` values. For more information about permissions actions and scopes, refer to [RBAC permissions, actions, and scopes]({{< relref "./custom-role-actions-scopes.md" >}}) |
-   | `teams`                  | Enter the team or teams to which you are adding the custom role.                                                                                                                                                 |
-   | `teams > orgId`          | Because teams belong to organizations, you must add the `orgId` value.                                                                                                                                           |
-   | `teams > name`           | Enter the name of the team.                                                                                                                                                                                      |
-   | `teams > roles`          | Enter the custom or fixed role or roles that you want to grant to the team.                                                                                                                                      |
-   | `teams > roles > name`   | Enter the name of the role.                                                                                                                                                                                      |
-   | `teams > roles > global` | Enter `true`, or specify `orgId` of the role you want to assign to the team. Fixed roles are global.                                                                                                             |
+   | Attribute                | Description                                                                                                                                                                                                    |
+   | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+   | `roles`                  | Enter the custom role or custom roles you want to create/update.                                                                                                                                               |
+   | `roles > name`           | Enter the name of the custom role.                                                                                                                                                                             |
+   | `roles > version`        | Enter the custom role version number. Role assignments are independent of the role version number.                                                                                                             |
+   | `roles > global`         | Enter `true`. You can specify the `orgId` otherwise.                                                                                                                                                           |
+   | `roles > permissions`    | Enter the permissions `action` and `scope` values. For more information about permissions actions and scopes, refer to [RBAC permissions, actions, and scopes]({{< relref "./custom-role-actions-scopes/" >}}) |
+   | `teams`                  | Enter the team or teams to which you are adding the custom role.                                                                                                                                               |
+   | `teams > orgId`          | Because teams belong to organizations, you must add the `orgId` value.                                                                                                                                         |
+   | `teams > name`           | Enter the name of the team.                                                                                                                                                                                    |
+   | `teams > roles`          | Enter the custom or fixed role or roles that you want to grant to the team.                                                                                                                                    |
+   | `teams > roles > name`   | Enter the name of the role.                                                                                                                                                                                    |
+   | `teams > roles > global` | Enter `true`, or specify `orgId` of the role you want to assign to the team. Fixed roles are global.                                                                                                           |
 
    For more information about managing custom roles, refer to [Create custom roles using provisioning]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}).
 
 1. Reload the provisioning configuration file.
 
-   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
+   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
 
 The following example creates the `custom:users:writer` role and assigns it to the `user writers` and `user admins` teams along with the `fixed:users:writer` role:
 

docs/sources/administration/roles-and-permissions/access-control/configure-rbac.md

@@ -1,14 +1,14 @@
 ---
-title: 'Configure RBAC in Grafana'
-menuTitle: 'Configure RBAC'
-description: 'Learn how to configure RBAC.'
 aliases: []
+description: Learn how to configure RBAC.
+menuTitle: Configure RBAC
+title: Configure RBAC in Grafana
 weight: 30
 ---
 
 # Configure RBAC in Grafana
 
-The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../administration/configuration.md#configure-with-environment-variables" >}}).
+The table below describes all RBAC configuration options. Like any other Grafana configuration, you can apply these options as [environment variables]({{< relref "../../../setup-grafana/configure-grafana/#configure-with-environment-variables" >}}).
 
 | Setting            | Required | Description                                                                  | Default |
 | ------------------ | -------- | ---------------------------------------------------------------------------- | ------- |

docs/sources/administration/roles-and-permissions/access-control/custom-role-actions-scopes.md

@@ -12,7 +12,7 @@ weight: 80
 
 A permission is comprised of an action and a scope. When creating a custom role, consider the actions the user can perform and the resource(s) on which they can perform those actions.
 
-To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "./about-rbac.md#fixed-roles" >}}).
+To learn more about the Grafana resources to which you can apply RBAC, refer to [Resources with RBAC permissions]({{< relref "../#fixed-roles" >}}).
 
 - **Action:** An action describes what tasks a user can perform on a resource.
 - **Scope:** A scope describes where an action can be performed, such as reading a specific user profile. In this example, a permission is associated with the scope `users:<userId>` to the relevant role.
@@ -27,7 +27,7 @@ The following list contains role-based access control actions.
 | `alert.instances.external:write`     | `datasources:*`<br>`datasources:uid:*`                                                  | Manage alerts and silences in data sources that support alerting.                                                                                                                                |
 | `alert.instances:create`             | n/a                                                                                     | Create silences in the current organization.                                                                                                                                                     |
 | `alert.instances:read`               | n/a                                                                                     | Read alerts and silences in the current organization.                                                                                                                                            |
-| `alert.instances:update`             | n/a                                                                                     | Update and expire silences in the current organization.                                                                                                                                          |
+| `alert.instances:write`              | n/a                                                                                     | Update and expire silences in the current organization.                                                                                                                                          |
 | `alert.notifications.external:read`  | `datasources:*`<br>`datasources:uid:*`                                                  | Read templates, contact points, notification policies, and mute timings in data sources that support alerting.                                                                                   |
 | `alert.notifications.external:write` | `datasources:*`<br>`datasources:uid:*`                                                  | Manage templates, contact points, notification policies, and mute timings in data sources that support alerting.                                                                                 |
 | `alert.notifications:write`          | n/a                                                                                     | Manage templates, contact points, notification policies, and mute timings in the current organization.                                                                                           |
@@ -37,7 +37,9 @@ The following list contains role-based access control actions.
 | `alert.rules:create`                 | `folders:*`<br>`folders:uid:*`                                                          | Create Grafana alert rules in a folder. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
 | `alert.rules:delete`                 | `folders:*`<br>`folders:uid:*`                                                          | Delete Grafana alert rules in a folder. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
 | `alert.rules:read`                   | `folders:*`<br>`folders:uid:*`                                                          | Read Grafana alert rules in a folder. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query.   |
-| `alert.rules:update`                 | `folders:*`<br>`folders:uid:*`                                                          | Update Grafana alert rules in a folder. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
+| `alert.rules:write`                  | `folders:*`<br>`folders:uid:*`                                                          | Update Grafana alert rules in a folder. Combine this permission with `folders:read` in a scope that includes the folder and `datasources:query` in the scope of data sources the user can query. |
+| `alert.provisioning:read`            | n/a                                                                                     | Read all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and datasource are not required.                                                           |
+| `alert.provisioning:write`           | n/a                                                                                     | Update all Grafana alert rules, notification policies, etc via provisioning API. Permissions to folders and datasource are not required.                                                         |
 | `annotations:create`                 | `annotations:*`<br>`annotations:type:*`                                                 | Create annotations.                                                                                                                                                                              |
 | `annotations:delete`                 | `annotations:*`<br>`annotations:type:*`                                                 | Delete annotations.                                                                                                                                                                              |
 | `annotations:read`                   | `annotations:*`<br>`annotations:type:*`                                                 | Read annotations and annotation tags.                                                                                                                                                            |
@@ -73,9 +75,9 @@ The following list contains role-based access control actions.
 | `licensing.reports:read`             | n/a                                                                                     | Get custom permission reports.                                                                                                                                                                   |
 | `licensing:delete`                   | n/a                                                                                     | Delete the license token.                                                                                                                                                                        |
 | `licensing:read`                     | n/a                                                                                     | Read licensing information.                                                                                                                                                                      |
-| `licensing:update`                   | n/a                                                                                     | Update the license token.                                                                                                                                                                        |
-| `org.users.role:update`              | `users:*` <br> `users:id:*`                                                             | Update the organization role (`Viewer`, `Editor`, or `Admin`) of an organization.                                                                                                                |
-| `org.users:add`                      | `users:*`                                                                               | Add a user to an organization.                                                                                                                                                                   |
+| `licensing:write`                    | n/a                                                                                     | Update the license token.                                                                                                                                                                        |
+| `org.users:write`                    | `users:*` <br> `users:id:*`                                                             | Update the organization role (`Viewer`, `Editor`, or `Admin`) of a user.                                                                                                                         |
+| `org.users:add`                      | `users:*`                                                                               | Add a user to an organization or invite a new user to an organization.                                                                                                                           |
 | `org.users:read`                     | `users:*` <br> `users:id:*`                                                             | Get user profiles within an organization.                                                                                                                                                        |
 | `org.users:remove`                   | `users:*` <br> `users:id:*`                                                             | Remove a user from an organization.                                                                                                                                                              |
 | `org:create`                         | n/a                                                                                     | Create an organization.                                                                                                                                                                          |
@@ -87,42 +89,40 @@ The following list contains role-based access control actions.
 | `orgs:read`                          | `orgs:*` <br> `orgs:id:*`                                                               | Read one or more organizations.                                                                                                                                                                  |
 | `orgs:write`                         | `orgs:*` <br> `orgs:id:*`                                                               | Update one or more organizations.                                                                                                                                                                |
 | `provisioning:reload`                | `provisioners:*`                                                                        | Reload provisioning files. To find the exact scope for specific provisioner, see [Scope definitions]({{< relref "#scope-definitions" >}}).                                                       |
-| `reports.admin:create`               | n/a                                                                                     | Create reports.                                                                                                                                                                                  |
-| `reports.admin:write`                | `reports:*` <br> `reports:id:*`                                                         | Update reports.                                                                                                                                                                                  |
+| `reports:create`                     | n/a                                                                                     | Create reports.                                                                                                                                                                                  |
+| `reports:write`                      | `reports:*` <br> `reports:id:*`                                                         | Update reports.                                                                                                                                                                                  |
 | `reports.settings:read`              | n/a                                                                                     | Read report settings.                                                                                                                                                                            |
 | `reports.settings:write`             | n/a                                                                                     | Update report settings.                                                                                                                                                                          |
 | `reports:delete`                     | `reports:*` <br> `reports:id:*`                                                         | Delete reports.                                                                                                                                                                                  |
 | `reports:read`                       | `reports:*`                                                                             | List all available reports or get a specific report.                                                                                                                                             |
 | `reports:send`                       | `reports:*`                                                                             | Send a report email.                                                                                                                                                                             |
 | `roles:delete`                       | `permissions:type:delegate`                                                             | Delete a custom role.                                                                                                                                                                            |
-| `roles:list`                         | `roles:*`                                                                               | List available roles without permissions.                                                                                                                                                        |
-| `roles:read`                         | `roles:*` <br> `roles:uid:*`                                                            | Read a specific role with its permissions.                                                                                                                                                       |
+| `roles:read`                         | `roles:*` <br> `roles:uid:*`                                                            | List roles and read a specific with its permissions.                                                                                                                                             |
 | `roles:write`                        | `permissions:type:delegate`                                                             | Create or update a custom role.                                                                                                                                                                  |
 | `roles:write`                        | `permissions:type:escalate`                                                             | Reset basic roles to their default permissions.                                                                                                                                                  |
 | `server.stats:read`                  | n/a                                                                                     | Read Grafana instance statistics.                                                                                                                                                                |
-| `settings:read`                      | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Read the [Grafana configuration settings]({{< relref "../../administration/configuration/_index.md" >}})                                                                                         |
-| `settings:write`                     | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Update any Grafana configuration settings that can be [updated at runtime]({{< relref "../../enterprise/settings-updates/_index.md" >}}).                                                        |
+| `settings:read`                      | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Read the [Grafana configuration settings]({{< relref "../../../setup-grafana/configure-grafana/" >}})                                                                                            |
+| `settings:write`                     | `settings:*`<br>`settings:auth.saml:*`<br>`settings:auth.saml:enabled` (property level) | Update any Grafana configuration settings that can be [updated at runtime]({{< relref "../../../enterprise/settings-updates/" >}}).                                                              |
 | `status:accesscontrol`               | `services:accesscontrol`                                                                | Get access-control enabled status.                                                                                                                                                               |
 | `teams.permissions:read`             | `teams:*`<br>`teams:id:*`                                                               | Read members and External Group Synchronization setup for teams.                                                                                                                                 |
 | `teams.permissions:write`            | `teams:*`<br>`teams:id:*`                                                               | Add, remove and update members and manage External Group Synchronization setup for teams.                                                                                                        |
 | `teams.roles:add`                    | `permissions:type:delegate`                                                             | Assign a role to a team.                                                                                                                                                                         |
-| `teams.roles:list`                   | `teams:*`                                                                               | List roles assigned directly to a team.                                                                                                                                                          |
+| `teams.roles:read`                   | `teams:*`                                                                               | List roles assigned directly to a team.                                                                                                                                                          |
 | `teams.roles:remove`                 | `permissions:type:delegate`                                                             | Unassign a role from a team.                                                                                                                                                                     |
 | `teams:create`                       | n/a                                                                                     | Create teams.                                                                                                                                                                                    |
 | `teams:delete`                       | `teams:*`<br>`teams:id:*`                                                               | Delete one or more teams.                                                                                                                                                                        |
 | `teams:read`                         | `teams:*`<br>`teams:id:*`                                                               | Read one or more teams and team preferences.                                                                                                                                                     |
 | `teams:write`                        | `teams:*`<br>`teams:id:*`                                                               | Update one or more teams and team preferences.                                                                                                                                                   |
-| `users.authtoken:list`               | `global.users:*` <br> `global.users:id:*`                                               | List authentication tokens that are assigned to a user.                                                                                                                                          |
-| `users.authtoken:update`             | `global.users:*` <br> `global.users:id:*`                                               | Update authentication tokens that are assigned to a user.                                                                                                                                        |
-| `users.password:update`              | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s password.                                                                                                                                                                        |
-| `users.permissions:list`             | `users:*`                                                                               | List permissions of a user.                                                                                                                                                                      |
-| `users.permissions:update`           | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s organization-level permissions.                                                                                                                                                  |
-| `users.quotas:list`                  | `global.users:*` <br> `global.users:id:*`                                               | List a user’s quotas.                                                                                                                                                                            |
-| `users.quotas:update`                | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s quotas.                                                                                                                                                                          |
+| `users.authtoken:read`               | `global.users:*` <br> `global.users:id:*`                                               | List authentication tokens that are assigned to a user.                                                                                                                                          |
+| `users.authtoken:write`              | `global.users:*` <br> `global.users:id:*`                                               | Update authentication tokens that are assigned to a user.                                                                                                                                        |
+| `users.password:write`               | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s password.                                                                                                                                                                        |
+| `users.permissions:read`             | `users:*`                                                                               | List permissions of a user.                                                                                                                                                                      |
+| `users.permissions:write`            | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s organization-level permissions.                                                                                                                                                  |
+| `users.quotas:read`                  | `global.users:*` <br> `global.users:id:*`                                               | List a user’s quotas.                                                                                                                                                                            |
+| `users.quotas:write`                 | `global.users:*` <br> `global.users:id:*`                                               | Update a user’s quotas.                                                                                                                                                                          |
 | `users.roles:add`                    | `permissions:type:delegate`                                                             | Assign a role to a user.                                                                                                                                                                         |
-| `users.roles:list`                   | `users:*`                                                                               | List roles assigned directly to a user.                                                                                                                                                          |
+| `users.roles:read`                   | `users:*`                                                                               | List roles assigned directly to a user.                                                                                                                                                          |
 | `users.roles:remove`                 | `permissions:type:delegate`                                                             | Unassign a role from a user.                                                                                                                                                                     |
-| `users.teams:read`                   | `global.users:*` <br> `global.users:id:*`                                               | Read a user’s teams.                                                                                                                                                                             |
 | `users:create`                       | n/a                                                                                     | Create a user.                                                                                                                                                                                   |
 | `users:delete`                       | `global.users:*` <br> `global.users:id:*`                                               | Delete a user.                                                                                                                                                                                   |
 | `users:disable`                      | `global.users:*` <br> `global.users:id:*`                                               | Disable a user.                                                                                                                                                                                  |
@@ -146,7 +146,7 @@ The following list contains role-based access control scopes.
 | `orgs:*` <br> `orgs:id:*`                 | Restrict an action to a set of organizations. For example, `orgs:*` matches any organization and `orgs:id:1` matches the organization whose ID is `1`.                                                                                             |
 | `permissions:type:delegate`               | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment.                                     |
 | `permissions:type:escalate`               | The scope is required to trigger the reset of basic roles permissions. It indicates that users might acquire additional permissions they did not previously have.                                                                                  |
-| `provisioners:*`                          | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./custom-role-actions-scopes" >}}).           |
+| `provisioners:*`                          | Restrict an action to a set of provisioners. For example, `provisioners:*` matches any provisioner, and `provisioners:accesscontrol` matches the role-based access control [provisioner]({{< relref "./rbac-provisioning/" >}}).                   |
 | `reports:*` <br> `reports:id:*`           | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:id:1` matches the report whose ID is `1`.                                                                                                         |
 | `roles:*` <br> `roles:uid:*`              | Restrict an action to a set of roles. For example, `roles:*` matches any role and `roles:uid:randomuid` matches only the role whose UID is `randomuid`.                                                                                            |
 | `services:accesscontrol`                  | Restrict an action to target only the role-based access control service. You can use this in conjunction with the `status:accesscontrol` actions.                                                                                                  |

docs/sources/administration/roles-and-permissions/access-control/manage-rbac-roles.md

@@ -16,9 +16,9 @@ This section includes instructions for how to view permissions associated with r
 
 The following example includes the base64 username:password Basic Authorization. You cannot use authorization tokens in the request.
 
-### List permissions associated with roles
+## List permissions associated with roles
 
-Use a `GET` command to see the actions and scopes associated with a role. For more information about seeing a list of permissions for each role, refer to [Get a role]({{< relref "../../developers/http_api/access_control.md#get-a-role" >}}).
+Use a `GET` command to see the actions and scopes associated with a role. For more information about seeing a list of permissions for each role, refer to [Get a role]({{< relref "../../../developers/http_api/access_control/#get-a-role" >}}).
 
 To see the permissions associated with basic roles, refer to the following basic role UIDs:
 
@@ -65,7 +65,7 @@ curl --location --request GET '<grafana_url>/api/access-control/roles/qQui_LCMk'
             "created": "2021-05-17T20:49:18+02:00"
         },
         {
-            "action": "org.users.role:update",
+            "action": "org.users:write",
             "scope": "users:*",
             "updated": "2021-05-17T20:49:18+02:00",
             "created": "2021-05-17T20:49:18+02:00"
@@ -76,7 +76,7 @@ curl --location --request GET '<grafana_url>/api/access-control/roles/qQui_LCMk'
 }
 ```
 
-Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#get-a-role" >}}) for more details.
+Refer to the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#get-a-role" >}}) for more details.
 
 ## Create custom roles
 
@@ -86,9 +86,9 @@ Create a custom role when basic roles and fixed roles do not meet your permissio
 
 **Before you begin:**
 
-- [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy" >}}).
-- Determine which permissions you want to add to the custom role. To see a list of actions and scope, refer to [RBAC permissions actions and scopes]({{< relref "./custom-role-actions-scopes.md" >}}).
-- [Enable role provisioning]({{< relref "./rbac-provisioning" >}}).
+- [Plan your RBAC rollout strategy]({{< relref "./plan-rbac-rollout-strategy/" >}}).
+- Determine which permissions you want to add to the custom role. To see a list of actions and scope, refer to [RBAC permissions, actions, and scopes]({{< relref "./custom-role-actions-scopes/" >}}).
+- [Enable role provisioning]({{< relref "./rbac-provisioning/" >}}).
 - Ensure that you have permissions to create a custom role.
   - By default, the Grafana Admin role has permission to create custom roles.
   - A Grafana Admin can delegate the custom role privilege to another user by creating a custom role with the relevant permissions and adding the `permissions:type:delegate` scope.
@@ -101,25 +101,25 @@ File-based provisioning is one method you can use to create custom roles.
 
 1. Refer to the following table to add attributes and values.
 
-| Attribute     | Description                                                                                                                                                                                                                                                                                                                                                                                                                                        |
-| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `name`        | A human-friendly identifier for the role that helps administrators understand the purpose of a role. `name` is required and cannot be longer than 190 characters. We recommend that you use ASCII characters. Role names must be unique within an organization.                                                                                                                                                                                    |
-| `uid`         | A unique identifier associated with the role. The UID enables you to change or delete the role. You can either generate a UID yourself, or let Grafana generate one for you. You cannot use the same UID within the same Grafana instance.                                                                                                                                                                                                         |
-| `orgId`       | Identifies the organization to which the role belongs. The [default org ID]({{< relref "../../administration/configuration#auto_assign_org_id" >}}) is used if you do not specify `orgId`.                                                                                                                                                                                                                                                         |
-| `global`      | Global roles are not associated with any specific organization, which means that you can reuse them across all organizations. This setting overrides `orgId`.                                                                                                                                                                                                                                                                                      |
-| `displayName` | Human-friendly text that is displayed in the UI. Role display name cannot be longer than 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If you do not set a display name the display name replaces `':'` (a colon) with `' '` (a space).                                                                                                                                                                     |
-| `description` | Human-friendly text that describes the permissions a role provides.                                                                                                                                                                                                                                                                                                                                                                                |
-| `group`       | Organizes roles in the role picker.                                                                                                                                                                                                                                                                                                                                                                                                                |
-| `version`     | A positive integer that defines the current version of the role, which prevents overwriting newer changes.                                                                                                                                                                                                                                                                                                                                         |
-| `hidden`      | Hidden roles do not appear in the role picker.                                                                                                                                                                                                                                                                                                                                                                                                     |
-| `state`       | State of the role. Defaults to `present`, but if set to `absent` the role will be removed.                                                                                                                                                                                                                                                                                                                                                         |
-| `force`       | Can be used in addition to state `absent`, to force the removal of a role and all its assignments.                                                                                                                                                                                                                                                                                                                                                 |
-| `from`        | An optional list of roles from which you want to copy permissions.                                                                                                                                                                                                                                                                                                                                                                                 |
-| `permissions` | Provides users access to Grafana resources. For a list of permissions, refer to [RBAC permissions actions and scopes]({{< relref "./rbac-fixed-basic-role-definitions.md" >}}). If you do not know which permissions to assign, you can create and assign roles without any permissions as a placeholder. Using the `from` attribute, you can specify additional permissions or permissions to remove by adding a `state` to your permission list. |
+| Attribute     | Description                                                                                                                                                                                                                                                                                                                                                                                                                                      |
+| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| `name`        | A human-friendly identifier for the role that helps administrators understand the purpose of a role. `name` is required and cannot be longer than 190 characters. We recommend that you use ASCII characters. Role names must be unique within an organization.                                                                                                                                                                                  |
+| `uid`         | A unique identifier associated with the role. The UID enables you to change or delete the role. You can either generate a UID yourself, or let Grafana generate one for you. You cannot use the same UID within the same Grafana instance.                                                                                                                                                                                                       |
+| `orgId`       | Identifies the organization to which the role belongs. The [default org ID]({{< relref "../../../setup-grafana/configure-grafana/#auto_assign_org_id" >}}) is used if you do not specify `orgId`.                                                                                                                                                                                                                                                |
+| `global`      | Global roles are not associated with any specific organization, which means that you can reuse them across all organizations. This setting overrides `orgId`.                                                                                                                                                                                                                                                                                    |
+| `displayName` | Human-friendly text that is displayed in the UI. Role display name cannot be longer than 190 ASCII-based characters. For fixed roles, the display name is shown as specified. If you do not set a display name the display name replaces `':'` (a colon) with `' '` (a space).                                                                                                                                                                   |
+| `description` | Human-friendly text that describes the permissions a role provides.                                                                                                                                                                                                                                                                                                                                                                              |
+| `group`       | Organizes roles in the role picker.                                                                                                                                                                                                                                                                                                                                                                                                              |
+| `version`     | A positive integer that defines the current version of the role, which prevents overwriting newer changes.                                                                                                                                                                                                                                                                                                                                       |
+| `hidden`      | Hidden roles do not appear in the role picker.                                                                                                                                                                                                                                                                                                                                                                                                   |
+| `state`       | State of the role. Defaults to `present`, but if set to `absent` the role will be removed.                                                                                                                                                                                                                                                                                                                                                       |
+| `force`       | Can be used in addition to state `absent`, to force the removal of a role and all its assignments.                                                                                                                                                                                                                                                                                                                                               |
+| `from`        | An optional list of roles from which you want to copy permissions.                                                                                                                                                                                                                                                                                                                                                                               |
+| `permissions` | Provides users access to Grafana resources. For a list of permissions, refer to [RBAC permissions actions and scopes]({{< relref "./rbac-fixed-basic-role-definitions/" >}}). If you do not know which permissions to assign, you can create and assign roles without any permissions as a placeholder. Using the `from` attribute, you can specify additional permissions or permissions to remove by adding a `state` to your permission list. |
 
 1. Reload the provisioning configuration file.
 
-   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
+   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
 
 The following example creates a local role:
 
@@ -178,7 +178,7 @@ roles:
       - name: 'fixed:org.users:writer'
         global: true
     permissions:
-      - action: 'org.users.role:update'
+      - action: 'org.users:write'
         scope: 'users:*'
         state: 'absent'
       - action: 'org.users:add'
@@ -188,7 +188,7 @@ roles:
 
 ### Create custom roles using the HTTP API
 
-The following examples show you how to create a custom role using the Grafana HTTP API. For more information about the HTTP API, refer to [Create a new custom role]({{< relref "../../developers/http_api/access_control.md#create-a-new-custom-role" >}}).
+The following examples show you how to create a custom role using the Grafana HTTP API. For more information about the HTTP API, refer to [Create a new custom role]({{< relref "../../../developers/http_api/access_control/#create-a-new-custom-role" >}}).
 
 > **Note:** You cannot create a custom role with permissions that you do not have. For example, if you only have `users:create` permissions, then you cannot create a role that includes other permissions.
 
@@ -237,7 +237,7 @@ curl --location --request POST '<grafana_url>/api/access-control/roles/' \
 }
 ```
 
-Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#create-a-new-custom-role" >}}) for more details.
+Refer to the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#create-a-new-custom-role" >}}) for more details.
 
 ## Update basic role permissions
 
@@ -245,7 +245,7 @@ If the default basic role definitions do not meet your requirements, you can cha
 
 **Before you begin:**
 
-- Determine the permissions you want to add or remove from a basic role. For more information about the permissions associated with basic roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions#basic-role-assignments" >}}).
+- Determine the permissions you want to add or remove from a basic role. For more information about the permissions associated with basic roles, refer to [RBAC role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}}).
 
 **To change permissions from a basic role:**
 
@@ -263,7 +263,7 @@ If the default basic role definitions do not meet your requirements, you can cha
 
 1. Reload the provisioning configuration file.
 
-   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
+   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
 
 The following example modifies the `Grafana Admin` basic role permissions.
 
@@ -283,7 +283,7 @@ roles:
         global: true
     permissions:
       # Permissions to remove
-      - action: 'teams.roles:list'
+      - action: 'teams.roles:read'
         scope: 'teams:*'
         state: 'absent'
       - action: 'teams.roles:remove'
@@ -302,7 +302,7 @@ roles:
 > **Note**: You can add multiple `fixed`, `basic` or `custom` roles to the `from` section. Their permissions will be copied and added to the basic role.
 > <br/> **Note**: Make sure to **increment** the role version for the changes to be accounted for.
 
-You can also change basic roles' permissions using the API. Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#update-a-role" >}}) for more details.
+You can also change basic roles' permissions using the API. Refer to the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}) for more details.
 
 ## Reset basic roles to their default
 
@@ -327,7 +327,7 @@ This section describes how to reset the basic roles to their default:
           scope: 'permissions:type:escalate'
    ```
 
-1. As a `Grafana Admin`, call the API endpoint to reset the basic roles to their default. Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#reset-basic-roles-to-their-default" >}}) for more details.
+1. As a `Grafana Admin`, call the API endpoint to reset the basic roles to their default. Refer to the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#reset-basic-roles-to-their-default" >}}) for more details.
 
 ## Delete a custom role using Grafana provisioning
 
@@ -353,7 +353,7 @@ Delete a custom role when you no longer need it. When you delete a custom role,
 
 1. Reload the provisioning configuration file.
 
-   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
+   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
 
 The following example deletes a custom role:
 
@@ -368,4 +368,4 @@ roles:
     force: true
 ```
 
-You can also delete a custom role using the API. Refer to the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#delete-a-custom-role" >}}) for more details.
+You can also delete a custom role using the API. Refer to the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#delete-a-custom-role" >}}) for more details.

docs/sources/administration/roles-and-permissions/access-control/plan-rbac-rollout-strategy.md

@@ -27,8 +27,8 @@ As a first step in determining your permissions rollout strategy, we recommend t
 
 To learn more about basic roles and fixed roles, refer to the following documentation:
 
-- [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions#basic-role-assignments" >}})
-- [Fixed role definitions]({{< relref "./rbac-fixed-basic-role-definitions#fixed-role-definitions" >}})
+- [Basic role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#basic-role-assignments" >}})
+- [Fixed role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}})
 
 ## User and team considerations
 
@@ -47,12 +47,8 @@ You can take advantage of your current authentication provider to manage user an
 For example:
 
 1. Map SAML, LDAP, or Oauth roles to Grafana basic roles (viewer, editor, or admin).
-2. Use the Grafana Enterprise team sync feature to synchronize teams from your SAML, LDAP, or Oauth provider to Grafana.
 
-   - If a team does not exist in Grafana, team sync creates it.
-   - If a team exists in Grafana, team sync updates its membership.
-
-   For more information about team sync, refer to [Team sync]({{< relref "../team-sync.md" >}}).
+2. Use the Grafana Enterprise team sync feature to synchronize teams from your SAML, LDAP, or Oauth provider to Grafana. For more information about team sync, refer to [Team sync]({{< relref "../../../setup-grafana/configure-security/configure-team-sync/" >}}).
 
 3. Within Grafana, assign RBAC permissions to users and teams.
 
@@ -62,7 +58,7 @@ Consider the following guidelines when you determine if you should modify basic
 
 - **Modify basic roles** when Grafana's definitions of what viewers, editors, and admins can do does not match your definition of these roles. You can add or remove permissions from any basic role.
 
-  > **Note:** Changes that you make to basic roles impact the role definition for all [organizations]({{< relref "../../administration/manage-organizations/_index.md" >}}) in the Grafana instance. For example, when you add the `fixed:users:writer` role's permissions to the viewer basic role, all viewers in any org in the Grafana instance can create users within that org.
+  > **Note:** Changes that you make to basic roles impact the role definition for all [organizations]({{< relref "../../organization-management/" >}}) in the Grafana instance. For example, when you add the `fixed:users:writer` role's permissions to the viewer basic role, all viewers in any org in the Grafana instance can create users within that org.
 
 - **Create custom roles** when fixed role definitions don't meet you permissions requirements. For example, the `fixed:dashboards:writer` role allows users to delete dashboards. If you want some users or teams to be able to create and update but not delete dashboards, you can create a custom role with a name like `custom:dashboards:creator` that lacks the `dashboards:delete` permission.
 
@@ -85,13 +81,13 @@ We've compiled the following permissions rollout scenarios based on current Graf
 
 1. In Grafana, create a team with the name `Internal employees`.
 1. Assign the `fixed:datasources:querier` role to the `Internal employees` team.
-1. Add internal employees to the `Internal employees` team, or map them from a SAML, LDAP, or Oauth team using [Team Sync]({{< relref "../team-sync.md" >}}).
+1. Add internal employees to the `Internal employees` team, or map them from a SAML, LDAP, or Oauth team using [Team Sync]({{< relref "../../../setup-grafana/configure-security/configure-team-sync/" >}}).
 1. Assign the viewer role to both internal employees and contractors.
 
 ### Limit viewer, editor, or admin permissions
 
 1. Review the list of permissions associated with the basic role.
-1. [Change the permissions of the basic role]({{< relref "manage-rbac-roles.md#update-basic-role-permissions" >}}).
+1. [Change the permissions of the basic role]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
 
 ### Allow only members of one team to manage Alerts
 
@@ -169,11 +165,10 @@ roles:
         global: true
 ```
 
-- Or add the following permissions to the `basic:editor` role, using provisioning or the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#update-a-role" >}}):
+- Or add the following permissions to the `basic:editor` role, using provisioning or the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}):
 
 | action         | scope                       |
 | -------------- | --------------------------- |
-| `roles:list`   | `roles:*`                   |
 | `roles:read`   | `roles:*`                   |
 | `roles:write`  | `permissions:type:delegate` |
 | `roles:delete` | `permissions:type:delegate` |
@@ -200,20 +195,20 @@ roles:
         global: true
 ```
 
-> **Note:** The `fixed:reports:writer` role assigns more permissions than just creating reports. For more information about fixed role permission assignments, refer to [Fixed role definitions]({{< relref "./rbac-fixed-basic-role-definitions#fixed-role-definitions" >}}).
+> **Note:** The `fixed:reports:writer` role assigns more permissions than just creating reports. For more information about fixed role permission assignments, refer to [Fixed role definitions]({{< relref "./rbac-fixed-basic-role-definitions/#fixed-role-definitions" >}}).
 
-- Add the following permissions to the `basic:viewer` role, using provisioning or the [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#update-a-role" >}}):
+- Add the following permissions to the `basic:viewer` role, using provisioning or the [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}):
 
-| Action                 | Scope                           |
-| ---------------------- | ------------------------------- |
-| `reports.admin:create` | n/a                             |
-| `reports.admin:write`  | `reports:*` <br> `reports:id:*` |
-| `reports:read`         | `reports:*`                     |
-| `reports:send`         | `reports:*`                     |
+| Action           | Scope                           |
+| ---------------- | ------------------------------- |
+| `reports:create` | n/a                             |
+| `reports:write`  | `reports:*` <br> `reports:id:*` |
+| `reports:read`   | `reports:*`                     |
+| `reports:send`   | `reports:*`                     |
 
 ### Prevent a Grafana Admin from creating and inviting users
 
-To prevent a Grafana Admin from creating users and inviting them to join an organization, you must [update a basic role permissions]({{< ref "./manage-rbac-roles.md#update-basic-role-permissions" >}}).
+To prevent a Grafana Admin from creating users and inviting them to join an organization, you must [update a basic role permission]({{< relref "./manage-rbac-roles/#update-basic-role-permissions" >}}).
 The permissions to remove are:
 
 | Action          | Scope     |
@@ -243,4 +238,4 @@ roles:
         state: 'absent'
 ```
 
-- Or use [RBAC HTTP API]({{< relref "../../developers/http_api/access_control.md#update-a-role" >}}).
+- Or use [RBAC HTTP API]({{< relref "../../../developers/http_api/access_control/#update-a-role" >}}).

docs/sources/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions.md

@@ -15,76 +15,76 @@ The following tables list permissions associated with basic and fixed roles.
 
 ## Basic role assignments
 
-| Basic role    | Associated fixed roles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | Description                                                                                                                                                                                     |
-| ------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`                                                                                                                                                                          | Default [Grafana server administrator]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#grafana-server-administrators" >}}) assignments.            |
-| Admin         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:folders:reader`<br>`fixes:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:editor`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer` | Default [Grafana organization administrator]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments. |
-| Editor        | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:editor`                                                                                                                                                                                                                                                                                                                                                                                   | Default [Editor]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments.                             |
-| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`                                                                                                                                                                                                                                                                                                                                                                                                                                                      | Default [Viewer]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}) assignments.                             |
+| Basic role    | Associated fixed roles                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | Description                                                                                                        |
+| ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
+| Grafana Admin | `fixed:roles:reader`<br>`fixed:roles:writer`<br>`fixed:users:reader`<br>`fixed:users:writer`<br>`fixed:org.users:reader`<br>`fixed:org.users:writer`<br>`fixed:ldap:reader`<br>`fixed:ldap:writer`<br>`fixed:stats:reader`<br>`fixed:settings:reader`<br>`fixed:settings:writer`<br>`fixed:provisioning:writer`<br>`fixed:organization:reader`<br>`fixed:organization:maintainer`<br>`fixed:licensing:reader`<br>`fixed:licensing:writer`                                                                                                                                                                                                                  | Default [Grafana server administrator]({{< relref "../#grafana-server-administrators" >}}) assignments.            |
+| Admin         | `fixed:reports:reader`<br>`fixed:reports:writer`<br>`fixed:datasources:reader`<br>`fixed:datasources:writer`<br>`fixed:organization:writer`<br>`fixed:datasources.permissions:reader`<br>`fixed:datasources.permissions:writer`<br>`fixed:teams:writer`<br>`fixed:dashboards:reader`<br>`fixed:dashboards:writer`<br>`fixed:dashboards.permissions:reader`<br>`fixed:dashboards.permissions:writer`<br>`fixed:folders:reader`<br>`fixes:folders:writer`<br>`fixed:folders.permissions:reader`<br>`fixed:folders.permissions:writer`<br>`fixed:alerting:writer`<br>`fixed:apikeys:reader`<br>`fixed:apikeys:writer`<br>`fixed:alerting.provisioning:writer` | Default [Grafana organization administrator]({{< relref "../#organization-users-and-permissions" >}}) assignments. |
+| Editor        | `fixed:datasources:explorer`<br>`fixed:dashboards:creator`<br>`fixed:folders:creator`<br>`fixed:annotations:writer`<br>`fixed:teams:creator` if the `editors_can_admin` configuration flag is enabled<br>`fixed:alerting:writer`                                                                                                                                                                                                                                                                                                                                                                                                                           | Default [Editor]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
+| Viewer        | `fixed:datasources:id:reader`<br>`fixed:organization:reader`<br>`fixed:annotations:reader`<br>`fixed:annotations.dashboard:writer`<br>`fixed:alerting:reader`                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Default [Viewer]({{< relref "../#organization-users-and-permissions" >}}) assignments.                             |
 
 ## Fixed role definitions
 
-| Fixed role                             | Permissions                                                                                                                                                                                                                                                              | Description                                                                                                                                                                                                                                                                           |
-| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `fixed:alerting.instances:editor`      | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:update` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                               | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki.[\*](#alerting-roles)                                                                                                                                                                 |
-| `fixed:alerting.instances:reader`      | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                             | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences.[\*](#alerting-roles)                                                                                                                                              |
-| `fixed:alerting.notifications:editor`  | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                     | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager.[\*](#alerting-roles)                                                                                                                              |
-| `fixed:alerting.notifications:reader`  | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                       | Read all Grafana and Alertmanager contact points, templates, and notification policies.[\*](#alerting-roles)                                                                                                                                                                          |
-| `fixed:alerting.rules:editor`          | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:update` <br> `alert.rule:delete` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*`                                                      | Create, update, and delete all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles)                                                                                                                                                                                           |
-| `fixed:alerting.rules:reader`          | `alert.rule:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*`                                                                                                                                                                       | Read all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles)                                                                                                                                                                                                                 |
-| `fixed:alerting:editor`                | All permissions from `fixed:alerting.rules:editor` <br>`fixed:alerting.instances:editor`<br>`fixed:alerting.notifications:editor`                                                                                                                                        | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules\*, silences, contact points, templates, mute timings, and notification policies.[\*](#alerting-roles)                                                                                                    |
-| `fixed:alerting:reader`                | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                        | Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules\*, alerts, contact points, and notification policies.[\*](#alerting-roles)                                                                                                                            |
-| `fixed:annotations.dashboard:writer`   | `annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:dashboard`                                                                                                                                                             | Create, update and delete dashboard annotations and annotation tags.                                                                                                                                                                                                                  |
-| `fixed:annotations:reader`             | `annotations:read` for scopes `annotations:type:*`                                                                                                                                                                                                                       | Read all annotations and annotation tags.                                                                                                                                                                                                                                             |
-| `fixed:annotations:writer`             | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*`                                                                                                                 | Read, create, update and delete all annotations and annotation tags.                                                                                                                                                                                                                  |
-| `fixed:apikeys:reader`                 | `apikeys:read` for scope `apikeys:*`                                                                                                                                                                                                                                     | Read all api keys.                                                                                                                                                                                                                                                                    |
-| `fixed:apikeys:writer`                 | All permissions from `fixed:apikeys:reader` and <br> `apikeys:create` <br> `apikeys:delete` for scope `apikeys:*`                                                                                                                                                        | Read, create, delete all api keys.                                                                                                                                                                                                                                                    |
-| `fixed:dashboards.permissions:reader`  | `dashboards.permissions:read`                                                                                                                                                                                                                                            | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
-| `fixed:dashboards.permissions:writer`  | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                        | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
-| `fixed:dashboards:creator`             | `dashboards:create`<br>`folders:read`                                                                                                                                                                                                                                    | Create dashboards.                                                                                                                                                                                                                                                                    |
-| `fixed:dashboards:reader`              | `dashboards:read`                                                                                                                                                                                                                                                        | Read all dashboards.                                                                                                                                                                                                                                                                  |
-| `fixed:dashboards:writer`              | All permissions from `fixed:dashboards:reader` and <br>`dashboards:write`<br>`dashboards:edit`<br>`dashboards:delete`<br>`dashboards:create`<br>`dashboards.permissions:read`<br>`dashboards.permissions:write`                                                          | Read, create, update, and delete all dashboards.                                                                                                                                                                                                                                      |
-| `fixed:datasources.permissions:reader` | `datasources.permissions:read`                                                                                                                                                                                                                                           | Read data source permissions.                                                                                                                                                                                                                                                         |
-| `fixed:datasources.permissions:writer` | All permissions from `fixed:datasources.permissions:reader` and <br>`datasources.permissions:write`                                                                                                                                                                      | Create, read, or delete permissions of a data source.                                                                                                                                                                                                                                 |
-| `fixed:datasources:explorer`           | `datasources:explore`                                                                                                                                                                                                                                                    | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
-| `fixed:datasources:id:reader`          | `datasources.id:read`                                                                                                                                                                                                                                                    | Read the ID of a data source based on its name.                                                                                                                                                                                                                                       |
-| `fixed:datasources:reader`             | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                                | Read and query data sources.                                                                                                                                                                                                                                                          |
-| `fixed:datasources:writer`             | All permissions from `fixed:datasources:reader` and <br>`datasources:create`<br>`datasources:write`<br>`datasources:delete`                                                                                                                                              | Read, query, create, delete, or update a data source.                                                                                                                                                                                                                                 |
-| `fixed:folders.permissions:reader`     | `folders.permissions:read`                                                                                                                                                                                                                                               | Read all folder permissions.                                                                                                                                                                                                                                                          |
-| `fixed:folders.permissions:writer`     | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                              | Read and update all folder permissions.                                                                                                                                                                                                                                               |
-| `fixed:folders:creator`                | `folders:create`                                                                                                                                                                                                                                                         | Create folders.                                                                                                                                                                                                                                                                       |
-| `fixed:folders:reader`                 | `folders:read`<br>`dashboards:read`                                                                                                                                                                                                                                      | Read all folders and dashboards.                                                                                                                                                                                                                                                      |
-| `fixed:folders:writer`                 | All permissions from `fixed:dashboards:writer` and <br>`folders:read`<br>`folders:write`<br>`folders:create`<br>`folders:delete`<br>`folders.permissions:read`<br>`folders.permissions:write`                                                                            | Read, create, update, and delete all folders and dashboards.                                                                                                                                                                                                                          |
-| `fixed:ldap:reader`                    | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                                   | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
-| `fixed:ldap:writer`                    | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                                | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
-| `fixed:licensing:reader`               | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                             | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
-| `fixed:licensing:writer`               | All permissions from `fixed:licensing:viewer` and <br>`licensing:update`<br>`licensing:delete`                                                                                                                                                                           | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
-| `fixed:org.users:reader`               | `org.users:read`                                                                                                                                                                                                                                                         | Read users within a single organization.                                                                                                                                                                                                                                              |
-| `fixed:org.users:writer`               | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users.role:update`                                                                                                                                                   | Within a single organization, add a user, invite a user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                            |
-| `fixed:organization:maintainer`        | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                          | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
-| `fixed:organization:reader`            | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                        | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
-| `fixed:organization:writer`            | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                            | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
-| `fixed:provisioning:writer`            | `provisioning:reload`                                                                                                                                                                                                                                                    | Reload provisioning.                                                                                                                                                                                                                                                                  |
-| `fixed:reports:reader`                 | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                              | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
-| `fixed:reports:writer`                 | All permissions from `fixed:reports:reader` and <br>`reports.admin:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                                                | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
-| `fixed:roles:reader`                   | `roles:read`<br>`roles:list`<br>`teams.roles:list`<br>`users.roles:list`<br>`users.permissions:list`                                                                                                                                                                     | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
-| `fixed:roles:writer`                   | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                              | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
-| `fixed:roles:resetter`                 | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                     | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
-| `fixed:settings:reader`                | `settings:read`                                                                                                                                                                                                                                                          | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
-| `fixed:settings:writer`                | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                     | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
-| `fixed:stats:reader`                   | `server.stats:read`                                                                                                                                                                                                                                                      | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |
-| `fixed:teams:creator`                  | `teams:create`<br>`org.users:read`                                                                                                                                                                                                                                       | Create a team and list organization users (required to manage the created team).                                                                                                                                                                                                      |
-| `fixed:teams:writer`                   | `teams:create`<br>`teams:delete`<br>`teams:read`<br>`teams:write`<br>`teams.permissions:read`<br>`teams.permissions:write`                                                                                                                                               | Create, read, update and delete teams and manage team memberships.                                                                                                                                                                                                                    |
-| `fixed:users:reader`                   | `users:read`<br>`users.quotas:list`<br>`users.authtoken:list`<br>`users.teams:read`                                                                                                                                                                                      | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
-| `fixed:users:writer`                   | All permissions from `fixed:users:reader` and <br>`users:write`<br>`users:create`<br>`users:delete`<br>`users:enable`<br>`users:disable`<br>`users.password:update`<br>`users.permissions:update`<br>`users:logout`<br>`users.authtoken:update`<br>`users.quotas:update` | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |
+| Fixed role                             | Permissions                                                                                                                                                                                                                                                          | Description                                                                                                                                                                                                                                                                           |
+| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `fixed:alerting.instances:editor`      | All permissions from `fixed:alerting.instances:reader` and<br> `alert.instances:create`<br>`alert.instances:write` for organization scope <br> `alert.instances.external:write` for scope `datasources:*`                                                            | Create, update and expire all silences in the organization produced by Grafana, Mimir, and Loki.[\*](#alerting-roles)                                                                                                                                                                 |
+| `fixed:alerting.instances:reader`      | `alert.instances:read` for organization scope <br> `alert.instances.external:read` for scope `datasources:*`                                                                                                                                                         | Read all alerts and silences in the organization produced by Grafana Alerts and Mimir and Loki alerts and silences.[\*](#alerting-roles)                                                                                                                                              |
+| `fixed:alerting.notifications:editor`  | All permissions from `fixed:alerting.notifications:reader` and<br>`alert.notifications:write`for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                 | Create, update, and delete contact points, templates, mute timings and notification policies for Grafana and external Alertmanager.[\*](#alerting-roles)                                                                                                                              |
+| `fixed:alerting.notifications:reader`  | `alert.notifications:read` for organization scope<br>`alert.notifications.external:read` for scope `datasources:*`                                                                                                                                                   | Read all Grafana and Alertmanager contact points, templates, and notification policies.[\*](#alerting-roles)                                                                                                                                                                          |
+| `fixed:alerting.rules:editor`          | All permissions from `fixed:alerting.rules:reader` and <br> `alert.rule:create` <br> `alert.rule:write` <br> `alert.rule:delete` for scope `folders:*` <br> `alert.rules.external:write` for scope `datasources:*`                                                   | Create, update, and delete all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles)                                                                                                                                                                                           |
+| `fixed:alerting.rules:reader`          | `alert.rule:read` for scope `folders:*` <br> `alert.rules.external:read` for scope `datasources:*`                                                                                                                                                                   | Read all\* Grafana, Mimir, and Loki alert rules.[\*](#alerting-roles)                                                                                                                                                                                                                 |
+| `fixed:alerting:editor`                | All permissions from `fixed:alerting.rules:editor` <br>`fixed:alerting.instances:editor`<br>`fixed:alerting.notifications:editor`                                                                                                                                    | Create, update, and delete Grafana, Mimir, Loki and Alertmanager alert rules\*, silences, contact points, templates, mute timings, and notification policies.[\*](#alerting-roles)                                                                                                    |
+| `fixed:alerting:reader`                | All permissions from `fixed:alerting.rules:reader` <br>`fixed:alerting.instances:reader`<br>`fixed:alerting.notifications:reader`                                                                                                                                    | Read-only permissions for all Grafana, Mimir, Loki and Alertmanager alert rules\*, alerts, contact points, and notification policies.[\*](#alerting-roles)                                                                                                                            |
+| `fixed:annotations.dashboard:writer`   | `annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:dashboard`                                                                                                                                                         | Create, update and delete dashboard annotations and annotation tags.                                                                                                                                                                                                                  |
+| `fixed:annotations:reader`             | `annotations:read` for scopes `annotations:type:*`                                                                                                                                                                                                                   | Read all annotations and annotation tags.                                                                                                                                                                                                                                             |
+| `fixed:annotations:writer`             | All permissions from `fixed:annotations:reader` <br>`annotations:write` <br>`annotations.create`<br> `annotations:delete` for scope `annotations:type:*`                                                                                                             | Read, create, update and delete all annotations and annotation tags.                                                                                                                                                                                                                  |
+| `fixed:apikeys:reader`                 | `apikeys:read` for scope `apikeys:*`                                                                                                                                                                                                                                 | Read all api keys.                                                                                                                                                                                                                                                                    |
+| `fixed:apikeys:writer`                 | All permissions from `fixed:apikeys:reader` and <br> `apikeys:create` <br> `apikeys:delete` for scope `apikeys:*`                                                                                                                                                    | Read, create, delete all api keys.                                                                                                                                                                                                                                                    |
+| `fixed:dashboards.permissions:reader`  | `dashboards.permissions:read`                                                                                                                                                                                                                                        | Read all dashboard permissions.                                                                                                                                                                                                                                                       |
+| `fixed:dashboards.permissions:writer`  | All permissions from `fixed:dashboards.permissions:reader` and <br>`dashboards.permissions:write`                                                                                                                                                                    | Read and update all dashboard permissions.                                                                                                                                                                                                                                            |
+| `fixed:dashboards:creator`             | `dashboards:create`<br>`folders:read`                                                                                                                                                                                                                                | Create dashboards.                                                                                                                                                                                                                                                                    |
+| `fixed:dashboards:reader`              | `dashboards:read`                                                                                                                                                                                                                                                    | Read all dashboards.                                                                                                                                                                                                                                                                  |
+| `fixed:dashboards:writer`              | All permissions from `fixed:dashboards:reader` and <br>`dashboards:write`<br>`dashboards:edit`<br>`dashboards:delete`<br>`dashboards:create`<br>`dashboards.permissions:read`<br>`dashboards.permissions:write`                                                      | Read, create, update, and delete all dashboards.                                                                                                                                                                                                                                      |
+| `fixed:datasources.permissions:reader` | `datasources.permissions:read`                                                                                                                                                                                                                                       | Read data source permissions.                                                                                                                                                                                                                                                         |
+| `fixed:datasources.permissions:writer` | All permissions from `fixed:datasources.permissions:reader` and <br>`datasources.permissions:write`                                                                                                                                                                  | Create, read, or delete permissions of a data source.                                                                                                                                                                                                                                 |
+| `fixed:datasources:explorer`           | `datasources:explore`                                                                                                                                                                                                                                                | Enable the Explore feature. Data source permissions still apply, you can only query data sources for which you have query permissions.                                                                                                                                                |
+| `fixed:datasources:id:reader`          | `datasources.id:read`                                                                                                                                                                                                                                                | Read the ID of a data source based on its name.                                                                                                                                                                                                                                       |
+| `fixed:datasources:reader`             | `datasources:read`<br>`datasources:query`                                                                                                                                                                                                                            | Read and query data sources.                                                                                                                                                                                                                                                          |
+| `fixed:datasources:writer`             | All permissions from `fixed:datasources:reader` and <br>`datasources:create`<br>`datasources:write`<br>`datasources:delete`                                                                                                                                          | Read, query, create, delete, or update a data source.                                                                                                                                                                                                                                 |
+| `fixed:folders.permissions:reader`     | `folders.permissions:read`                                                                                                                                                                                                                                           | Read all folder permissions.                                                                                                                                                                                                                                                          |
+| `fixed:folders.permissions:writer`     | All permissions from `fixed:folders.permissions:reader` and <br>`folders.permissions:write`                                                                                                                                                                          | Read and update all folder permissions.                                                                                                                                                                                                                                               |
+| `fixed:folders:creator`                | `folders:create`                                                                                                                                                                                                                                                     | Create folders.                                                                                                                                                                                                                                                                       |
+| `fixed:folders:reader`                 | `folders:read`<br>`dashboards:read`                                                                                                                                                                                                                                  | Read all folders and dashboards.                                                                                                                                                                                                                                                      |
+| `fixed:folders:writer`                 | All permissions from `fixed:dashboards:writer` and <br>`folders:read`<br>`folders:write`<br>`folders:create`<br>`folders:delete`<br>`folders.permissions:read`<br>`folders.permissions:write`                                                                        | Read, create, update, and delete all folders and dashboards.                                                                                                                                                                                                                          |
+| `fixed:ldap:reader`                    | `ldap.user:read`<br>`ldap.status:read`                                                                                                                                                                                                                               | Read the LDAP configuration and LDAP status information.                                                                                                                                                                                                                              |
+| `fixed:ldap:writer`                    | All permissions from `fixed:ldap:reader` and <br>`ldap.user:sync`<br>`ldap.config:reload`                                                                                                                                                                            | Read and update the LDAP configuration, and read LDAP status information.                                                                                                                                                                                                             |
+| `fixed:licensing:reader`               | `licensing:read`<br>`licensing.reports:read`                                                                                                                                                                                                                         | Read licensing information and licensing reports.                                                                                                                                                                                                                                     |
+| `fixed:licensing:writer`               | All permissions from `fixed:licensing:viewer` and <br>`licensing:write`<br>`licensing:delete`                                                                                                                                                                        | Read licensing information and licensing reports, update and delete the license token.                                                                                                                                                                                                |
+| `fixed:org.users:reader`               | `org.users:read`                                                                                                                                                                                                                                                     | Read users within a single organization.                                                                                                                                                                                                                                              |
+| `fixed:org.users:writer`               | All permissions from `fixed:org.users:reader` and <br>`org.users:add`<br>`org.users:remove`<br>`org.users:write`                                                                                                                                                     | Within a single organization, add a user, invite a new user, read information about a user and their role, remove a user from that organization, or change the role of a user.                                                                                                        |
+| `fixed:organization:maintainer`        | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs:create`<br>`orgs:delete`<br>`orgs.quotas:write`                                                                                                                                      | Create, read, write, or delete an organization. Read or write its quotas. This role needs to be assigned globally.                                                                                                                                                                    |
+| `fixed:organization:reader`            | `orgs:read`<br>`orgs.quotas:read`                                                                                                                                                                                                                                    | Read an organization and its quotas.                                                                                                                                                                                                                                                  |
+| `fixed:organization:writer`            | All permissions from `fixed:organization:reader` and <br> `orgs:write`<br>`orgs.preferences:read`<br>`orgs.preferences:write`                                                                                                                                        | Read an organization, its quotas, or its preferences. Update organization properties, or its preferences.                                                                                                                                                                             |
+| `fixed:provisioning:writer`            | `provisioning:reload`                                                                                                                                                                                                                                                | Reload provisioning.                                                                                                                                                                                                                                                                  |
+| `fixed:reports:reader`                 | `reports:read`<br>`reports:send`<br>`reports.settings:read`                                                                                                                                                                                                          | Read all reports and shared report settings.                                                                                                                                                                                                                                          |
+| `fixed:reports:writer`                 | All permissions from `fixed:reports:reader` and <br>`reports:create`<br>`reports:write`<br>`reports:delete`<br>`reports.settings:write`                                                                                                                              | Create, read, update, or delete all reports and shared report settings.                                                                                                                                                                                                               |
+| `fixed:roles:reader`                   | `roles:read`<br>`teams.roles:read`<br>`users.roles:read`<br>`users.permissions:read`                                                                                                                                                                                 | Read all access control roles, roles and permissions assigned to users, teams.                                                                                                                                                                                                        |
+| `fixed:roles:writer`                   | All permissions from `fixed:roles:reader` and <br>`roles:write`<br>`roles:delete`<br>`teams.roles:add`<br>`teams.roles:remove`<br>`users.roles:add`<br>`users.roles:remove`                                                                                          | Create, read, update, or delete all roles, assign or unassign roles to users, teams.                                                                                                                                                                                                  |
+| `fixed:roles:resetter`                 | `roles:write` with scope `permissions:type:escalate`                                                                                                                                                                                                                 | Reset basic roles to their default.                                                                                                                                                                                                                                                   |
+| `fixed:settings:reader`                | `settings:read`                                                                                                                                                                                                                                                      | Read Grafana instance settings.                                                                                                                                                                                                                                                       |
+| `fixed:settings:writer`                | All permissions from `fixed:settings:reader` and<br>`settings:write`                                                                                                                                                                                                 | Read and update Grafana instance settings.                                                                                                                                                                                                                                            |
+| `fixed:stats:reader`                   | `server.stats:read`                                                                                                                                                                                                                                                  | Read Grafana instance statistics.                                                                                                                                                                                                                                                     |
+| `fixed:teams:creator`                  | `teams:create`<br>`org.users:read`                                                                                                                                                                                                                                   | Create a team and list organization users (required to manage the created team).                                                                                                                                                                                                      |
+| `fixed:teams:writer`                   | `teams:create`<br>`teams:delete`<br>`teams:read`<br>`teams:write`<br>`teams.permissions:read`<br>`teams.permissions:write`                                                                                                                                           | Create, read, update and delete teams and manage team memberships.                                                                                                                                                                                                                    |
+| `fixed:users:reader`                   | `users:read`<br>`users.quotas:read`<br>`users.authtoken:read`<br>`                                                                                                                                                                                                   | Read all users and their information, such as team memberships, authentication tokens, and quotas.                                                                                                                                                                                    |
+| `fixed:users:writer`                   | All permissions from `fixed:users:reader` and <br>`users:write`<br>`users:create`<br>`users:delete`<br>`users:enable`<br>`users:disable`<br>`users.password:write`<br>`users.permissions:write`<br>`users:logout`<br>`users.authtoken:write`<br>`users.quotas:write` | Read and update all attributes and settings for all users in Grafana: update user information, read user information, create or enable or disable a user, make a user a Grafana administrator, sign out a user, update a user’s authentication token, or update quotas for all users. |
 
 ### Alerting roles
 
-If alerting is [enabled]({{< relref "../../alerting/opt-in.md" >}}), you can use predefined roles to manage user access to alert rules, alert instances, and alert notification settings and create custom roles to limit user access to alert rules in a folder.
+If alerting is [enabled]({{< relref "../../../alerting/migrating-alerts/opt-out/" >}}), you can use predefined roles to manage user access to alert rules, alert instances, and alert notification settings and create custom roles to limit user access to alert rules in a folder.
 
 Access to Grafana alert rules is an intersection of many permissions:
 
 - Permission to read a folder. For example, the fixed role `fixed:folders:reader` includes the action `folders:read` and a folder scope `folders:id:`.
 - Permission to query **all** data sources that a given alert rule uses. If a user cannot query a given data source, they cannot see any alert rules that query that data source.
 
-For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder]({{< relref "./plan-rbac-rollout-strategy#create-a-custom-role-to-access-alerts-in-a-folder" >}}).
+For more information about the permissions required to access alert rules, refer to [Create a custom role to access alerts in a folder]({{< relref "./plan-rbac-rollout-strategy/#create-a-custom-role-to-access-alerts-in-a-folder" >}}).

docs/sources/administration/roles-and-permissions/access-control/rbac-provisioning.md

@@ -1,7 +1,8 @@
 ---
 aliases:
   - /docs/grafana/latest/enterprise/access-control/rbac-provisioning/
-description: Learn about RBAC provisioning and view an example YAML provisioning file that configures Grafana role assignments.
+description: Learn about RBAC provisioning and view an example YAML provisioning file
+  that configures Grafana role assignments.
 menuTitle: RBAC provisioning
 title: Grafana RBAC provisioning
 weight: 60
@@ -9,7 +10,7 @@ weight: 60
 
 # Grafana RBAC provisioning
 
-You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles.md#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles.md#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
+You can create, change or remove [Custom roles]({{< relref "./manage-rbac-roles/#create-custom-roles-using-provisioning" >}}) and create or remove [basic role assignments]({{< relref "./assign-rbac-roles/#assign-a-fixed-role-to-a-basic-role-using-provisioning" >}}), by adding one or more YAML configuration files in the `provisioning/access-control/` directory.
 
 If you choose to use provisioning to assign and manage role, you must first enable it.
 
@@ -27,11 +28,11 @@ Grafana performs provisioning during startup. After you make a change to the con
 
 3. Create a new YAML in the following folder: **provisioning/access-control**. For example, `provisioning/access-control/custom-roles.yml`
 
-4. Add RBAC provisioning details to the configuration file. See [manage RBAC roles]({{< relref "manage-rbac-roles.md" >}}) and [assign RBAC roles]({{< relref "assign-rbac-roles.md" >}}) for instructions, and see this [example role provisioning file]({{< relref "rbac-provisioning#example" >}}) for a complete example of a provisioning file.
+4. Add RBAC provisioning details to the configuration file. See [manage RBAC roles]({{< relref "./manage-rbac-roles/" >}}) and [assign RBAC roles]({{< relref "./assign-rbac-roles/" >}}) for instructions, and see this [example role provisioning file]({{< relref "./rbac-provisioning/#example" >}}) for a complete example of a provisioning file.
 
 5. Reload the provisioning configuration file.
 
-   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../http_api/admin/#reload-provisioning-configurations" >}}).
+   For more information about reloading the provisioning configuration at runtime, refer to [Reload provisioning configurations]({{< relref "../../../developers/http_api/admin/#reload-provisioning-configurations" >}}).
 
 ## Example role configuration file using Grafana provisioning
 

docs/sources/administration/service-accounts/_index.md

@@ -1,17 +1,131 @@
 ---
 aliases:
   - /docs/grafana/latest/administration/service-accounts/
+  - /docs/grafana/latest/administration/service-accounts/about-service-accounts/
+  - /docs/grafana/latest/administration/service-accounts/add-service-account-token/
+  - /docs/grafana/latest/administration/service-accounts/create-service-account/
+  - /docs/grafana/latest/administration/service-accounts/enable-service-accounts/
 description: This page contains information about service accounts in Grafana
 keywords:
   - API keys
   - Service accounts
 menuTitle: Service accounts
-title: Service accounts in Grafana
-weight: 300
+title: Service accounts
+weight: 800
 ---
 
-# Service accounts in Grafana
+# Service accounts
 
-You can use service accounts to run automated or compute workloads.
+You can use a service account to run automated workloads in Grafana, such as dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications, such as Terraform, with the Grafana API.
 
-{{< section >}}
+> **Note:** Service accounts are available in Grafana 8.5+ as a beta feature. To enable service accounts, refer to the [Enable service accounts]({{< ref "#enable-service-accounts" >}}) section. Service accounts will eventually replace [API keys]({{< relref "../api-keys/" >}}) as the primary way to authenticate applications that interact with Grafana.
+
+A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
+
+- Schedule reports for specific dashboards to be delivered on a daily/weekly/monthly basis
+- Define alerts in your system to be used in Grafana
+- Set up an external SAML authentication provider
+- Interact with Grafana without signing in as a user
+
+In [Grafana Enterprise]({{< relref "../../enterprise/" >}}), you can also use service accounts in combination with [role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}) to grant very specific permissions to applications that interact with Grafana.
+
+> **Note:** Service accounts can only act in the organization they are created for. If you have the same task that is needed for multiple organizations, we recommend creating service accounts in each organization.
+
+## Service account tokens
+
+A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana's HTTP API.
+
+When you create a service account, you can associate one or more access tokens with it. You can use service access tokens the same way as API Keys, for example to access Grafana HTTP API programmatically.
+
+You can create multiple tokens for the same service account. You might want to do this if:
+
+- multiple applications use the same permissions, but you would like to audit or manage their actions separately.
+- you need to rotate or replace a compromised token.
+
+Service account access tokens inherit permissions from the service account.
+
+## Service account benefits
+
+The added benefits of service accounts to API keys include:
+
+- Service accounts resemble Grafana users and can be enabled/disabled, granted specific permissions, and remain active until they are deleted or disabled. API keys are only valid until their expiry date.
+- Service accounts can be associated with multiple tokens.
+- Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
+- You can grant granular permissions to service accounts by leveraging [role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/" >}}).
+
+## Enable service accounts in Grafana
+
+Service accounts are available behind the `serviceAccounts` feature toggle, available in Grafana 8.5+.
+
+You can enable service accounts by:
+
+- modifying the Grafana configuration file, or
+- configuring an environment variable
+
+### Enable service accounts in the Grafana configuration file
+
+This topic shows you how to enable service accounts by modifying the Grafana configuration file.
+
+1. Sign in to the Grafana server and locate the configuration file. For more information about finding the configuration file, refer to LINK.
+2. Open the configuration file and locate the [feature toggles section]({{< relref "../../setup-grafana/configure-grafana/#feature_toggles" >}}). Add `serviceAccounts` as a [feature_toggle]({{< relref "../../setup-grafana/configure-grafana/#feature_toggle" >}}).
+
+```
+[feature_toggles]
+# enable features, separated by spaces
+enable = serviceAccounts
+```
+
+1. Save your changes, Grafana should recognize your changes; in case of any issues we recommend restarting the Grafana server.
+
+### Enable service accounts with an environment variable
+
+This topic shows you how to enable service accounts by setting environment variables before starting Grafana.
+
+Follow the instructions to [override configuration with environment variables]({{< relref "../../setup-grafana/configure-grafana/#override-configuration-with-environment-variables" >}}). Set the following environment variable: `GF_FEATURE_TOGGLES_ENABLE = serviceAccounts`.
+
+> **Note:** Environment variables override configuration file settings.
+
+## Create a service account in Grafana
+
+A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< ref "#about-service-accounts" >}}).
+
+For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account" >}}).
+
+### Before you begin
+
+- Ensure you have added the feature toggle for service accounts `serviceAccounts`. For more information about adding the feature toggle, refer to [Enable service accounts]({{< ref "#enable-service-accounts" >}}).
+- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+### To create a service account
+
+1. Sign in to Grafana and hover your cursor over the Configuration (cog) icon in the sidebar.
+1. Click **Service accounts**.
+1. Click **New service account**.
+1. Enter a **Display name**.
+1. The display name must be unique as it determines the ID associated with the service account.
+   - We recommend that you use a consistent naming convention when you name service accounts. A consistent naming convention can help you scale and maintain service accounts in the future.
+   - You can change the display name at any time.
+1. Click **Create service account**.
+
+## Add a token to a service account in Grafana
+
+A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana’s HTTP API. For more information about service accounts, refer to [About service accounts in Grafana]({{< ref "#about-service-accounts" >}}).
+
+You can create a service account token using the Grafana UI or via the API. For more information about creating a service account token via the API, refer to [Create service account tokens using the HTTP API]({{< relref "../../developers/http_api/serviceaccount/#create-service-account-tokens" >}}).
+
+### Before you begin
+
+- Ensure you have added the `serviceAccounts` feature toggle to Grafana. For more information about adding the feature toggle, refer to [Enable service accounts]({{< ref "#enable-service-accounts" >}}).
+- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../roles-and-permissions/#" >}}).
+
+### To add a token to a service account
+
+1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
+1. Click **Service accounts**.
+1. Click the service account to which you want to add a token.
+1. Click **Add token**.
+1. Enter a name for the token.
+1. (recommended) Enter an expiry date and expiry date for the token or leave it on no expiry date option.
+   - The expiry date specifies how long you want the key to be valid.
+   - If you are unsure of an expiration date, we recommend that you set the token to expire after a short time, such as a few hours or less. This limits the risk associated with a token that is valid for a long time.
+1. Click **Generate service account token**.

docs/sources/administration/service-accounts/about-service-accounts.md

@@ -1,49 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/administration/service-accounts/about-service-accounts/
-description: This page contains detailed information about service accounts in Grafana
-menuTitle: About service accounts
-title: About service accounts
-weight: 30
----
-
-# About service accounts in Grafana
-
-A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. Create service accounts and tokens to authenticate applications like Terraform with the Grafana API.
-
-> **Note:** Service accounts are available in Grafana 8.5+ as a beta feature. To enable service accounts, refer to [Enable service accounts]({{< relref "./enable-service-accounts.md#" >}}) section. Service accounts will eventually replace [API keys]({{< relref "../api-keys/_index.md" >}}) as the primary way to authenticate applications that interact with Grafana.
-
-A common use case for creating a service account is to perform operations on automated or triggered tasks. You can use service accounts to:
-
-- Schedule reports for specific dashboards to be delivered on a daily/weekly/monthly basis
-- Define alerts in your system to be used in Grafana
-- Set up an external SAML authentication provider
-- Interact with Grafana without signing in as a user
-
-In [Grafana Enterprise]({{< relref "../../enterprise/_index.md" >}}), you can also use service accounts in combination with [role-based access control]({{< relref "../../enterprise/access-control/about-rbac.md" >}}) to grant very specific permissions to applications that interact with Grafana.
-
-> **Note:** Service accounts can only act in the organization they are created for. If you have the same task that is needed for multiple organizations, we recommend creating service accounts in each organization.
-
----
-
-## Service account tokens
-
-A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana's HTTP API.
-
-When you create a service account, you can associate one or more access tokens with it. You can use service access tokens the same way as API Keys, for example to access Grafana HTTP API programmatically.
-
-You can create multiple tokens for the same service account. You might want to do this if:
-
-- multiple applications use the same permissions, but you would like to audit or manage their actions separately.
-- you need to rotate or replace a compromised token.
-
-Service account access tokens inherit permissions from the service account.
-
-### Service accounts benefits
-
-The added benefits of service accounts to API keys include:
-
-- Service accounts resemble Grafana users and can be enabled/disabled, granted specific permissions, and remain active until they are deleted or disabled. API keys are only valid until their expiry date.
-- Service accounts can be associated with multiple tokens.
-- Unlike API keys, service account tokens are not associated with a specific user, which means that applications can be authenticated even if a Grafana user is deleted.
-- You can grant granular permissions to service accounts by leveraging [fine-grained access control]({{< relref "../../enterprise/access-control" >}}). For more information about permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#" >}}).

docs/sources/administration/service-accounts/add-service-account-token.md

@@ -1,31 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/administration/service-accounts/add-service-account-token/
-description: This topic shows you how to add a token to a service account
-menuTitle: Add a token to a service account
-title: Add a token to a service account in Grafana
-weight: 60
----
-
-# Add a token to a service account in Grafana
-
-A service account token is a generated random string that acts as an alternative to a password when authenticating with Grafana’s HTTP API. For more information about service accounts, refer to [About service accounts in Grafana]({{< relref "./about-service-accounts.md" >}}).
-
-You can create a service account token using the Grafana UI or via the API. For more information about creating a service account token via the API, refer to [Create service account tokens using the HTTP API]({{< relref "../../developers/http_api/serviceaccount.md#create-service-account-tokens" >}}).
-
-## Before you begin
-
-- Ensure you have added the `serviceAccounts` feature toggle to Grafana. For more information about adding the feature toggle, refer to [Enable service accounts]({{< relref "./enable-service-accounts.md#" >}}).
-- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#" >}}).
-
-## To add a token to a service account
-
-1. Sign in to Grafana, then hover your cursor over **Configuration** (the gear icon) in the sidebar.
-1. Click **Service accounts**.
-1. Click the service account to which you want to add a token.
-1. Click **Add token**.
-1. Enter a name for the token.
-1. (recommended) Enter an expiry date and expiry date for the token or leave it on no expiry date option.
-   - The expiry date specifies how long you want the key to be valid.
-   - If you are unsure of an expiration date, we recommend that you set the token to expire after a short time, such as a few hours or less. This limits the risk associated with a token that is valid for a long time.
-1. Click **Generate service account token**.

docs/sources/administration/service-accounts/create-service-account.md

@@ -1,32 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/administration/service-accounts/create-service-account/
-description: How to create a service account in Grafana
-keywords:
-  - Service accounts
-menuTitle: Create a service account
-title: Create a service account in Grafana
-weight: 50
----
-
-# Create a service account in Grafana
-
-A service account can be used to run automated workloads in Grafana, like dashboard provisioning, configuration, or report generation. For more information about how you can use service accounts, refer to [About service accounts]({{< relref "../service-accounts/about-service-accounts.md#" >}}).
-
-For more information about creating service accounts via the API, refer to [Create a service account in the HTTP API]({{< relref "../../developers/http_api/serviceaccount.md#create-service-account" >}}).
-
-## Before you begin
-
-- Ensure you have added the feature toggle for service accounts `serviceAccounts`. For more information about adding the feature toggle, refer to [Enable service accounts]({{< relref "./enable-service-accounts.md#" >}}).
-- Ensure you have permission to create and edit service accounts. By default, the organization administrator role is required to create and edit service accounts. For more information about user permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md#" >}}).
-
-## To create a service account
-
-1. Sign in to Grafana and hover your cursor over the Configuration (cog) icon in the sidebar.
-1. Click **Service accounts**.
-1. Click **New service account**.
-1. Enter a **Display name**.
-1. The display name must be unique as it determines the ID associated with the service account.
-   - We recommend that you use a consistent naming convention when you name service accounts. A consistent naming convention can help you scale and maintain service accounts in the future.
-   - You can change the display name at any time.
-1. Click **Create service account**.

docs/sources/administration/service-accounts/enable-service-accounts.md

@@ -1,44 +0,0 @@
----
-aliases:
-  - /docs/grafana/latest/administration/service-accounts/enable-service-accounts/
-description: This topic shows you how to to enable the service accounts feature in
-  Grafana
-keywords:
-  - Feature toggle
-  - Service accounts
-menuTitle: Enable service accounts
-title: Enable service accounts in Grafana
-weight: 40
----
-
-# Enable service accounts in Grafana
-
-Service accounts are available behind the `serviceAccounts` feature toggle, available in Grafana 8.5+.
-
-You can enable service accounts by:
-
-- modifying the Grafana configuration file, or
-- configuring an environment variable
-
-## Enable service accounts in the Grafana configuration file
-
-This topic shows you how to enable service accounts by modifying the Grafana configuration file.
-
-1. Sign in to the Grafana server and locate the configuration file. For more information about finding the configuration file, refer to LINK.
-2. Open the configuration file and locate the [feature toggles section]({{< relref "../../administration/configuration.md#feature_toggles" >}}). Add `serviceAccounts` as a [feature_toggle]({{< relref "../../administration/configuration.md#feature_toggle" >}}).
-
-```
-[feature_toggles]
-# enable features, separated by spaces
-enable = serviceAccounts
-```
-
-1. Save your changes, Grafana should recognize your changes; in case of any issues we recommend restarting the Grafana server.
-
-## Enable service accounts with an environment variable
-
-This topic shows you how to enable service accounts by setting environment variables before starting Grafana.
-
-Follow the instructions to [override configuration with environment variables]({{< relref "../../administration/configuration.md#override-configuration-with-environment-variables" >}}). Set the following environment variable: `GF_FEATURE_TOGGLES_ENABLE = serviceAccounts`.
-
-> **Note:** Environment variables override configuration file settings.

docs/sources/administration/stats-and-license/_index.md

@@ -0,0 +1,82 @@
+---
+aliases:
+  - /docs/grafana/latest/administration/view-server/
+  - /docs/grafana/latest/admin/view-server-settings/
+  - /docs/grafana/latest/administration/view-server/view-server-settings/
+  - /docs/grafana/latest/admin/view-server-stats/
+  - /docs/grafana/latest/administration/view-server/view-server-stats/
+description: How to view server settings in the Grafana UI
+keywords:
+  - grafana
+  - configuration
+  - server
+  - settings
+title: Stats and license
+weight: 400
+---
+
+# View server statistics and license
+
+This setting contains information about tools that Grafana Server Admins can use to learn more about their Grafana servers.
+
+## View Grafana server settings
+
+> Refer to [Role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
+
+If you are a Grafana server administrator, use the Settings tab to view the settings that are applied to your Grafana server via the [Configuration]({{< relref "../../setup-grafana/configure-grafana/#config-file-locations" >}}) file and any environmental variables.
+
+> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#grafana-server-administrators" >}}).
+
+### View server settings
+
+1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
+1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Settings** tab.
+
+### Available settings
+
+For a full list of server settings, refer to [Configuration]({{< relref "../../setup-grafana/configure-grafana/" >}}).
+
+## View Grafana server stats
+
+> Refer to [Role-based access control]({{< relref "../roles-and-permissions/access-control/" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
+
+If you are a Grafana server admin, then you can view useful statistics about your Grafana server in the Stats & Licensing tab.
+
+> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [Roles and permissions]({{< relref "../roles-and-permissions/#grafana-server-administrators" >}}).
+
+### View server stats
+
+1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
+1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Stats & Licensing** tab.
+
+### Available stats
+
+The following statistics are displayed in the Stats tab:
+
+- Total users
+  **Note:** Total users = Total admins + Total editors + Total viewers
+- Total admins
+- Total editors
+- Total viewers
+- Active users (seen last 30 days)
+  **Note:** Active users = Active admins + Active editors + Active viewers
+- Active admins (seen last 30 days)
+- Active editors (seen last 30 days)
+- Active viewers (seen last 30 days)
+- Active sessions
+- Total dashboards
+- Total orgs
+- Total playlists
+- Total snapshots
+- Total dashboard tags
+- Total starred dashboards
+- Total alerts
+
+### Counting users
+
+If a user belongs to several organizations, then that user is counted once as a user in the highest organization role they are assigned, regardless of how many organizations the user belongs to.
+
+For example, if Sofia is a Viewer in two organizations, an Editor in two organizations, and Admin in three organizations, then she would be reflected in the stats as:
+
+- Total users 1
+- Total admins 1

docs/sources/administration/team-management/_index.md

@@ -1,16 +1,20 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-teams/", "/docs/grafana/latest/manage-users/add-or-remove-user-from-team/", "/docs/grafana/latest/manage-users/create-or-remove-team/", "/docs/grafana/latest/manage-users/manage-teams/"]
-title = "Manage teams"
-weight = 600
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-teams/
+  - /docs/grafana/latest/manage-users/add-or-remove-user-from-team/
+  - /docs/grafana/latest/manage-users/create-or-remove-team/
+  - /docs/grafana/latest/manage-users/manage-teams/
+title: Team management
+weight: 400
+---
 
-# Manage teams
+# Team management
 
 A team is a group of users within an organization that have common dashboard and data source permission needs. For example, instead of assigning five users access to the same dashboard, you can create a team that consists of those users and assign dashboard permissions to the team. A user can belong to multiple teams.
 
 A user can be a Member or an Administrator for a given team. Members of a team inherit permissions from the team, but they cannot edit the team itself. Team Administrators can add members to a team and update its settings, such as the team name, team member's team roles, UI preferences, and home dashboard.
 
-For more information about teams, refer to [Teams and permissions]({{< relref "../about-users-and-permissions/#teams-and-permissions" >}}).
+For more information about teams, refer to [Teams and permissions]({{< relref "../roles-and-permissions/#teams-and-permissions" >}}).
 
 ## Create a team
 

docs/sources/administration/user-management/_index.md

@@ -1,10 +1,11 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/"]
-title = "Manage users and permissions"
-weight = 200
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/
+title: User management
+weight: 200
+---
 
-# Manage users and permissions
+# User management
 
 A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system. For example, the **Admin** role includes permissions for an administrator to create and delete users.
 

docs/sources/administration/user-management/manage-dashboard-permissions/_index.md

@@ -1,14 +1,16 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-dashboard-permissions/", "/docs/grafana/latest/permissions/dashboard_folder_permissions/"]
-title = "Manage dashboard permissions"
-weight = 500
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-dashboard-permissions/
+  - /docs/grafana/latest/permissions/dashboard_folder_permissions/
+title: Manage dashboard permissions
+weight: 500
+---
 
 # Manage dashboard permissions
 
 Dashboard and dasboard folder permissions enable you to grant a viewer the ability to edit and save dashboard changes, or limit an editor's permission to modify a dashboard.
 
-For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../about-users-and-permissions/#dashboard-permissions" >}}).
+For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../../roles-and-permissions/#dashboard-permissions" >}}).
 
 ## Grant dashboard folder permissions
 
@@ -17,7 +19,7 @@ When you grant user permissions for folders, that setting applies to all dashboa
 ### Before you begin
 
 - Ensure you have organization administrator privileges
-- Identify the dashboard folder permissions you want to modify and the users or teams to which you want to grant access. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../about-users-and-permissions/#dashboard-permissions" >}}).
+- Identify the dashboard folder permissions you want to modify and the users or teams to which you want to grant access. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../../roles-and-permissions/#dashboard-permissions" >}}).
 
 **To grant dashboard folder permissions**:
 
@@ -74,7 +76,7 @@ This modification is useful for public Grafana installations where you want anon
 
 1. Open the Grafana configuration file.
 
-   For more information about the Grafana configuration file and its location, refer to [Configuration]({{< relref "../../../administration/configuration" >}}).
+   For more information about the Grafana configuration file and its location, refer to [Configuration]({{< relref "../../../setup-grafana/configure-grafana/" >}}).
 
 1. Locate the `viewers_can_edit` parameter.
 1. Set the `viewers_can_edit` value to `true`.
@@ -82,7 +84,7 @@ This modification is useful for public Grafana installations where you want anon
 
 ## Edit dashboard permissions
 
-Edit dashboard permissions when you are want to enhance or restrict a user's access to a dashboard. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../about-users-and-permissions/#dashboard-permissions" >}}).
+Edit dashboard permissions when you are want to enhance or restrict a user's access to a dashboard. For more information about dashboard permissions, refer to [Dashboard permissions]({{< relref "../../roles-and-permissions/#dashboard-permissions" >}}).
 
 ### Before you begin
 
@@ -142,4 +144,4 @@ Dashboard permissions settings:
 
 Result: You receive an error message that cannot override a higher permission with a lower permission in the same dashboard. User1 has administrator permissions.
 
-> Refer to [Role-based access Control]({{< relref "../../../enterprise/access-control/_index.md" >}}) in Grafana Enterprise to understand how to use RBAC permissions to restrict access to dashboards, folders, administrative functions, and other resources.
+> Refer to [Role-based access Control]({{< relref "../../roles-and-permissions/access-control/" >}}) in Grafana Enterprise to understand how to use RBAC permissions to restrict access to dashboards, folders, administrative functions, and other resources.

docs/sources/administration/user-management/manage-org-users/_index.md

@@ -0,0 +1,146 @@
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/
+  - /docs/grafana/latest/manage-users/org-admin/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/view-list-org-users/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/change-user-org-permissions/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/invite-user-join-org/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/manage-pending-invites/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-org-users/remove-user-from-org/
+title: Manage users in an organization
+weight: 400
+---
+
+# Manage users in an organization
+
+Organization administrators can invite users to join their organization. Organization users have access to organization resources based on their role, which is **Admin**, **Editor**, or **Viewer**. Permissions associated with each role determine the tasks a user can perform in the system.
+
+For more information about organization user permissions, refer to [Organization users and permissions]({{< relref "../../roles-and-permissions/#organization-users-and-permissions" >}}).
+
+{{< section >}}
+
+## View a list of organization users
+
+You can see a list of users with accounts in your Grafana organization. If necessary, you can use the search field to filter the list.
+
+### Before you begin
+
+- Ensure you have organization administrator privileges
+
+**To view a list of organization users**:
+
+1. Sign in to Grafana as an organization administrator.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
+
+![Org Admin user list](/static/img/docs/manage-users/org-user-list-7-3.png)
+
+> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [view a global list of users]({{< relref "../server-user-management#view-a-list-of-users" >}}) in the Server Admin section of Grafana.
+
+## Change a user's organization permissions
+
+Update user permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}}).
+
+### Before you begin
+
+- Ensure you have organization administrator privileges
+
+**To change the organization role of a user**:
+
+1. Sign in to Grafana as an organization administrator.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
+1. Find the user account for which you want to change the role.
+
+   If necessary, use the search field to filter the list.
+
+1. Locate the user on the list and in the **Role** column, click the user role.
+1. Select the role that you want to assign.
+1. Click **Update**.
+
+> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [change a user's organization permissions]({{< relref "../server-user-management/change-user-org-permissions/" >}}) in the Server Admin section.
+
+## Invite a user to join an organization
+
+When you invite users to join an organization, you assign the **Admin**, **Editor**, or **Viewer** role which controls user access to the dashboards and data sources owned by the organization. Users receive an email that prompts them to accept the invitation.
+
+- If you know that the user already has access Grafana and you know their user name, then you issue an invitation by entering their user name.
+- If the user is new to Grafana, then use their email address to issue an invitation. The system automatically creates the user account on first sign in.
+
+> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also manually [add a user to an organization]({{< relref "../server-user-management/add-remove-user-to-org/" >}}).
+
+### Before you begin
+
+- Ensure you have organization administrator privileges.
+- If the user already has access to Grafana, obtain their user name.
+- Determine the permissions you want to assign to the user. For more information about organization permissions, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}}).
+
+**To invite or add an existing user account to your organization**:
+
+1. Sign in to Grafana as an organization administrator.
+1. To switch to the organization to which you want to invite a user, hover your mouse over your profile and click **Switch organization** and select an organization.
+
+   > **Note**: It might be that you are currently in the proper organization and don't need to switch organizations.
+
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
+1. Click **Invite**.
+1. Enter the following information:
+
+   | Field             | Description                                                                                                                                                                                                                                                              |
+   | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+   | Email or username | Either the email or username that the user will use to sign in to Grafana.                                                                                                                                                                                               |
+   | Name              | The user's name.                                                                                                                                                                                                                                                         |
+   | Role              | Click the organization role to assign this user. For more information about organization roles, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}})..                                                                        |
+   | Send invite email | Switch to on if your organization has configured. The system sends an email to the user inviting them to sign in to Grafana and join the organization. Switch to off if you are not using email. The user can sign in to Grafana with the email or username you entered. |
+
+1. Click **Submit**.
+
+If the invitee is not already a user, the system adds them.
+
+![Invite User](/static/img/docs/manage-users/org-invite-user-7-3.png).
+
+## Manage a pending invitation
+
+Periodically review invitations you have sent so that you can see a list of users that have not yet accepted the invitation or cancel a pending invitation.
+
+> **Note:** The **Pending Invites** button is only visible if there are unanswered invitations.
+
+### Before you begin
+
+- Ensure you have organization administrator privileges
+
+**To manage a pending invitation**:
+
+1. Sign in to Grafana as an organization administrator.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
+1. Click **Pending Invites**.
+
+   The **Pending Invites** button appears only when there are unaccepted invitations.
+
+   ![Pending Invites button](/static/img/docs/manage-users/pending-invites-button-7-3.png)
+
+To cancel an invitation, click the red **X** next to the invitation.
+
+To copy an invitation link and send it directly to a user, click Copy Invite. You can then paste the invite link into a message.
+
+![Pending Invites list](/static/img/docs/manage-users/pending-invites-list-7-3.png)
+
+## Remove a user from an organization
+
+You can remove a user from an organization when they no longer require access to the dashboard or data sources owned by the organization. No longer requiring access to an organization might occur when the user has left your company or has internally moved to another organization.
+
+This action does not remove the user account from the Grafana server.
+
+### Before you begin
+
+- Ensure you have organization administrator privileges
+
+**To remove a user from an organization**:
+
+1. Sign in to Grafana as an organization administrator.
+1. Hover your cursor over the **Configuration** (gear) icon in the side menu and click **Users**.
+1. Find the user account that you want to remove from the organization.
+
+   Use the search field to filter the list, if necessary.
+
+1. Click the red **X** to remove the user from the organization.
+
+> **Note:** If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can also [remove a user from an organization]({{< relref "../server-user-management/add-remove-user-to-org/#remove-a-user-from-an-organization" >}}) on the Users page of the Server Admin section.

docs/sources/administration/user-management/server-user-management/_index.md

@@ -0,0 +1,147 @@
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/
+  - /docs/grafana/latest/manage-users/server-admin/
+  - /docs/grafana/latest/manage-users/server-admin/server-admin-manage-users/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-list-users/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-edit-user-account/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/view-user-account-details/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/force-user-logout/
+title: Server user management
+weight: 100
+---
+
+# Server user management
+
+A _user_ is defined as any individual who can log in to Grafana. Each user is associated with a _role_ that includes _permissions_. Permissions determine the tasks a user can perform in the system.
+
+If you have [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions in Grafana, you can manage all users for a Grafana instance in the Server Admin section:
+
+{{< section >}}
+
+If you have [organization administrator]({{< relref "../../roles-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, refer to [Manage users in a organization]({{< relref "../manage-org-users/" >}}).
+
+For more information about user roles and permissions, refer to [Roles and permissions]({{< relref "../../roles-and-permissions/" >}}). For more information about managing users in general, see [User management]({{< relref "../" >}}).
+
+## View a list of users
+
+You can see a list of users with accounts on your Grafana server. This action might be useful when you want to know which role you assigned to each user.
+
+### Before you begin
+
+- Ensure you have Grafana server administrator privileges
+
+**To view a list of users**:
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+
+![Server Admin user list](/static/img/docs/manage-users/server-user-list-7-3.png)
+
+> **Note:** If you have [organization administrator]({{< relref "../../roles-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can still [view of list of users in a given organization]({{< relref "../manage-org-users/#view-a-list-of-organization-users" >}}).
+
+## View user details
+
+View user details when you want to see login, and organizations and permissions settings associated with a user.
+
+### Before you begin:
+
+- Ensure you have Grafana server administrator privileges
+
+**To view user details**:
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+1. Click a user.
+
+A user account contains the following sections.
+
+#### User information
+
+This section contains basic user information, which users can update.
+
+![Server Admin user information section](/static/img/docs/manage-users/server-admin-user-information-7-3.png)
+
+#### Permissions
+
+This indicates whether the user account has the Grafana administrator flag applied. If the flag is set to **Yes**, then the user is a Grafana server administrator.
+
+![Server Admin Permissions section](/static/img/docs/manage-users/server-admin-permissions-7-3.png)
+
+#### Organizations
+
+This section lists the organizations the user belongs to and their assigned role.
+
+![Server Admin Organizations section](/static/img/docs/manage-users/server-admin-organisations-7-3.png)
+
+#### Sessions
+
+This section includes recent user sessions and information about the time the user logged in and they system they used. You can force logouts, if necessary.
+
+![Server Admin Sessions section](/static/img/docs/manage-users/server-admin-sessions-7-3.png)
+
+## Edit a user account
+
+Edit a user account when you want to modify user login credentials, or delete, disable, or enable a user.
+
+### Before you begin
+
+- Ensure you have Grafana server administrator privileges
+
+**To edit a user account**:
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+1. Click a user.
+1. Complete any of the following actions, as necessary.
+
+| Action                          | Description                                                                                                                                                     |
+| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Update name, email, or username | **Is the user notified of these changes?**. Click **Save** after you make a change.                                                                             |
+| Change the user's password      | The new password must be at least four characters long. Click **Save** after you make a change.                                                                 |
+| Delete a user                   | This action permanently removes the user from the Grafana server. The user can no longer sign in after you make this change.                                    |
+| Disable user account            | This action prevents a user from signing in with this account, but does not delete the account. You might disable an account if a colleague goes on sabbatical. |
+| Enable a user account           | This action enables a user account.                                                                                                                             |
+
+## Add a user
+
+Add users when you want to manually provide individuals with access to Grafana.
+
+When you create a user using this method, you must create their password. The user does not receive a notification by email. To invite a user to Grafana and allow them to create their own password, [invite a user to join an organization]({{< relref "../manage-org-users#invite-a-user-to-join-an-organization" >}}).
+
+When you configure advanced authentication using Oauth, SAML, LDAP, or the Auth proxy, users are created automatically.
+
+### Before you begin
+
+- Ensure that you have Grafana server administrator privileges
+
+**To add a user**:
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+1. Click **New user**.
+1. Complete the fields and click **Create user**.
+
+When you create a user, the system assigns the user viewer permissions in a default organization, which you can change. You can now [add a user to a second organization]({{< relref "add-remove-user-to-org/" >}}).
+
+> **Note:** If you have [organization administrator]({{< relref "../../roles-and-permissions/#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions/#grafana-server-administrators" >}}) permissions, you can still add users by [inviting a user to join an organization]({{< relref "../manage-org-users#invite-a-user-to-join-an-organization" >}}).
+
+## Force a user to log out of Grafana
+
+If you suspect a user account is compromised or is no longer authorized to access the Grafana server, then you can force the user to log out of Grafana.
+
+The force logout action can apply to one device that is logged in to Grafana, or all devices logged in to Grafana.
+
+### Before you begin
+
+- Ensure you have Grafana server administrator privileges
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+1. Click a user.
+1. Scroll down to the **Sessions** section.
+1. Perform one of the following actions:
+   - Click **Force logout** next to the session entry that you want logged out of Grafana.
+   - Click **Force logout from all devices**.
+1. Confirm the logout.

docs/sources/administration/user-management/server-user-management/add-remove-user-to-org.md

@@ -0,0 +1,58 @@
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-remove-user-to-org/
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/add-user-to-org/
+title: Add or remove a user in an organization
+description: Describes how a Grafana server administrator can add or remove users in an organization
+weight: 30
+---
+
+# Add or remove a user in an organization
+
+Server administrators can add and remove users in organizations. To do this as an organization administrator, see [Manage users in an organization]({{< relref "../manage-org-users/" >}}).
+
+## Add a user to an organization
+
+Add a user to an organization when you want the user to have access to organization resources such as dashboards, data sources, and playlists. A user must belong to at least one organization.
+
+You are required to specify an Admin role for each organization. The first user you add to an organization becomes the Admin by default. After you assign the Admin role to a user, you can add other users to an organization as either Admins, Editors, or Viewers.
+
+### Before you begin
+
+- [Create an organization]({{< relref "../../organization-management/#create-an-organization" >}})
+- [Add a user]({{< relref "./#add-a-user" >}}) to Grafana
+- Ensure you have [Grafana server administrator privileges]({{< relref "./assign-remove-server-admin-privileges" >}})
+
+**To add a user to an organization**:
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+1. Click a user.
+1. In the **Organizations** section, click **Add user to organization**.
+1. Select an organization and a role.
+
+   For more information about user permissions, refer to [Organization roles]({{< relref "../../roles-and-permissions#organization-roles" >}}).
+
+1. Click **Add to organization**.
+
+The next time the user signs in, they will be able to navigate to their new organization using the Switch Organizations option in the user profile menu.
+
+> **Note:** If you have [organization administrator]({{< relref "../../roles-and-permissions#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions#grafana-server-administrators" >}}) permissions, you can still [invite a user to join an organization]({{< relref "../manage-org-users#invite-a-user-to-join-an-organization" >}}).
+
+## Remove a user from an organization
+
+Remove a user from an organization when they no longer require access to the dashboards, data sources, or alerts in that organization.
+
+### Before you begin
+
+- Ensure you have Grafana server administrator privileges
+
+**To remove a user from an organization**:
+
+1. Sign in to Grafana as a server administrator.
+1. Hover your cursor over the **Server Admin** (shield) icon until a menu appears, and click **Users**.
+1. Click a user.
+1. In the **Organization** section, click **Remove from organization** next to the organization from which you want to remove the user.
+1. Click **Confirm removal**.
+
+> **Note:** If you have [organization administrator]({{< relref "../../roles-and-permissions#organization-roles" >}}) permissions and _not_ [server administrator]({{< relref "../../roles-and-permissions#grafana-server-administrators" >}}) permissions, you can still [remove a user from an organization]({{< relref "../manage-org-users#remove-a-user-from-an-organization" >}}) in the Users section of organization configuration.

docs/sources/administration/user-management/server-user-management/assign-remove-server-admin-privileges.md

@@ -1,18 +1,20 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/assign-remove-server-admin-privileges/"]
-title = "Assign or remove Grafana server administrator privileges"
-weight = 20
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/assign-remove-server-admin-privileges/
+title: Assign or remove Grafana server administrator privileges
+description: Describes how to assign and remove Grafana administrator privileges from a server user.
+weight: 20
+---
 
 # Assign or remove Grafana server administrator privileges
 
-Grafana server administrators are responsible for creating users, organizations, and managing permissions. For more information about the server administration role, refer to [Grafana server administrators]({{< relref "../about-users-and-permissions/#grafana-server-administrators" >}}).
+Grafana server administrators are responsible for creating users, organizations, and managing permissions. For more information about the server administration role, refer to [Grafana server administrators]({{< relref "../../roles-and-permissions#grafana-server-administrators" >}}).
 
 > **Note:** Server administrators are "super-admins" with full permissions to create, read, update, and delete all resources and users in all organizations, as well as update global settings such as licenses. Only grant this permission to trusted users.
 
 ## Before you begin
 
-- [Add a user]({{< relref "./add-user.md" >}})
+- [Add a user]({{< relref "../#add-a-user" >}})
 - Ensure you have Grafana server administrator privileges
 
 **To assign or remove Grafana administrator privileges**:

docs/sources/administration/user-management/server-user-management/change-user-org-permissions.md

@@ -1,16 +1,17 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/change-user-org-permissions/"]
-title = "Change a user's organization permissions"
-weight = 50
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/change-user-org-permissions/
+title: Change a user's organization permissions
+weight: 50
+---
 
 # Change a user's organization permissions
 
-Update organization permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../about-users-and-permissions/#organization-roles" >}}).
+Update organization permissions when you want to enhance or restrict a user's access to organization resources. For more information about organization permissions, refer to [Organization roles]({{< relref "../../roles-and-permissions/#organization-roles" >}}).
 
 ## Before you begin
 
-- [Add a user to an organization]({{< relref "./add-remove-user-to-org.md" >}})
+- [Add a user to an organization]({{< relref "./add-remove-user-to-org/" >}})
 - Ensure you have Grafana server administrator privileges
 
 **To change a user's organization permissions**:

docs/sources/administration/user-management/server-user-management/grant-editor-admin-permissions.md

@@ -1,8 +1,9 @@
-+++
-aliases = ["/docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/grant-editor-admin-permissions/"]
-title = "Grant editors administrator permissions"
-weight = 60
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/manage-users-and-permissions/manage-server-users/grant-editor-admin-permissions/
+title: Grant editors administrator permissions
+weight: 60
+---
 
 # Grant editors administrator permissions
 
@@ -12,8 +13,8 @@ This setting can be used to enable self-organizing teams to administer their own
 
 When `editors_can_admin` is enabled:
 
-- Users with the Editor role in an organization are Administrators for new dashboards and folders they create, meaning they can edit dashboard permissions. To learn more about dashboard permissions, refer to [Manage dashboard permissions]({{< relref "../manage-dashboard-permissions/_index.md" >}}).
-- Users with the Editor role in an organization can create teams, and they are Administrators of the teams they create. To learn more about team permissions, refer to [Manage teams]({{< relref "../manage-teams/_index.md" >}})
+- Users with the Editor role in an organization are Administrators for new dashboards and folders they create, meaning they can edit dashboard permissions. To learn more about dashboard permissions, refer to [Manage dashboard permissions]({{< relref "../manage-dashboard-permissions/" >}}).
+- Users with the Editor role in an organization can create teams, and they are Administrators of the teams they create. To learn more about team permissions, refer to [Team management]({{< relref "../../team-management/" >}}).
 
 > **Note**: If you use Grafana Enterprise and customize users' permissions using RBAC, the RBAC permissions override the functionality enabled by the `editors_can_admin` flag.
 
@@ -25,7 +26,7 @@ When `editors_can_admin` is enabled:
 
 1. Log in to the Grafana server and open the Grafana configuration file.
 
-   For more information about the Grafana configuration file and its location, refer to [Configuration]({{< relref "../../../administration/configuration" >}}).
+   For more information about the Grafana configuration file and its location, refer to [Configuration]({{< relref "../../../setup-grafana/configure-grafana/" >}}).
 
 1. Locate the `editors_can_admin` parameter.
 1. Set the `editors_can_admin` value to `true`.

docs/sources/administration/user-management/user-preferences/_index.md

@@ -1,10 +1,16 @@
-+++
-aliases = ["/docs/grafana/latest/administration/change-your-password/", "/docs/grafana/latest/administration/manage-user-preferences/"]
-description = "Learn how to update your user preferences and switch organizations"
-keywords = ["password", "change", "organization", "change"]
-title = "Manage user preferences"
-weight = 400
-+++
+---
+aliases:
+  - /docs/grafana/latest/administration/change-your-password/
+  - /docs/grafana/latest/administration/manage-user-preferences/
+description: Learn how to update your user preferences and switch organizations
+keywords:
+  - password
+  - change
+  - organization
+  - change
+title: Manage user preferences
+weight: 400
+---
 
 # Manage user preferences
 
@@ -16,7 +22,7 @@ You can also view important information about your account, such as the organiza
 
 You can change your Grafana password at any time.
 
-> **Note**: If your Grafana instance uses an <!--[external authentication provider]({{< relref "../../auth/_index.md" >}})--> external authentication provider, then you might not be able to change your password in Grafana. Contact your Grafana administrator for more information.
+> **Note**: If your Grafana instance uses an <!--[external authentication provider]({{< relref "../../../setup-grafana/configure-security/configure-authentication/" >}})--> external authentication provider, then you might not be able to change your password in Grafana. Contact your Grafana administrator for more information.
 
 **To change your password**:
 
@@ -41,7 +47,7 @@ Your profile includes your name, user name, and email address, which you can upd
 
 ## Edit your preferences
 
-You can choose the way you would like data to appear in Grafana, including the UI theme, home dashboard, timezone, and first day of the week. You can set these preferences for your own account, for a team, for an organization, or Grafana-wide using configuration settings. Your user preferences take precedence over team, organization, and Grafana default preferences. For more information, see [Grafana preferences]({{< relref "../../administration/preferences/_index.md" >}}).
+You can choose the way you would like data to appear in Grafana, including the UI theme, home dashboard, timezone, and first day of the week. You can set these preferences for your own account, for a team, for an organization, or Grafana-wide using configuration settings. Your user preferences take precedence over team, organization, and Grafana default preferences. For more information, see [Grafana preferences]({{< relref "../../organization-preferences/" >}}).
 
 - **UI theme** determines whether Grafana appears in light mode or dark mode. By default, UI theme is set to dark mode.
 - **Home dashboard** refers to the dashboard you see when you sign in to Grafana. By default, this is set to the Home dashboard.
@@ -75,7 +81,7 @@ Every user is a member of at least one organization. You can have different role
 1. Hover your cursor over the user icon in the lower-left corner of the page and click **Preferences**.
 1. Scroll down to the **Organizations** section and review the following information:
    - **Name**: The name of the organizations of which you are a member.
-   - **Role**: The role to which you are assigned in the organization. For more information about roles and permissions, refer to [Organization users and permissions]({{< relref "../../administration/manage-users-and-permissions/about-users-and-permissions.md#organization-users-and-permissions" >}}).
+   - **Role**: The role to which you are assigned in the organization. For more information about roles and permissions, refer to [Organization users and permissions]({{< relref "../../roles-and-permissions/#organization-users-and-permissions" >}}).
    - **Current**: Grafana indicates the organization that you are currently signed into as _Current_. If you are a member of multiple organizations, you can click **Select** to switch to that organization.
 
 ## View your Grafana sessions

docs/sources/administration/view-server/_index.md

@@ -1,9 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/administration/view-server/"]
-title = "View server"
-weight = 100
-+++
-
-# View server information
-
-This setting contains information about tools that Grafana Server Admins can use to learn more about their Grafana servers.

docs/sources/administration/view-server/view-server-settings.md

@@ -1,24 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/admin/view-server-settings/", "/docs/grafana/latest/administration/view-server/view-server-settings/"]
-description = "How to view server settings in the Grafana UI"
-keywords = ["grafana", "configuration", "server", "settings"]
-title = "View server settings"
-weight = 300
-+++
-
-# View Grafana server settings
-
-> Refer to [Role-based access control]({{< relref "../../enterprise/access-control/_index.md" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
-
-If you are a Grafana server administrator, use the Settings tab to view the settings that are applied to your Grafana server via the [Configuration]({{< relref "../configuration.md#config-file-locations" >}}) file and any environmental variables.
-
-> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md" >}}).
-
-## View server settings
-
-1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
-1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Settings** tab.
-
-## Available settings
-
-For a full list of server settings, refer to [Configuration]({{< relref "../configuration.md" >}}).

docs/sources/administration/view-server/view-server-stats.md

@@ -1,51 +0,0 @@
-+++
-aliases = ["/docs/grafana/latest/admin/view-server-stats/", "/docs/grafana/latest/administration/view-server/view-server-stats/"]
-keywords = ["grafana", "server", "statistics"]
-title = "View server stats"
-weight = 400
-+++
-
-# View Grafana server stats
-
-> Refer to [Role-based access control]({{< relref "../../enterprise/access-control/_index.md" >}}) in Grafana Enterprise to understand how you can control access with RBAC permissions.
-
-If you are a Grafana server admin, then you can view useful statistics about your Grafana server in the Stats & Licensing tab.
-
-> **Note:** Only Grafana server administrators can access the **Server Admin** menu. For more information about about administrative permissions, refer to [About users and permissions]({{< relref "../manage-users-and-permissions/about-users-and-permissions.md" >}}).
-
-## View server stats
-
-1. Log in to your Grafana server with an account that has the Grafana Admin flag set.
-1. Hover your cursor over the **Server Admin** (shield) icon in the side menu and then click the **Stats & Licensing** tab.
-
-## Available stats
-
-The following statistics are displayed in the Stats tab:
-
-- Total users
-  **Note:** Total users = Total admins + Total editors + Total viewers
-- Total admins
-- Total editors
-- Total viewers
-- Active users (seen last 30 days)
-  **Note:** Active users = Active admins + Active editors + Active viewers
-- Active admins (seen last 30 days)
-- Active editors (seen last 30 days)
-- Active viewers (seen last 30 days)
-- Active sessions
-- Total dashboards
-- Total orgs
-- Total playlists
-- Total snapshots
-- Total dashboard tags
-- Total starred dashboards
-- Total alerts
-
-## Counting users
-
-If a user belongs to several organizations, then that user is counted once as a user in the highest organization role they are assigned, regardless of how many organizations the user belongs to.
-
-For example, if Sofia is a Viewer in two organizations, an Editor in two organizations, and Admin in three organizations, then she would be reflected in the stats as:
-
-- Total users 1
-- Total admins 1

docs/sources/alerting/_index.md

@@ -1,35 +1,72 @@
-+++
-aliases = ["/docs/grafana/latest/alerting/", "/docs/grafana/latest/alerting/unified-alerting/difference-old-new/"]
-title = "Alerting"
-weight = 114
-+++
+---
+aliases:
+  - /docs/grafana/latest/alerting/
+  - /docs/grafana/latest/alerting/unified-alerting/alerting/
+  - /docs/grafana/latest/about-alerting
+title: Alerting
+weight: 114
+---
 
-# Grafana alerting
+# Grafana Alerting
 
-Grafana alerts allow you to learn about problems in your systems moments after they occur. Robust and actionable alerts help you identify and resolve issues quickly, minimizing disruption to your services. It centralizes alerting information in a single, searchable view that allows you to:
+Grafana Alerting allows you to learn about problems in your systems moments after they occur. Create, manage, and take action on your alerts in a single, consolidated view, and improve your team’s ability to identify and resolve issues quickly.
 
-- Create and manage Grafana alerts
-- Create and manage Grafana Mimir and Loki managed alerts
-- View alerting information from Prometheus and Alertmanager compatible data sources
+Grafana Alerting is available for Grafana OSS, Grafana Enterprise, or Grafana Cloud. With Mimir and Loki alert rules you can run alert expressions closer to your data and at massive scale, all managed by the Grafana UI you are already familiar with.
 
-For new installations or existing installs without alerting configured, Grafana alerting is enabled by default.
+Watch this video to learn more about Grafana Alerting: {{< vimeo 720001629 >}}
 
-| Release     | Cloud         | Enterprise    | OSS           |
-| ----------- | ------------- | ------------- | ------------- |
-| Grafana 9.0 | On by default | On by default | On by default |
+## Overview
 
-- For existing OSS installations with legacy dashboard alerting, you can [opt-in]({{< relref "./opt-in.md" >}}) to Grafana alerting.
-- For Grafana Cloud instances using legacy cloud alerting, contact customer support to migrate to Grafana alerting.
+The following diagram gives you an overview of how Grafana Alerting works and introduces you to some of the key concepts that work together and form the core of our flexible and powerful alerting engine.
 
-Before you begin, we recommend that you familiarize yourself with some of the [fundamental concepts]({{< relref "./fundamentals/_index.md" >}}) of Grafana alerting. Refer to [Role-based access control]({{< relref "../enterprise/access-control/_index.md" >}}) in Grafana Enterprise to learn more about controlling access to alerts using role-based permissions.
+{{< figure src="/static/img/docs/alerting/unified/about-alerting-flow-diagram-latest.png" caption="Grafana Alerting overview" >}}
 
-- [Enable Grafana alerting in OSS]({{< relref "./opt-in.md" >}})
-- [Migrating legacy alerts]({{< relref "./migrating-legacy-alerts.md" >}})
-- [Create Grafana managed alerting rules]({{< relref "alerting-rules/create-grafana-managed-rule.md" >}})
-- [Create Grafana Mimir or Loki managed alerting rules]({{< relref "alerting-rules/create-mimir-loki-managed-rule.md" >}})
-- [View existing alerting rules and manage their current state]({{< relref "alerting-rules/rule-list.md" >}})
-- [View the state and health of alerting rules]({{< relref "./fundamentals/state-and-health.md" >}})
-- [View alert groupings]({{< relref "./alert-groups/_index.md" >}})
-- [Add or edit an alert contact point]({{< relref "./contact-points/_index.md" >}})
-- [Add or edit notification policies]({{< relref "./notifications/_index.md" >}})
-- [Add or edit silences]({{< relref "./silences/_index.md" >}})
+1. Alert rules
+
+   Set evaluation criteria that determines whether an alert instance will fire. An alert rule consists of one or more queries and expressions, a condition, the frequency of evaluation, and optionally, the duration over which the condition is met.
+
+   Grafana managed alerts support multi-dimensional alerting, which means that each alert rule can create multiple alert instances. This is exceptionally powerful if you are observing multiple series in a single expression.
+
+   Once an alert rule has been created, they go through various states and transitions. The state and health of alert rules help you understand several key status indicators about your alerts.
+
+1. Labels
+
+   Match an alert rule and its instances to notification policies and silences. They can also be used to group your alerts by severity.
+
+1. Notification policies
+
+   Set where, when, and how the alerts get routed. Each notification policy specifies a set of label matchers to indicate which alerts they are responsible for. A notification policy has a contact point assigned to it that consists of one or more notifiers.
+
+1. Contact points
+
+   Define how your contacts are notified when an alert fires. We support a multitude of ChatOps tools to ensure the alerts come to your team.
+
+## Features
+
+**One page for all alerts**
+
+A single Grafana Alerting page consolidates both Grafana-managed alerts and alerts that reside in your Prometheus-compatible data source in one single place.
+
+**Multi-dimensional alerts**
+
+Alert rules can create multiple individual alert instances per alert rule, known as multi-dimensional alerts, giving you the power and flexibility to gain visibility into your entire system with just a single alert.
+
+**Routing alerts**
+
+Route each alert instance to a specific contact point based on labels you define. Notification policies are the set of rules for where, when, and how the alerts are routed to contact points.
+
+**Silencing alerts**
+
+Silences allow you to stop receiving persistent notifications from one or more alerting rules. You can also partially pause an alert based on certain criteria. Silences have their own dedicated section for better organization and visibility, so that you can scan your paused alert rules without cluttering the main alerting view.
+
+**Mute timings**
+
+With mute timings, you can specify a time interval when you don’t want new notifications to be generated or sent. You can also freeze alert notifications for recurring periods of time, such as during a maintenance period.
+
+## Useful links
+
+- [Fundamental concepts]({{< relref "fundamentals/" >}}) of Grafana Alerting.
+
+- [Role-based access control]({{< relref "../administration/roles-and-permissions/access-control/" >}}) in Grafana Enterprise.
+
+- [Alertmanager]({{< relref "fundamentals/alertmanager/" >}}) and [High availability]({{< relref "./high-availability/" >}})

docs/sources/alerting/alert-groups/_index.md

@@ -1,16 +1,22 @@
-+++
-title = "Alert groups"
-description = "Alert groups"
-keywords = ["grafana", "alerting", "alerts", "groups"]
-weight = 445
-aliases = ["/docs/grafana/latest/alerting/unified-alerting/alert-groups/"]
-+++
+---
+aliases:
+  - /docs/grafana/latest/alerting/alert-groups/
+  - /docs/grafana/latest/alerting/unified-alerting/alert-groups/
+description: Alert groups
+keywords:
+  - grafana
+  - alerting
+  - alerts
+  - groups
+title: Alert groups
+weight: 445
+---
 
 # Alert groups
 
-Alert groups show grouped alerts from an Alertmanager instance. By default, the alerts are grouped by the label keys for the root policy in [notification policies]({{< relref "../notifications/_index.md" >}}). Grouping common alerts into a single alert group prevents duplicate alerts from being fired.
+Alert groups show grouped alerts from an Alertmanager instance. By default, the alerts are grouped by the label keys for the root policy in [notification policies]({{< relref "../notifications/" >}}). Grouping common alerts into a single alert group prevents duplicate alerts from being fired.
 
 For more information, see:
 
-- [View alert groupings]({{< relref "./view-alert-grouping.md" >}})
-- [Filter alerts by group]({{< relref "./filter-alerts.md" >}})
+- [View alert groupings]({{< relref "view-alert-grouping/" >}})
+- [Filter alerts by group]({{< relref "filter-alerts/" >}})