API: Unable to create silences using the API

[rwkymapcreator]

What happened?

When trying to create a silence either with basic auth or via a service account with both with instance admin rights on OSS install it fails.

Sample curl

curl -u USER:PASS -d '{"matchers": [{"name": "alertname", "value": "alertname", "isRegex": false}], "startsAt": "2024-06-20T00:00:00Z", "endsAt": "2024-06-21T00:00:00Z", "comment": "Silence for maintenance"}' https://<url>/api/alertmanager/grafana/api/v2/silences

Output

{"accessErrorId":"ACE4997285453","message":"You'll need additional permissions to perform this action. Permissions needed: any of alert.instances:create, alert.instances:write","title":"Access denied"}

What did you expect to happen?

A silence is created

Did this work before?

Never tried it before

How do we reproduce it?

1. Using basic auth or service token try and create a silence

Is the bug inside a dashboard panel?

No response

Environment (with versions)?

Grafana: 11.0.0
OS: Docker image
Browser: Curl

Grafana platform?

Docker

Datasource(s)?

No response

[Jguer]

Hey @rwkymapcreator , a system admin is not guaranteed to have org admin permissions. Have you ensured your user/service account is part of the org and is an org admin?

[rwkymapcreator]

Yep and I even created a new user and added it to the org just to see if it was a problem with the account.

[JacobsonMT]

Hi @rwkymapcreator, what permissions does your user have? Is it missing both alert.instances:create and alert.instances:write as the response implies?

You can view your current user permissions by visiting: /api/access-control/user/permissions

[rwkymapcreator]

Hi

Here's the permissions output, there is no alert.instances:create or alert.instances:write

{
  "alert.instances.external:read": [
    "datasources:*"
  ],
  "alert.instances:read": [
    ""
  ],
  "alert.notifications.external:read": [
    "datasources:*"
  ],
  "alert.notifications.receivers:list": [
    ""
  ],
  "alert.notifications.receivers:read": [
    ""
  ],
  "alert.notifications.time-intervals:read": [
    "",
    ""
  ],
  "alert.notifications:read": [
    ""
  ],
  "alert.rules.external:read": [
    "datasources:*"
  ],
  "alert.rules:read": [
    "folders:*",
    "folders:uid:lvrkFXQ7z"
  ],
  "annotations:create": [
    "annotations:type:dashboard"
  ],
  "annotations:delete": [
    "annotations:type:dashboard"
  ],
  "annotations:read": [
    "annotations:*",
    "dashboards:uid:YXtzMIBVk",
    "dashboards:uid:5xVucSfVk",
    "dashboards:uid:nKI2tSB4z",
    "dashboards:uid:ulgb8SBVk",
    "dashboards:uid:odckY664z",
    "dashboards:uid:L82FnSB4k",
    "dashboards:uid:JaqhFIf4z",
    "dashboards:uid:hwdycSBVk",
    "dashboards:uid:d6rLpIBVk",
    "dashboards:uid:d0a00d76-2aab-40b2-8e11-d1bdfbabb726",
    "folders:uid:lvrkFXQ7z",
    "dashboards:uid:eMKhVMwnk",
    "dashboards:uid:m-Ik4SB4z",
    "dashboards:uid:7aWkYIfVk"
  ],
  "annotations:write": [
    "annotations:type:dashboard"
  ],
  "dashboards:read": [
    "dashboards:uid:eMKhVMwnk",
    "folders:uid:lvrkFXQ7z",
    "dashboards:uid:YXtzMIBVk",
    "dashboards:uid:L82FnSB4k",
    "dashboards:uid:m-Ik4SB4z",
    "dashboards:uid:JaqhFIf4z",
    "dashboards:uid:hwdycSBVk",
    "dashboards:uid:5xVucSfVk",
    "dashboards:uid:nKI2tSB4z",
    "dashboards:uid:d6rLpIBVk",
    "dashboards:uid:7aWkYIfVk",
    "dashboards:uid:ulgb8SBVk",
    "dashboards:uid:odckY664z",
    "dashboards:uid:d0a00d76-2aab-40b2-8e11-d1bdfbabb726"
  ],
  "datasources.id:read": [
    "datasources:*"
  ],
  "datasources:query": [
    "datasources:*",
    "datasources:uid:grafana"
  ],
  "datasources:read": [
    "datasources:*",
    "datasources:uid:grafana"
  ],
  "folders:read": [
    "folders:uid:general",
    "folders:uid:sharedwithme",
    "folders:uid:lvrkFXQ7z"
  ],
  "library.panels:read": [
    "folders:uid:general",
    "folders:uid:lvrkFXQ7z"
  ],
  "orgs.quotas:read": [
    ""
  ],
  "orgs:read": [
    ""
  ],
  "plugins.app:access": [
    "plugins:*"
  ]
}