Skip to content

Commit 8563514

Browse files
[service-users] docs (#33050)
## Summary & Motivation Add docs for Service Users. Rather than adding a new page, I just made some edits to the existing Users and Tokens pages. Also includes some new screenshots. ## How I Tested These Changes Existing test suite. --------- Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com>
1 parent f589fdd commit 8563514

5 files changed

Lines changed: 41 additions & 1 deletion

File tree

docs/docs/deployment/dagster-plus/authentication-and-access-control/rbac/users.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,13 @@ In this guide, you'll learn how to manage users and their permissions using the
2525
- **If using Google for Single sign-on (SSO)**, users must be added in Dagster+ before they can log in.
2626
- **If using an Identity Provider (IdP) like Okta for SSO**, users must be assigned to the Dagster app in the IdP to be able to log in to Dagster+. Refer to the [SSO setup guides](/deployment/dagster-plus/authentication-and-access-control/sso) for setup instructions for each of our supported IdP solutions.
2727

28+
:::note
29+
30+
SCIM provisioning does not affect the ability to manage [service
31+
users](#service-users). Service users are always created and managed through the Dagster UI.
32+
33+
:::
34+
2835
By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the [`sso_default_role` deployment setting](/deployment/dagster-plus/deploying-code/full-deployments/full-deployment-settings-reference).
2936

3037
## Adding users to Dagster+
@@ -89,6 +96,39 @@ Removing a user removes them from the organization. **Note**: If using a SAML-ba
8996
6. Click **Remove user**.
9097
7. When prompted, confirm the removal.
9198

99+
## Service users
100+
101+
:::note
102+
103+
Service users are a Dagster+ Pro feature.
104+
105+
:::
106+
107+
Service users are non-human users that can be used to authenticate API
108+
requests, but cannot log in to the UI or be members of a team. Service users do
109+
not apply to an organization's seat cap. You can create as many as you need.
110+
111+
Service users are added, removed, and edited with the same UI as for
112+
regular users. If your organization has access to service users, the "Add New
113+
User" button above the Users table will instead be a dropdown allowing you to select
114+
between adding a new human user or a new service user.
115+
116+
![Screenshot of "Add users" dropdown](/images/dagster-plus/features/authentication-and-access-control/add-users-dropdown.png)
117+
118+
The primary identifier for a service user is its `name`, which must be unique
119+
within the organization. A description may also optionally be provided:
120+
121+
![Screenshot of "Add service user" form](/images/dagster-plus/features/authentication-and-access-control/add-service-user.png)
122+
123+
Once the service user has been created, you will be presented with the same
124+
permissions management UI as for human users:
125+
126+
![Screenshot of assigning roles to a service user](/images/dagster-plus/features/authentication-and-access-control/service-user-roles.png)
127+
128+
You will typically want to immediately create a
129+
[token](/deployment/dagster-plus/management/tokens/user-tokens) for a service user
130+
after creating it, since service users cannot do anything without a token.
131+
92132
## Next steps
93133

94134
- Learn more about role-based access control (RBAC) in [Understanding User Roles & Permissions](/deployment/dagster-plus/authentication-and-access-control/rbac/user-roles-permissions)

docs/docs/deployment/dagster-plus/management/tokens/user-tokens.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ tags: [dagster-plus-feature]
77

88
import ThemedImage from '@theme/ThemedImage';
99

10-
In this guide, we'll walk you through creating, viewing, editing, and revoking user tokens in Dagster+.
10+
In this guide, we'll walk you through creating, viewing, editing, and revoking user tokens in Dagster+. The below guide applies to both human users and [service users](/deployment/dagster-plus/authentication-and-access-control/rbac/users#service-users).
1111

1212
## Creating and revoking your own user tokens
1313

229 KB
Loading
167 KB
Loading
387 KB
Loading

0 commit comments

Comments
 (0)