You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
## Summary & Motivation
Add docs for Service Users. Rather than adding a new page, I just made
some edits to the existing Users and Tokens pages. Also includes some
new screenshots.
## How I Tested These Changes
Existing test suite.
---------
Co-authored-by: graphite-app[bot] <96075541+graphite-app[bot]@users.noreply.github.com>
Copy file name to clipboardExpand all lines: docs/docs/deployment/dagster-plus/authentication-and-access-control/rbac/users.md
+40Lines changed: 40 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,6 +25,13 @@ In this guide, you'll learn how to manage users and their permissions using the
25
25
-**If using Google for Single sign-on (SSO)**, users must be added in Dagster+ before they can log in.
26
26
-**If using an Identity Provider (IdP) like Okta for SSO**, users must be assigned to the Dagster app in the IdP to be able to log in to Dagster+. Refer to the [SSO setup guides](/deployment/dagster-plus/authentication-and-access-control/sso) for setup instructions for each of our supported IdP solutions.
27
27
28
+
:::note
29
+
30
+
SCIM provisioning does not affect the ability to manage [service
31
+
users](#service-users). Service users are always created and managed through the Dagster UI.
32
+
33
+
:::
34
+
28
35
By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the [`sso_default_role` deployment setting](/deployment/dagster-plus/deploying-code/full-deployments/full-deployment-settings-reference).
29
36
30
37
## Adding users to Dagster+
@@ -89,6 +96,39 @@ Removing a user removes them from the organization. **Note**: If using a SAML-ba
89
96
6. Click **Remove user**.
90
97
7. When prompted, confirm the removal.
91
98
99
+
## Service users
100
+
101
+
:::note
102
+
103
+
Service users are a Dagster+ Pro feature.
104
+
105
+
:::
106
+
107
+
Service users are non-human users that can be used to authenticate API
108
+
requests, but cannot log in to the UI or be members of a team. Service users do
109
+
not apply to an organization's seat cap. You can create as many as you need.
110
+
111
+
Service users are added, removed, and edited with the same UI as for
112
+
regular users. If your organization has access to service users, the "Add New
113
+
User" button above the Users table will instead be a dropdown allowing you to select
114
+
between adding a new human user or a new service user.
115
+
116
+

117
+
118
+
The primary identifier for a service user is its `name`, which must be unique
119
+
within the organization. A description may also optionally be provided:
120
+
121
+

122
+
123
+
Once the service user has been created, you will be presented with the same
124
+
permissions management UI as for human users:
125
+
126
+

127
+
128
+
You will typically want to immediately create a
129
+
[token](/deployment/dagster-plus/management/tokens/user-tokens) for a service user
130
+
after creating it, since service users cannot do anything without a token.
131
+
92
132
## Next steps
93
133
94
134
- Learn more about role-based access control (RBAC) in [Understanding User Roles & Permissions](/deployment/dagster-plus/authentication-and-access-control/rbac/user-roles-permissions)
Copy file name to clipboardExpand all lines: docs/docs/deployment/dagster-plus/management/tokens/user-tokens.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ tags: [dagster-plus-feature]
7
7
8
8
import ThemedImage from '@theme/ThemedImage';
9
9
10
-
In this guide, we'll walk you through creating, viewing, editing, and revoking user tokens in Dagster+.
10
+
In this guide, we'll walk you through creating, viewing, editing, and revoking user tokens in Dagster+. The below guide applies to both human users and [service users](/deployment/dagster-plus/authentication-and-access-control/rbac/users#service-users).
0 commit comments