mirror of
https://github.com/Unleash/unleash.git
synced 2025-01-01 00:08:27 +01:00
95f4f641b5
https://linear.app/unleash/issue/2-1136/custom-root-roles-documentation - [Adds documentation referencing custom root roles](https://unleash-docs-git-docs-custom-root-roles-unleash-team.vercel.app/reference/rbac); - [Adds a "How to create and assign custom root roles" how-to guide](https://unleash-docs-git-docs-custom-root-roles-unleash-team.vercel.app/how-to/how-to-create-and-assign-custom-root-roles); - Standardizes "global" roles to "root" roles; - Standardizes "standard" roles to "predefined" roles to better reflect their behavior and what is shown in our UI; - Updates predefined role descriptions and makes them consistent; - Updates the side panel description of the user form; - Includes some boy scouting with some tiny fixes of things identified along the way (e.g. the role form was persisting old data when closed and re-opened); Questions: - Is it worth expanding the "Assigning custom root roles" section in the "How to create and assign custom root roles" guide to include the steps for assigning a root role for each entity (user, service account, group)? - Should this PR include an update to the existing "How to create and assign custom project roles" guide? We've since updated the UI; --------- Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
46 lines
2.6 KiB
Plaintext
46 lines
2.6 KiB
Plaintext
---
|
|
title: How to create service accounts
|
|
---
|
|
|
|
:::info availability
|
|
|
|
Service accounts is an enterprise feature available from Unleash 4.21 onwards.
|
|
|
|
:::
|
|
|
|
[Service accounts](../reference/service-accounts.md) enable Unleash admins to create accounts that act as users and respect the same set of permissions, however they do not have a password and cannot log in to the Unleash UI. Instead, they are intended to be used to access the Unleash API programatically.
|
|
|
|
## Step 1: Navigate to the service accounts page {#step-1}
|
|
|
|
Navigate to the _service accounts_ page in the admin UI (available at the URL `/admin/service-accounts`). Use the _settings_ button in the navigation menu and select "service accounts".
|
|
|
|
![The admin UI navigation settings submenu with the Service accounts item highlighted.](/img/service-account-1.png)
|
|
|
|
## Step 2: Click the "new service account" button {#step-2}
|
|
|
|
Use the "new service account" button to open the "new service account" form.
|
|
|
|
![The "service accounts" table with the "new service account" button highlighted.](/img/service-account-2.png)
|
|
|
|
## Step 3: Fill in the service account form {#step-3}
|
|
|
|
Give your new service account a name. After leaving the name field, the username field is pre-filled with a suggestion based on the name you entered, but you can change it to whatever you like.
|
|
|
|
Select a [root role](https://docs.getunleash.io/reference/rbac#predefined-roles) for your service account, which will define what your new service account will be allowed to do. The roles that you can assign to service accounts are the same ones that are available for regular users.
|
|
|
|
![The service account form filled with some example data, and the "add service account" button highlighted at the bottom.](/img/service-account-3.png)
|
|
|
|
You can optionally generate a token for the new service account right away. Give your token a description and optionally set an expiry date. By default the expiry date is set to 30 days. The token will be generated when you submit the form.
|
|
|
|
![The service account form with the token section highlighted and the "generate a token now" option selected](/img/service-account-4.png)
|
|
|
|
![The token details with the "copy token" element highlighted.](/img/service-account-5.png)
|
|
|
|
## Managing service account tokens
|
|
|
|
You can later manage service account tokens by editing the respective service account. This allows you to add new tokens to that service account or delete existing ones.
|
|
|
|
![The service account table with the "edit" button highlighted.](/img/service-account-6.png)
|
|
|
|
![The service account form with the tokens table highlighted](/img/service-account-tokens.png)
|