Service users allow users to create dedicated tokens for programmatic access to the UbiOps API, for example for creating model requests in your own scripts and code. Service users are not able to login to UbiOps.
Users can configure permissions for each service user to limit what it can access by assigning roles just like normal users.
Start by going to Users & permissions in the sidebar, then navigate to the API Tokens tab. Here you can click the [+] Add button to create a new service user. You don't have to provide an email address, just the name of the user. Copy the service token from the pop-up and store it somewhere safe, you will never be able to retrieve this token again.
Service users have no default roles. You have to create them like any other user.
If a service user token is lost, the token for that service user may be reset. The old token becomes invalid.
If you just want to test things out you can use the project-editor role.
Permissions and roles work just like they do on normal users. See Permissions and roles for more information. The user needs the roles.assignments.create permission to be able to assign roles to service users.
Service users are meant to interact with UbiOps programmatically and are defined on project level. Therefore, they are not allowed to have permissions regarding 'Roles' and 'Users' and they cannot perform actions on 'Organization' level. A user is therefore not able to assign roles that have one or multiple of these permissions.
Updated 8 days ago