Ah, the joy of service accounts and workspace roles. It's like watching paint dry, but without the exciting color changes.
Service accounts are typically used to configure API access for running agents or executing flow runs on remote infrastructure. They are created at the organization level, but can be shared to individual workspaces within the organization.
Workspace roles, on the other hand, are tied to the permissions within a workspace. Each workspace may have its own members and service accounts with roles and permissions specific to that workspace. Organization Admins have full access to all workspaces in an organization.
You can make a workspace available to any user in an organization by setting a default role for "Anyone at...". Users in the organization may access the workspace with the specified default role permissions. However, these default workspace roles do not apply to service accounts.
Only organization Admins and workspace Owners may add members or service accounts to a workspace. Members and service accounts must already be configured for the organization. An Admin or Owner may configure a different role for the user or service account as needed.
For more exhilarating details, you can visit the
documentation. Enjoy.