https://prefect.io logo
m

Matt Delacour

08/04/2022, 2:25 PM
Why can't I create users with the GraphQL API? Even though my account is an admin one ... 🤔 What kind of permissions do I need?
👀 1
It's funny that "Admin" cannot create users 🤔 Kinda no one can create users ....
z

Zach Angell

08/04/2022, 7:34 PM
Indeed kinda no one can create users! Any user creation via that GraphQL API call is restricted to Prefect Admins. All other user creation first requires going through our authentication. When signing up, users must first create an account using SSO or email. Once authentication passes, the user is created automatically by Prefect on their first “login” event. Improving the user provisioning experience is on the 2.0 roadmap, would love any feedback you have! Loosely related - as a tenant admin you can create “service accounts” via the graphql api, including assigning them roles and creating api keys for them. It sounds like you’re focused on adding actual humans though 😄
m

Matt Delacour

08/04/2022, 8:17 PM
Ok this is interesting ... I am trying to ask users to add their email in a
config.yml
file in a centralized repository and then we would keep Prefect access automatically. This will make it easier for onboarding & offboarding users. As well as from a security perspective
👍 1
If I ask a user to create their account using Google SSO, Can I invite them to your workspaces programatically ?
Or we cannot because this is also considered as "creating a user" ?
z

Zach Angell

08/04/2022, 8:50 PM
Inviting users can be done via our api with the
create_membership_invitation
mutation! You’ll just need to provide an
email
and
role
(or
role_id
) Note - these users’ accounts do not need to be created to send invitations. They’ll get invitations in their email or see them in the Cloud UI when they login
m

Matt Delacour

08/04/2022, 9:18 PM
perfect , thank you
And once they accept the invitation, they will show up with the following GraphQL query I guess ?!
Copy code
query {
    user_view_same_tenant(where:{account_type: {_eq: "USER"}}) {
        id
        email
        username
    }
}
z

Zach Angell

08/05/2022, 1:26 AM
exactly!
3 Views