Why can't I create users with the GraphQL API? Even though my account is an admin one ... 🤔 What kind of permissions do I need?

Indeed kinda no one can create users! Any user creation via that GraphQL API call is restricted to Prefect Admins. All other user creation first requires going through our authentication. When signing up, users must first create an account using SSO or email. Once authentication passes, the user is created automatically by Prefect on their first “login” event. Improving the user provisioning experience is on the 2.0 roadmap, would love any feedback you have! Loosely related - as a tenant admin you can create “service accounts” via the graphql api, including assigning them roles and creating api keys for them. It sounds like you’re focused on adding actual humans though 😄

Ok this is interesting ... I am trying to ask users to add their email in a

config.yml

file in a centralized repository and then we would keep Prefect access automatically. This will make it easier for onboarding & offboarding users. As well as from a security perspective

Inviting users can be done via our api with the

create_membership_invitation

mutation! You’ll just need to provide an

email

and

role

(or

role_id

) Note - these users’ accounts do not need to be created to send invitations. They’ll get invitations in their email or see them in the Cloud UI when they login

perfect , thank you

exactly!