Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi there, I'm evaluating Prefect for a client of mine. Just wanted to know whether we can restrict users from overriding kubernetes service account when they trigger the flows. We control resource access through AWS IRSA and letting users override service accounts would be a security nightmare.

is this for Prefect 2.0 or 1.0? reference <https://discourse.prefect.io/t/should-i-start-with-prefect-2-0-orion-skipping-prefect-1-0/544>

it depends a lot on who your users are and how they are using Prefect - if they can write Python and can create new deployments/register flows, then you can't enforce that directly unless you'd use RBAC, which is an enterprise feature

I encourage you to ask <mailto:sales@prefect.io|sales@prefect.io> - they can answer this one better than I can since this is essentially RBAC/user management question

<@U02H1A95XDW>
It was about Prefect 1.0. But I want to understand whether this is doable in Prefect 2.0 as well.

Our plan is to allow our users to develop/test flows locally but they won't have access to register the flows, this would be done by the admins.

all definitely doable but you'd need to talk to <mailto:sales@prefect.io|sales@prefect.io> about that