Channels
pacc-may-31-2023
prefect-ai
pacc-clearcover-june-12-2023
marvin-in-the-wild
data-ecosystem
geo-israel
geo-japan
prefect-cloud
ppcc-may-16-2023
prefect-azure
prefect-docker
prefect-recipes
gratitude
geo-nyc
geo-bay-area
geo-boston
geo-london
geo-dc
geo-chicago
geo-berlin
geo-texas
geo-seattle
geo-colorado
prefect-community
data-tricks-and-tips
prefect-aws
prefect-gcp
introductions
find-a-prefect-job
prefect-dbt
random
events
ask-marvin
show-us-what-you-got
prefect-getting-started
prefect-integrations
prefect-contributors
best-practices-coordination-plane
announcements
prefect-server
prefect-ui
prefect-kubernetes
Title
a
Abin Joseph
06/16/2022, 9:12 AMHi there, I'm evaluating Prefect for a client of mine. Just wanted to know whether we can restrict users from overriding kubernetes service account when they trigger the flows. We control resource access through AWS IRSA and letting users override service accounts would be a security nightmare.
a
Anna Geller
06/16/2022, 11:15 AMis this for Prefect 2.0 or 1.0? reference https://discourse.prefect.io/t/should-i-start-with-prefect-2-0-orion-skipping-prefect-1-0/544
it depends a lot on who your users are and how they are using Prefect - if they can write Python and can create new deployments/register flows, then you can't enforce that directly unless you'd use RBAC, which is an enterprise feature
I encourage you to ask sales@prefect.io - they can answer this one better than I can since this is essentially RBAC/user management question
a
Abin Joseph
06/16/2022, 11:19 AM@Anna Geller
It was about Prefect 1.0. But I want to understand whether this is doable in Prefect 2.0 as well.
Our plan is to allow our users to develop/test flows locally but they won't have access to register the flows, this would be done by the admins.
a
Anna Geller
06/16/2022, 11:28 AMall definitely doable but you'd need to talk to sales@prefect.io about that