What is the best practice when several users runni...
# prefect-server
What is the best practice when several users running flows/tasks on the same machine (hadoop node) while having different users permissions then the user running the prefect agent? do we need to run multiple agents on the same machine, or is there some way to specify which user the task should run as ?
User-based RBAC is an Enterprise feature, and this is not something available as part of the OSS Prefect Server. If you are interested, you can send an email to sales@prefect.io
working on it 🙂 thanks
👍 1
@Anna Geller What about impersonating a user? when we run a flow using
it runs fine. but when we register the service,
, it runs as a different user, that has different permissions. How do we go around that ?
Why would register run as a different user? I don't fully understand the problem you are describing. Prefect permissions determine what API actions specific users can perform. Your OS-level permissions determine what processes can be executed on the machine - does it answer your question?
A single prefect agents is running on the machine used by several users. So when prefect runs registered tasks, it runs them as the user we used to start the prefect agent. but different users on the machine have different permissions, and sometimes have different user group, which prevents from the registered task to run properly. running manually, using
works fine
Thanks for explaining, I understand the problem now. You're 100% that this is not an ideal scenario and to solve that problem Cloud 1.0 has a concept of service account API keys https://cloud.prefect.io/team/service-accounts instead of user-scoped API keys, and Cloud 2.0 will have a concept of Bots API Keys 🤖