Manage Service Users
This is a guide for Administrators about to how to create, list, and delete service users in SENSA Fabric using the CLI.
Service users are non-human system access accounts that allow for programmatic access through a system-owned personal access token. Service users are recommended for automated access across teams.
Prerequisites
- SENSA Fabric CLI is installed
- Administrator role in the SENSA Fabric system
Create Service User
In the CLI enter:
cortex users create <user-name>
Example
cortex users create agentInvoker
Response
{
"success": true,
"config": {
"jwk": {
"crv": "xxxx",
"x": "xxxx",
"d": "xxxx",
"kty": "xxx",
"kid": "xxxx"
},
"issuer": "cognitivescale.com",
"audience": "cortex",
"username": "xxxx",
"url": "https://api.test.eks.insights.ai"
},
"token": "xxxx"
}The
config
property of the response contains the Personal Access Token assigned to authenticate the service user so it can create JWT tokens for system access.The
token
property contains a currently valid JWT token for this user.Save the PAT returned when you create the user. This is the value that is needed to generate JWT tokens.
cautionYou will not have another chance to view this token.
If the service user's PAT is lost or compromised, delete it and create a new service user.
You can use the
token
from the response immediately to call API methods directly by entering the JWT in the Authorization API header.To authenticate to the CLI as the service user, run
cortex configure
and provide the PAT token (theconfig
property of response in {}) when prompted.Service users are created without roles/grants. By default a service user has access to API methods so assigning roles/grants is optional.
Use the instruction found here if you want to manage grants for this user.
cautionService users must be assigned the "Administrator" role or specific administrator grants to be able to perform actions like creating secrets, managing authorization, promoting agents FabricOps, creating Projects, and importing-exporting Campaigns.
List Service Users
To get a list of service users that have been created by team admins run the following:
cortex users list
Response
{
"success": true,
"users": [
"agentInvoke"
]
}
Delete Service Users
To delete a service user and invalidate all existing tokens created by this service user in Fabric run:
cortex users delete agentInvoke
Response
{
"success": true,
"message": "agentInvoke deactivated"
}
When the user is deleted, any assigned roles and grants are persisted and are enforced if a user with the same name is recreated.
If you are working as system user, and another admin deletes the user you will no longer be able to make requests into the system.