Skip to content

Service Users and API Tokens

Service users allow users to create dedicated tokens for programmatic access to the UbiOps API, for example for creating model requests in your own scripts and code. Service users are not able to login to UbiOps. Users can configure permissions for each service user to limit what it can access by assigning roles just like normal users.

Creating a Service user


Service users are not defined in a project on default. You have to create them like any other user.

If a service user token is lost, the token for that service user may be reset. The old token becomes invalid.

Service user permissions

Default role service users

There is one default Service users-role available and it's the service-user-project-admin role. This role contains all permissions a regular project-admin has. If you want stricter permissions for a service user, you can create a custom role and assign it to the service user, just like any other user.

Permissions and roles work just like they do on normal users. See Permissions and roles for more information. The user needs the roles.assignments.create permission to be able to assign roles to service users.

Service users are meant to interact with UbiOps programmatically and are defined on project level. Therefore, they are not allowed to have permissions regarding 'Roles' and 'Users' and they cannot perform actions on 'Organization' level. A user is therefore not able to assign roles that have one or multiple of these permissions.