|
1 | 1 | # Service Accounts |
2 | 2 |
|
3 | | -Service accounts are specialized user accounts designed for automation, API integrations, and programmatic access to Sourcegraph, as opposed to using access tokens from regular users. Unlike regular user accounts, service accounts don't require an email address or password and cannot access the Sourcegraph UI. They are specifically intended for automated workflows, CI/CD pipelines, scripts, and other non-human access patterns. Service accounts also don't count towards the user limit and won't be part of any billing cycles. |
| 3 | +Service accounts are specialized user accounts designed for automation, API integrations, and programmatic access to Sourcegraph, as opposed to using access tokens from regular users. Unlike regular user accounts, service accounts don't require an email address or password, cannot access the Sourcegraph UI, don't count towards a license's user limit and won't be part of any billing cycles. |
4 | 4 |
|
5 | 5 | ## Creating Service Accounts |
6 | 6 |
|
7 | 7 | Service accounts are created like regular user accounts, but with a few key differences. |
8 | 8 |
|
9 | 9 | - Go to **Site admin** → **Users & auth** → **Users** |
10 | 10 | - Click **Create User** |
11 | | -- Enter a descriptive **Username** (e.g., `ci-automation`, `api-integration`) |
| 11 | +- Enter a descriptive **Username** (e.g., `ci-bot-scip-uploads`, `api-search-jobs`) |
12 | 12 | - Check the **Service account** checkbox |
13 | 13 | - Click **Create service account** |
14 | 14 |
|
15 | 15 | You'll be presented with some next steps you might want to take, like creating an access token, managing and assigning roles, and managing repository permissions. |
16 | 16 |
|
17 | 17 | - Service accounts are automatically assigned the "Service Account" system role |
18 | 18 | - They appear in the user list with "Service account" type designation |
| 19 | +- By default, service accounts can only access public and unrestricted repositories |
19 | 20 |
|
20 | 21 | ## Managing Access Tokens |
21 | 22 |
|
@@ -47,4 +48,4 @@ Administrators can assign additional roles to service accounts through the user |
47 | 48 |
|
48 | 49 | Service accounts respect repository permissions and access controls. For comprehensive information about repository permissions, see the [Repository permissions](/admin/permissions) documentation. |
49 | 50 |
|
50 | | -Service accounts cannot have external service accounts. If service accounts need access to private repositories, they must explicitly be granted access to those repositories. This can be done from the service account's user settings page, under the **Repo permissions** tab, or via [the GraphQL API](/admin/permissions/api#explicit-permissions-api). |
| 51 | +Service accounts by default can only access public and unrestricted repositories in Sourcegraph. You may explicitly grant fine-grained access to private repositories from the service account's user settings page, under the **Repo permissions** tab, or via [the GraphQL API](/admin/permissions/api#explicit-permissions-api). |
0 commit comments