From 5bf6f9cbe1295512f51a1c5832b3282739ebd77d Mon Sep 17 00:00:00 2001 From: Maedah Batool Date: Wed, 25 Jun 2025 12:48:51 -0700 Subject: [PATCH] Service Accounts docs --- docs/admin/access_control/service_accounts.mdx | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/admin/access_control/service_accounts.mdx b/docs/admin/access_control/service_accounts.mdx index 70e309023..bc7f32fc7 100644 --- a/docs/admin/access_control/service_accounts.mdx +++ b/docs/admin/access_control/service_accounts.mdx @@ -12,12 +12,16 @@ Service accounts are created like regular user accounts, but with a few key diff - Check the **Service account** checkbox - Click **Create service account** +![create-service-account](https://storage.googleapis.com/sourcegraph-assets/Docs/create-service-accounts-0625.png) + You'll be presented with some next steps you might want to take, like creating an access token, managing and assigning roles, and managing repository permissions. - Service accounts are automatically assigned the "Service Account" system role - They appear in the user list with "Service account" type designation - By default, service accounts can only access public and unrestricted repositories +![next-steps-service-account](https://storage.googleapis.com/sourcegraph-assets/Docs/service-accounts-next-steps-0625.png) + ## Managing Access Tokens Service accounts authenticate using access tokens rather than passwords. For detailed information about creating, managing, and using access tokens, see: @@ -44,8 +48,12 @@ Administrators can assign additional roles to service accounts through the user - [Managing user roles](/admin/access_control#managing-user-roles) - [Creating custom roles](/admin/access_control#creating-a-new-role-and-assigning-it-permissions) +![service-account-roles](https://storage.googleapis.com/sourcegraph-assets/Docs/service-accounts-manage-roles-0625.png) + ## Repository Permissions Service accounts respect repository permissions and access controls. For comprehensive information about repository permissions, see the [Repository permissions](/admin/permissions) documentation. -Service accounts by default can only access public and unrestricted repositories in Sourcegraph. You may explicitly grant fine-grained access to private repositories from the service account's user settings page, under the **Repo permissions** tab, or via [the GraphQL API](/admin/permissions/api#explicit-permissions-api). In the **Repo permissions** tab, you can also grant service accounts access to all current and future repositories on Sourcegraph, regardless of their visibility, which is useful for service accounts that need to do things like perform search jobs, but admins should take care to ensure that the access tokens for these accounts are not shared with unauthorized users. \ No newline at end of file +Service accounts by default can only access public and unrestricted repositories in Sourcegraph. You may explicitly grant fine-grained access to private repositories from the service account's user settings page, under the **Repo permissions** tab, or via [the GraphQL API](/admin/permissions/api#explicit-permissions-api). In the **Repo permissions** tab, you can also grant service accounts access to all current and future repositories on Sourcegraph, regardless of their visibility, which is useful for service accounts that need to do things like perform search jobs, but admins should take care to ensure that the access tokens for these accounts are not shared with unauthorized users. + +![service-account-repo-permissions](https://storage.googleapis.com/sourcegraph-assets/Docs/service-accounts-repo-permissions-0625.png)