Skip to content

Service Accounts docs #1214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MaedahBatool merged 1 commit into from
Jun 25, 2025
Merged

Service Accounts docs #1214

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion docs/admin/access_control/service_accounts.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,16 @@ Service accounts are created like regular user accounts, but with a few key diff
- Check the **Service account** checkbox
- Click **Create service account**

![create-service-account](https://storage.googleapis.com/sourcegraph-assets/Docs/create-service-accounts-0625.png)

You'll be presented with some next steps you might want to take, like creating an access token, managing and assigning roles, and managing repository permissions.

- Service accounts are automatically assigned the "Service Account" system role
- They appear in the user list with "Service account" type designation
- By default, service accounts can only access public and unrestricted repositories

![next-steps-service-account](https://storage.googleapis.com/sourcegraph-assets/Docs/service-accounts-next-steps-0625.png)

## Managing Access Tokens

Service accounts authenticate using access tokens rather than passwords. For detailed information about creating, managing, and using access tokens, see:
Expand All @@ -44,8 +48,12 @@ Administrators can assign additional roles to service accounts through the user
- [Managing user roles](/admin/access_control#managing-user-roles)
- [Creating custom roles](/admin/access_control#creating-a-new-role-and-assigning-it-permissions)

![service-account-roles](https://storage.googleapis.com/sourcegraph-assets/Docs/service-accounts-manage-roles-0625.png)

## Repository Permissions

Service accounts respect repository permissions and access controls. For comprehensive information about repository permissions, see the [Repository permissions](/admin/permissions) documentation.

Service accounts by default can only access public and unrestricted repositories in Sourcegraph. You may explicitly grant fine-grained access to private repositories from the service account's user settings page, under the **Repo permissions** tab, or via [the GraphQL API](/admin/permissions/api#explicit-permissions-api). In the **Repo permissions** tab, you can also grant service accounts access to all current and future repositories on Sourcegraph, regardless of their visibility, which is useful for service accounts that need to do things like perform search jobs, but admins should take care to ensure that the access tokens for these accounts are not shared with unauthorized users.
Service accounts by default can only access public and unrestricted repositories in Sourcegraph. You may explicitly grant fine-grained access to private repositories from the service account's user settings page, under the **Repo permissions** tab, or via [the GraphQL API](/admin/permissions/api#explicit-permissions-api). In the **Repo permissions** tab, you can also grant service accounts access to all current and future repositories on Sourcegraph, regardless of their visibility, which is useful for service accounts that need to do things like perform search jobs, but admins should take care to ensure that the access tokens for these accounts are not shared with unauthorized users.

![service-account-repo-permissions](https://storage.googleapis.com/sourcegraph-assets/Docs/service-accounts-repo-permissions-0625.png)