Managing users and access
Managing FlowAPI access with FlowAuth¶
Granting user permissions¶
FlowAuth is the tool which analysts will use to generate tokens which will allow them to communicate with a FlowKit server through FlowAPI. The following steps using the FlowAuth administration tool are required to add a user and allow them to generate access tokens:
-
Log into FlowAuth as an administrator.
-
Under "Servers", add a new server by clicking the '+' button, uploading the spec downloaded from the server, and setting the latest expiry and longest life for tokens.
-
Enable or disable permissions for this server under "Available API scopes".
-
Under "Users", add a new user, and set the username and password.
-
Either:
- Add a server to the user, and enable/disable API scopes
-
Or:
-
Under "Groups", add a new group,
-
Add a server to the group, and enable/disable API scopes
-
Add the user to the group.
-
The user can then log into FlowAuth and generate a token (see the analyst section for instructions).
Managing access to FlowDB¶
Because FlowDB is built using PostgreSQL, you can use standard Postgres commands to manage users. FlowDB contains some default roles which you can use as group templates using CREATE ROLE INHERIT:
| Schema | Read access | Write access |
|---|---|---|
| cache | flowmachine, flowapi | flowmachine |
| results | flowmachine | flowmachine |
| features | flowmachine | flowmachine |
| geography | flowmachine, flowapi | |
| population | flowmachine | |
| elevation | flowmachine | |
| events | flowmachine | |
| dfs | flowmachine | |
| infrastructure | flowmachine | |
| routing | flowmachine | |
| interactions | flowmachine | |
| etl | flowmachine |
It is recommended that after creating a user with a temporary password that they connect using psql, and use the \password command to set a new password.
Note
You can manage FlowDB using psql from inside the docker container:
docker exec -it <container_name> psql -U flowdb