Skip to content

Managing users and access

Managing FlowAPI access with FlowAuth

Granting user permissions

FlowAuth is the tool which analysts will use to generate tokens which will allow them to communicate with a FlowKit server through FlowAPI. The following steps using the FlowAuth administration tool are required to add a user and allow them to generate access tokens:

  1. Log into FlowAuth as an administrator.

  2. Under "Servers", add a new server by clicking the '+' button, uploading the spec downloaded from the server, and setting the latest expiry and longest life for tokens.

  3. Enable or disable permissions for this server under "Available API scopes".

  4. Under "Users", add a new user, and set the username and password.

  5. Either:

    • Add a server to the user, and enable/disable API scopes

  6. Or:

    • Under "Groups", add a new group,

    • Add a server to the group, and enable/disable API scopes

    • Add the user to the group.

The user can then log into FlowAuth and generate a token (see the analyst section for instructions).

Managing access to FlowDB

Because FlowDB is built using PostgreSQL, you can use standard Postgres commands to manage users. FlowDB contains some default roles which you can use as group templates using CREATE ROLE INHERIT:

Schema Read access Write access
cache flowmachine, flowapi flowmachine
results flowmachine flowmachine
features flowmachine flowmachine
geography flowmachine, flowapi
population flowmachine
elevation flowmachine
events flowmachine
dfs flowmachine
infrastructure flowmachine
routing flowmachine
interactions flowmachine
etl flowmachine

It is recommended that after creating a user with a temporary password that they connect using psql, and use the \password command to set a new password.


You can manage FlowDB using psql from inside the docker container:

docker exec -it <container_name> psql -U flowdb