Tokens and User Impersonation#

ClusterWareAI ™ users can create service tokens that impersonate their ClusterWareAI permissions using the cw-adminctl token command or via the ClusterWareAI GUI. For example, you can set up a token with a custom lifespan to be used to upload scheduler data to ClusterWareAI. The following command creates a token for the current user that lasts 7 days:

cw-adminctl token --lifespan 7d

See sched-watcher Deployment for an example of setting up sched_watcher with an authentication token.

You can also create a token via the ClusterWareAI GUI. See Create Token for details.

ClusterWareAI users with the AdminWrite permission can impersonate a different user, which allows them to complete actions like creating a ticket that appears to originate from another user. Alternatively, it can be used to create a lower-permission token for system uses. See Role-Based Access Control System for details about default roles and permissions.

Run the following command to generate a token for the user you want to impersonate:

cw-adminctl -i <otheruser> token

Where <otheruser> is replaced by the user ID of the user you want to impersonate.

For example, if user admin1 in the FullAdmin role runs the following command, a token is generated for user user1:

cw-adminctl -i user1 token

See Using Tokens with the ClusterWareAI API and Tools for additional examples using impersonation tokens.

Note

If you are using Keycloak and want to impersonate another ClusterWareAI user, you first need to enable fine-grained permissions and the "impersonate" feature. See Impersonate Keycloak User for details.