Managing Users and OAuth Clients in the RAI Console

A short guide to managing users and OAuth clients in the RAI Console.

RAI Console users with the Admin role can add and manage other users.

Admin users can also add and manage OAuth clients, such as third-party client applications, which allow clients to make calls to RelationalAI. You will need OAuth client authorization to connect to RAI Cloud using SDKs.

Managing Users

When you log into the RAI Console as a user with Admin permissions, you will see a Settings icon on the left side of the console.

To manage users, click the Settings icon.

A list of all previously added users appears.

list of users

To see information about users and change their status or role, click the user’s name in the list.

The following page appears:

user detail

Adding Users

To add a user:

  1. Click the Create button.
create user button
  1. In the page that opens, enter the user’s email and select a role–user or admin–for the user.
  2. Click Create to add the user.
create users detail

Users can now access the Console. After entering their email on the Console login page, they will be prompted to enter the password for their email account. On first use, they will be prompted to set up two-step verification using a one-time password application. For more details, see Logging into the RAI Console in the Quick Start guide.

Making a User Inactive

You can make users inactive, which prevents them from accessing the RAI Console.

To make a user inactive:

  1. Click the Settings icon.
  2. Click the user’s name.
  3. In the page that opens, change the user’s status from Active to Inactive.
  4. Click Save.

Granting a User Admin Permissions

You can give other users Admin permissions.

To do so:

  1. Click the Settings icon.
  2. Click the user’s name.
  3. In the page that opens, change the user’s role from User to Admin.
  4. Click Save.

Managing OAuth Clients

To to RAI Cloud via SDKs, you will need to create and configure an OAuth client.

We currently support the following SDKs:

To manage OAuth clients:

  1. Click the Settings icon.
  2. In the left-hand pane, click OAuth clients.

A list of all previously added OAuth clients appears.

To see information about OAuth clients, click the OAuth client’s name in the list.

list of oauth users

You can restrict permissions for OAuth clients. OAuth clients might only be able to list computes or list databases, but not delete them, for example.

Adding an OAuth Client

To add an OAuth client:

  1. Click the Settings icon.
  2. In the left-hand pane, click OAuth clients.
  3. Click the Create button.
  4. In the page that opens, enter a name for the OAuth client and select permissions for the OAuth client. See Best Practices for Client Names and Secrets below.
  5. Click Create to add the OAuth client.
create user button

Deleting an OAuth Client

To delete an OAuth client:

  1. Click the Settings icon.
  2. In the left-hand pane, click OAuth clients.
  3. Click the OAuth client that you wish to delete.
  4. In the page that opens, click Delete.

Changing Permissions for an OAuth Client

You can change an OAuth client’s permissions at any time.

To do so:

  1. Click the Settings icon.
  2. In the left-hand pane, click OAuth clients.
  3. Click the OAuth client for which you want to change settings.
  4. In the page that opens, change permissions as needed.
  5. Click Save.
list of oauth users

Permissions for OAuth Clients

PermissionBrief Explanation
create:oauth_clientCreate OAuth client.
update:oauth_clientUpdate OAuth client.
list:oauth_clientList OAuth clients.
delete:oauth_clientDelete OAuth clients.
read:oauth_clientRead OAuth client.
update:databaseAllows client to update databases.
list:databaseAllows client to view list of databases.
list:computeAllows client to view list of computes.
read:computeLets client read compute’s data.
delete:computeLets client delete computes.
create:computeLets client create computes.
list:permissionLists API permissions.
roleLets clients change roles.

Rotating OAuth Secrets

To rotate the secret for an OAuth client:

  1. Click the Settings icon.
  2. In the righ-hand pane, click OAuth clients.
  3. Click the OAuth client.
  4. In the page that opens, click Rotate.
  5. Use the Copy button to the right of the Secret field to copy the secret to your SDK’s client configuration.

Best Practices for Client Names and Secrets

The OAuth client name is a public identifier for your application. We recommend using a meaningful name that you can remember.

The Client secret is confidential and should only be used to authenticate your application and make requests through the SDK. You should not share the secret any place that is potentially insecure, such as email, public code repositories, or web server files that can be viewed externally.

Configuring OAuth Clients for SDKs

In order to use OAuth, you will need to create a configuration file on the machine on which you’re running your SDK.

To do so:

  1. Create a file called /.rai/config.
  2. Enter the following information in the file.
[default]
region = us-east
host = azure.relationalai.com
port = 443
client_id = qvG73z47SKxQV5sxMUMLSOCIGSDVe70u
client_secret = <your secret goes here>
ParameterBrief Explanation
regionEngine region–currently always us-east
hostHost for RAI cloud–currently always azure.relationalai.com
portPort for RAI cloud–currently always 443
client_idYour OAuth client id
client_secretYour OAuth secret