Platform Machine User
Platform machine users are service accounts that enable automated operations at the organization or folder level in the Tailor Platform. Unlike regular platform users who authenticate interactively, machine users authenticate programmatically using client credentials, making them ideal for CI/CD pipelines, automated scripts, and service-to-service integrations.
Platform machine users are different from workspace machine users, which are used for application-level authentication within a workspace. Platform machine users operate at the organization or folder level and are used for platform administration tasks.
Creating Platform Machine Users
Platform machine users can be created using Terraform at either the organization level or the folder level.
Organization-Level Machine User
To create a machine user with organization-level scope:
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_platform_machine_user" "org_bot" {</span></span>
<span><span style="color: var(--shiki-color-text)"> name </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"org-bot"</span></span>
<span><span style="color: var(--shiki-color-text)"> description </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"Machine user with organization-level access"</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.example_org.id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>Folder-Level Machine User
To create a machine user scoped to a specific folder:
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_platform_machine_user" "folder_bot" {</span></span>
<span><span style="color: var(--shiki-color-text)"> name </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"folder-bot"</span></span>
<span><span style="color: var(--shiki-color-text)"> description </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"Machine user with folder-level access"</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.example_org.id</span></span>
<span><span style="color: var(--shiki-color-text)"> folder_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_organization_folder.example_folder.id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>Granting Access to Machine Users
After creating a platform machine user, you need to grant it access to organizations or folders using the appropriate access resources.
Organization Access
Use tailor_organization_access to grant a machine user access to an organization:
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_organization_access" "machine_user_access" {</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.example_org.id</span></span>
<span><span style="color: var(--shiki-color-text)"> role </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"editor"</span></span>
<span><span style="color: var(--shiki-color-text)"> machine_user_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_platform_machine_user.org_bot.id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>The available roles are admin, editor, and viewer. See Accounts and Roles for details on role permissions.
Folder Access
Use tailor_organization_folder_access to grant a machine user access to a specific folder:
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_organization_folder_access" "machine_user_folder_access" {</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.example_org.id</span></span>
<span><span style="color: var(--shiki-color-text)"> folder_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_organization_folder.example_folder.id</span></span>
<span><span style="color: var(--shiki-color-text)"> role </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"admin"</span></span>
<span><span style="color: var(--shiki-color-text)"> machine_user_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_platform_machine_user.folder_bot.id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>The available roles are admin, editor, and viewer. See Accounts and Roles for details on folder role permissions.
Complete Example
Here is a complete example that creates a folder, a machine user, and grants the machine user access to the folder:
<span><span style="color: var(--shiki-token-comment)"># Fetch the organization</span></span>
<span><span style="color: var(--shiki-token-function)">data</span><span style="color: var(--shiki-color-text)"> "tailor_organization" "my_org" {</span></span>
<span><span style="color: var(--shiki-color-text)"> id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"your-organization-id"</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>
<span><span style="color: var(--shiki-token-comment)"># Create a folder</span></span>
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_organization_folder" "dev_folder" {</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.my_org.id</span></span>
<span><span style="color: var(--shiki-color-text)"> name </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"development"</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>
<span><span style="color: var(--shiki-token-comment)"># Create a machine user for CI/CD</span></span>
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_platform_machine_user" "ci_bot" {</span></span>
<span><span style="color: var(--shiki-color-text)"> name </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"ci-bot"</span></span>
<span><span style="color: var(--shiki-color-text)"> description </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"Machine user for CI/CD pipelines"</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.my_org.id</span></span>
<span><span style="color: var(--shiki-color-text)"> folder_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_organization_folder.dev_folder.id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>
<span><span style="color: var(--shiki-token-comment)"># Grant the machine user editor access to the folder</span></span>
<span><span style="color: var(--shiki-token-function)">resource</span><span style="color: var(--shiki-color-text)"> "tailor_organization_folder_access" "ci_bot_access" {</span></span>
<span><span style="color: var(--shiki-color-text)"> organization_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> data.tailor_organization.my_org.id</span></span>
<span><span style="color: var(--shiki-color-text)"> folder_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_organization_folder.dev_folder.id</span></span>
<span><span style="color: var(--shiki-color-text)"> role </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-string-expression)">"editor"</span></span>
<span><span style="color: var(--shiki-color-text)"> machine_user_id </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_platform_machine_user.ci_bot.id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>
<span><span style="color: var(--shiki-token-comment)"># Output the credentials (handle securely)</span></span>
<span><span style="color: var(--shiki-token-function)">output</span><span style="color: var(--shiki-color-text)"> "ci_bot_client_id" {</span></span>
<span><span style="color: var(--shiki-color-text)"> value </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_platform_machine_user.ci_bot.client_id</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>
<span><span style="color: var(--shiki-token-function)">output</span><span style="color: var(--shiki-color-text)"> "ci_bot_client_secret" {</span></span>
<span><span style="color: var(--shiki-color-text)"> value </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> tailor_platform_machine_user.ci_bot.client_secret</span></span>
<span><span style="color: var(--shiki-color-text)"> sensitive </span><span style="color: var(--shiki-token-keyword)">=</span><span style="color: var(--shiki-color-text)"> </span><span style="color: var(--shiki-token-constant)">true</span></span>
<span><span style="color: var(--shiki-color-text)">}</span></span>
<span></span>