Back to Details

manage-users

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Manage Users

管理用户

Manage users, user groups, and service accounts via MCP.
通过MCP管理用户、用户组和服务账号。

Instructions

操作说明

Step 1: List Users

步骤1:列出用户

Call MCP tool: harness_list
Parameters:
  resource_type: "user"
  search_term: "<name or email>"
Users are account-scoped. Use 
search_term
to filter by name or email.
Call MCP tool: harness_list
Parameters:
  resource_type: "user"
  search_term: "<name or email>"
用户属于账号级范围。使用
search_term
按姓名或邮箱过滤。

Step 2: Get User Details

步骤2:获取用户详情

Call MCP tool: harness_get
Parameters:
  resource_type: "user"
  resource_id: "<user_id>"
Call MCP tool: harness_get
Parameters:
  resource_type: "user"
  resource_id: "<user_id>"

Step 3: Manage User Groups

步骤3:管理用户组

List groups:
Call MCP tool: harness_list
Parameters:
  resource_type: "user_group"
  org_id: "<organization>"
  project_id: "<project>"
  search_term: "<group name>"
Get group details:
Call MCP tool: harness_get
Parameters:
  resource_type: "user_group"
  resource_id: "<group_identifier>"
  org_id: "<organization>"
  project_id: "<project>"
Create a group:
Call MCP tool: harness_create
Parameters:
  resource_type: "user_group"
  org_id: "<organization>"
  project_id: "<project>"
  body:
    identifier: "backend_team"
    name: "Backend Team"
    description: "Backend engineering team"
    users:
      - "<user_id_1>"
      - "<user_id_2>"
Delete a group:
Call MCP tool: harness_delete
Parameters:
  resource_type: "user_group"
  resource_id: "<group_identifier>"
  org_id: "<organization>"
  project_id: "<project>"
列出用户组:
Call MCP tool: harness_list
Parameters:
  resource_type: "user_group"
  org_id: "<organization>"
  project_id: "<project>"
  search_term: "<group name>"
获取用户组详情:
Call MCP tool: harness_get
Parameters:
  resource_type: "user_group"
  resource_id: "<group_identifier>"
  org_id: "<organization>"
  project_id: "<project>"
创建用户组:
Call MCP tool: harness_create
Parameters:
  resource_type: "user_group"
  org_id: "<organization>"
  project_id: "<project>"
  body:
    identifier: "backend_team"
    name: "Backend Team"
    description: "Backend engineering team"
    users:
      - "<user_id_1>"
      - "<user_id_2>"
删除用户组:
Call MCP tool: harness_delete
Parameters:
  resource_type: "user_group"
  resource_id: "<group_identifier>"
  org_id: "<organization>"
  project_id: "<project>"

Step 4: Manage Service Accounts

步骤4:管理服务账号

List service accounts:
Call MCP tool: harness_list
Parameters:
  resource_type: "service_account"
  org_id: "<organization>"
  project_id: "<project>"
Create a service account:
Call MCP tool: harness_create
Parameters:
  resource_type: "service_account"
  org_id: "<organization>"
  project_id: "<project>"
  body:
    identifier: "ci_bot"
    name: "CI Bot"
    description: "Service account for CI pipeline automation"
    email: "ci-bot@harness.io"
Delete a service account:
Call MCP tool: harness_delete
Parameters:
  resource_type: "service_account"
  resource_id: "<service_account_identifier>"
  org_id: "<organization>"
  project_id: "<project>"
列出服务账号:
Call MCP tool: harness_list
Parameters:
  resource_type: "service_account"
  org_id: "<organization>"
  project_id: "<project>"
创建服务账号:
Call MCP tool: harness_create
Parameters:
  resource_type: "service_account"
  org_id: "<organization>"
  project_id: "<project>"
  body:
    identifier: "ci_bot"
    name: "CI Bot"
    description: "Service account for CI pipeline automation"
    email: "ci-bot@harness.io"
删除服务账号:
Call MCP tool: harness_delete
Parameters:
  resource_type: "service_account"
  resource_id: "<service_account_identifier>"
  org_id: "<organization>"
  project_id: "<project>"

Step 5: List Available Permissions

步骤5:列出可用权限

Call MCP tool: harness_list
Parameters:
  resource_type: "permission"
This returns all platform permissions. Use this to understand what permissions can be assigned via roles.
Call MCP tool: harness_list
Parameters:
  resource_type: "permission"
此操作会返回所有平台权限。可用于了解哪些权限可通过角色进行分配。

Resource Types

资源类型

Resource TypeScopeOperationsDescription
user
Accountlist, getPlatform users (read-only)
user_group
Projectlist, get, create, deleteUser groups for RBAC
service_account
Projectlist, get, create, deleteAPI automation accounts
permission
AccountlistAvailable permissions (read-only)
资源类型范围操作描述
user
账号list, get平台用户(只读)
user_group
项目list, get, create, delete用于RBAC的用户组
service_account
项目list, get, create, deleteAPI自动化账号
permission
账号list可用权限(只读)

Relationship to /manage-roles

与/manage-roles的关系

This skill manages principals (users, groups, service accounts). Use 
/manage-roles
to assign roles and resource groups to these principals:
  1. /manage-users
    -- Create the user group or service account
  2. /manage-roles
    -- Assign a role + resource group to that principal
本技能用于管理主体(用户、用户组、服务账号)。如需为这些主体分配角色资源组,请使用
/manage-roles
  1. /manage-users
    -- 创建用户组或服务账号
  2. /manage-roles
    -- 为该主体分配角色+资源组

Examples

示例

  • "List all users in the account" -- List users with no filter
  • "Find user john.doe" -- List users with search_term "john.doe"
  • "Create a user group for the platform team" -- Create user_group with member user IDs
  • "Create a service account for CI automation" -- Create service_account
  • "What permissions are available?" -- List permissions
  • "Delete the old test-bot service account" -- Delete service_account
  • "列出账号中的所有用户" -- 无过滤条件列出用户
  • "查找用户john.doe" -- 使用search_term "john.doe"列出用户
  • "为平台团队创建用户组" -- 创建包含成员用户ID的user_group
  • "为CI自动化创建服务账号" -- 创建service_account
  • "有哪些可用权限?" -- 列出权限
  • "删除旧的test-bot服务账号" -- 删除service_account

Performance Notes

性能注意事项

  • Verify user email addresses and group identifiers before making changes.
  • List existing groups and service accounts before creating to avoid duplicates.
  • For service accounts, confirm the token expiry and scope match the intended usage.
  • 在进行更改前,请验证用户邮箱地址和用户组标识符。
  • 创建前先列出现有用户组和服务账号,避免重复。
  • 对于服务账号,请确认令牌过期时间和范围与预期用途匹配。

Troubleshooting

故障排除

User Not Found

用户未找到

  • Users are account-scoped -- no org/project needed
  • Try searching by email address instead of display name
  • User must be invited to the account before they appear
  • 用户属于账号级范围——无需指定组织/项目
  • 尝试通过邮箱地址而非显示名称进行搜索
  • 用户必须先被邀请加入账号才会显示

Cannot Create User

无法创建用户

  • Users cannot be created via API -- they must be invited through the Harness UI or SCIM provisioning
  • Use user groups and service accounts for programmatic access
  • 无法通过API创建用户——必须通过Harness UI或SCIM配置进行邀请
  • 如需程序化访问,请使用用户组和服务账号

Service Account Has No Access

服务账号无访问权限

  • Creating a service account alone does not grant permissions
  • Use 
    /manage-roles
    to assign a role to the service account
  • Generate an API key for the service account via the Harness UI
  • 仅创建服务账号不会授予权限
  • 使用
    /manage-roles
    为服务账号分配角色
  • 通过Harness UI为服务账号生成API密钥