Hello Team, I am evaluating MedPlum bots on my local machine. We are able to run the bots but facing issues for the below mentioned scenario. We are trying to use bot to create couple of resources after user registration and as well as to set an access policy to the user which needs to be applied to the projectmembership resource, is that correct? But I found out in the code that User and Login resources are under list of protected resources which are not accessible by system account. Code snippet: /** * Protected resource types are in the "medplum" project. * Reading and writing is limited to the system account. */ export const protectedResourceTypes = ['DomainConfiguration', 'JsonWebKey', 'Login', 'User']; We have achieved the same scenario by updating the backend code but we want to implement it through the bots without changing any medplum backend code. Please let me know how do we resolve or is it correct approacth to remove those resources from the protected list?

Practitioner users cross the Project boundary and so cannot be manipulated by bots. However, this example may be useful for this task: https://www.medplum.com/docs/auth/custom-emails#password-change-request-bot

Thanks, @reshma. Is there a method for granting the bots admin-like privileges, allowing access to all resources?

Hi @vijay.hambar , by default Bots can access all resources, except for the ones you listed above, as those are server-level protected resources. We guard those on purpose, as modifying them via Bots can generally can generally cause issues. For the use cases you list, I believe should shouldn't need to access those resources. > We are trying to use bot to create couple of resources after user registration This can be achieve by writing a bot that Subscribes to the "PasswordChangeRequest" resource, as described in the guide that @reshma linked. The PCR.type = 'invite' indicates a new user registration. Admittedly, the name is less than intuitive here > Set an access policy to the user which needs to be applied to the projectmembership resource > The proper way to invite users is to use the

/invite

endpoint: https://www.medplum.com/docs/auth/user-management-guide#invite-via-api This endpoint allows you to set an access policy on the member at the time of invite

Thank you @rahul1 for the information. I'll review the alternatives you provided. However, please note that we have open user registration, allowing for self-signup. This might impact the compatibility of the suggested solution with our current setup.