Rancher add service accounts for downstream access?

Hello, I have an external CI/CD tool which I want to give access to a downstream cluster to deploy. I want to give acces to a specific namespace.

What is the correct way to add a service account in Rancher?

  1. Should I create a service account manually in the downstream cluster?
  2. Should I create a user in rancher?(Does not seem that I can set that granular permissions)

I can’t find any info about this in Rancher docs. Hence my question here.

I solved it by, creating a service account manually with yaml.