rbac.ResourceFile.Type: {

policy.ActionRead,

},

rbac.ResourceGroup.Type: {

policy.ActionRead,

policy.ActionCreate,

policy.ActionUpdate,

},

rbac.ResourceGroupMember.Type: {

policy.ActionRead,

},

}),

},

}),

Prebuilt workspaces can be used in conjunction with[resource quotas](../../users/quotas.md).

To help prevent unexpected infrastructure costs, prebuilt workspaces can be used in conjunction with[resource quotas](../../users/quotas.md).

Because unclaimed prebuilt workspaces are owned by the`prebuilds` user, you can:

1. Configure quotas for any group that includes this user.

1. Set appropriate limits to balance prebuilt workspace availability with resource constraints.

When prebuilt workspaces are configured for an organization, Coder creates a "prebuilds" group in that organization and adds the prebuilds user to it. This group has a default quota allowance of 0, which you should adjust based on your needs:

-**Set a quota allowance** on the "prebuilds" group to control how many prebuilt workspaces can be provisioned

-**Monitor usage** to ensure the quota is appropriate for your desired number of prebuilt instances

-**Adjust as needed** based on your template costs and desired prebuilt workspace pool size

If a quota is exceeded, the prebuilt workspace will fail provisioning the same way other workspaces do.

returnxerrors.Errorf("determine prebuild organization membership: %w",err)

}

systemUserMemberships:=make(map[uuid.UUID]struct{},0)

orgMemberShips:=make(map[uuid.UUID]struct{},0)

defaultOrg,err:=s.store.GetDefaultOrganization(ctx)

iferr!=nil {

returnxerrors.Errorf("get default organization: %w",err)

}

systemUserMemberships[defaultOrg.ID]=struct{}{}

orgMemberShips[defaultOrg.ID]=struct{}{}

for_,o:=rangeorganizationMemberships {

systemUserMemberships[o.ID]=struct{}{}

orgMemberShips[o.ID]=struct{}{}

}

for_,preset:=rangepresets {

_,alreadyMember:=systemUserMemberships[preset.OrganizationID]

ifalreadyMember {

_,alreadyOrgMember:=orgMemberShips[preset.OrganizationID]

if!alreadyOrgMember {

orgMemberShips[preset.OrganizationID]=struct{}{}

_,err=s.store.InsertOrganizationMember(ctx, database.InsertOrganizationMemberParams{

OrganizationID:preset.OrganizationID,

UserID:userID,

CreatedAt:s.clock.Now(),

UpdatedAt:s.clock.Now(),

Roles: []string{},

})

iferr!=nil {

membershipInsertionErrors=errors.Join(membershipInsertionErrors,xerrors.Errorf("insert membership for prebuilt workspaces: %w",err))

}

}

systemUserMemberships[preset.OrganizationID]=struct{}{}

_,err=s.store.InsertOrganizationMember(ctx, database.InsertOrganizationMemberParams{

prebuildsGroup,err:=s.store.InsertGroup(ctx, database.InsertGroupParams{

ID:uuid.New(),

Name:"prebuilds",

DisplayName:"Prebuilds",

OrganizationID:preset.OrganizationID,

UserID:userID,

CreatedAt:s.clock.Now(),

UpdatedAt:s.clock.Now(),

Roles: []string{},

AvatarURL:"",

QuotaAllowance:0,// Default quota of 0, users should set this based on their needs

})

iferr!=nil {

if!database.IsUniqueViolation(err) {

membershipInsertionErrors=errors.Join(membershipInsertionErrors,xerrors.Errorf("create prebuilds group: %w",err))

}

prebuildsGroup,err=s.store.GetGroupByOrgAndName(ctx, database.GetGroupByOrgAndNameParams{

OrganizationID:preset.OrganizationID,

Name:"prebuilds",

})

iferr!=nil {

membershipInsertionErrors=errors.Join(membershipInsertionErrors,xerrors.Errorf("get existing prebuilds group: %w",err))

}

}

err=s.store.InsertGroupMember(ctx, database.InsertGroupMemberParams{

GroupID:prebuildsGroup.ID,

UserID:userID,

})

iferr!=nil {

membershipInsertionErrors=errors.Join(membershipInsertionErrors,xerrors.Errorf("insert membership for prebuilt workspaces: %w",err))

if!database.IsUniqueViolation(err) {

membershipInsertionErrors=errors.Join(membershipInsertionErrors,xerrors.Errorf("add system user to prebuilds group: %w",err))

}

}

}