User Roles & Permissions
How roles and permissions work within ZenML
The following global permissions are available within ZenML.
read: Read permission on all resources. write: Write permission on all resources. me: Permission for a user to edit their own user metadata (username, password, etc.)
To view the available permissions through the CLI simply run:
zenml permission list
Users are granted Permissions through Roles. You can list all roles with their associated permissions by running.
zenml role list
By default, ZenML comes with two roles.
admin: The admin role grants all permissions globally. (Permissions: read, write, me )
guest: The guest role lets users change their own user data and grants general global read access. (Permissions: read, me )
You can also create your own roles through the CLI:
zenml role create <ROLE_NAME> -p read -p write -p me
Roles can be assigned to users through the CLI:
zenml role assign <ROLE_NAME> --user <USER_NAME>
alternatively this can also be done during user creation
zenml user create <USER_NAME> --role <ROLE_NAME>
If you want to inspect which roles have been assigned to which users, simply run:
zenml role assignment list
- Permissions and roles only become relevant if you are running through a deployed ZenML Server. In local settings with a direct connection to a SQLite Database user access is not limited/granted by roles.