User Roles & Permissions
How roles and permissions work within ZenML
Permissions and roles are an alpha feature of ZenML and are in active development.
The following global permissions are available within ZenML.
read: Read permission on all resources. write: Write permission on all resources. me: Permission for a user to edit their own user metadata (username, password, etc.)
To view the available permissions through the CLI simply run:
zenml permission listUsers are granted Permissions through Roles. You can list all roles with their associated permissions by running.
zenml role listBy default, ZenML comes with two roles.
admin: The admin role grants all permissions globally. (Permissions: read, write, me )
guest: The guest role lets users change their own user data and grants general global read access. (Permissions: read, me )
You can also create your own roles through the CLI:
zenml role create <ROLE_NAME> -p read -p write -p meRoles can be assigned to users through the CLI:
zenml role assign <ROLE_NAME> --user <USER_NAME>alternatively this can also be done during user creation
zenml user create <USER_NAME> --role <ROLE_NAME>By default, user creation through the UI will grant the user
admin rights. This default behavior will change in the next iteration of the Dashboard as the role will be selectable during user creation and in the User settings menu.If you want to inspect which roles have been assigned to which users, simply run:
zenml role assignment list- Permissions and roles only become relevant if you are running through a deployed ZenML Server. In local settings with a direct connection to a SQLite Database user access is not limited/granted by roles.
Last modified 2d ago