jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/docs/src/user-permissions.md
Jeremie Fraeys 5144d291cb
docs: comprehensive documentation updates 
- Add architecture, CI/CD, CLI reference documentation
- Update installation, operations, and quick-start guides
- Add Jupyter workflow and queue documentation
- New landing page and research runner plan
2026-02-12 12:05:27 -05:00

97 lines
2.5 KiB
Markdown
Raw Blame History

# User Permissions in Fetch ML
Fetch ML now supports user-based permissions to ensure data scientists can only view and manage their own experiments while administrators retain full control.
## Overview
- **User Isolation**: Each user can only see their own experiments
- **Admin Override**: Administrators can view and manage all experiments
- **Permission-Based**: Fine-grained permissions for create, read, update operations
- **API Key Authentication**: Secure authentication using API keys
## Permissions
### Job Permissions
- `jobs:create` - Create new experiments
- `jobs:read` - View experiment status and results
- `jobs:update` - Cancel or modify experiments
### User Types
- **Administrators**: Full access to all experiments and system operations
- **Data Scientists**: Access to their own experiments only
- **Viewers**: Read-only access to their own experiments
## CLI Usage
### View Your Jobs
```bash
ml status
```
Shows only your experiments with user context displayed.
### Cancel Your Jobs
```bash
ml cancel <job-name>
```
Only allows canceling your own experiments (unless you're an admin).
### Authentication
The CLI automatically authenticates using your API key from `~/.ml/config.toml`.
## Configuration
### API Key Setup
```toml
[worker]
api_key = "your-api-key-here"
```
### User Roles
User roles and permissions are configured on the server side by administrators.
## Security Features
- **API Key Hashing**: Keys are hashed before transmission
- **User Filtering**: Server-side filtering prevents unauthorized access
- **Permission Validation**: All operations require appropriate permissions
- **Audit Logging**: All user actions are logged
## Examples
### Data Scientist Workflow
```bash
# Submit your experiment
ml queue my-experiment
# Check your experiments (only shows yours)
ml status
# Cancel your own experiment
ml cancel my-experiment
# Requeue a previous run with different args
ml requeue <run_id|task_id|path> -- --epochs 20
```
### Administrator Workflow
```bash
# View all experiments (admin sees everything)
ml status
# Cancel any user's experiment
ml cancel user-experiment
```
## Error Messages
- **"Insufficient permissions"**: You don't have the required permission
- **"You can only cancel your own jobs"**: Ownership restriction
- **"Invalid API key"**: Authentication failed
## Migration Notes
- Existing configurations continue to work
- When auth is disabled, all users have admin-like access
- User ownership is automatically assigned to new experiments
For more details, see the architecture documentation.
Reference in a new issue View git blame Copy permalink