Overview
To access Modzy APIs, you need to have a user. Each user gets a team key assigned when they become a team member. Team keys contain a number of roles each of which contains entitlements that provide authorization to perform different calls to the APIs.
Roles
As prebuilt groups of entitlements, roles are elements that get assigned to API keys to authorize access to different kinds of calls. Modzy has six prebuilt roles, to meet your requirements. There are two types of roles: system and user. The system role can only be assigned to project keys while user roles can only be assigned to team keys.
Prebuilt roles
Platform Administrator
Platform Administrators have full control over an installation. including all users and teams.
| Identifier | Type | Highlights |
|---|---|---|
SYSTEM_OWNER | user | - Can view and update accounts, users, keys, and roles. - Can manage features. - Can create users, keys and roles. - Can view and cancel jobs. - Can view and download job results, audit logs and statistics. - Can see deployed models. |
Team Administrator
Team Administrators have full control over their teams
| Identifier | Type | Highlights |
|---|---|---|
ACCOUNT_ADMIN | user | - Can manage their team’s settings, projects, users, and API keys. - Can view the team’s Dashboard and audit details. - Can update model autoscaling settings, drift settings, and approve, reject, update, and deactivate models. - Can approve and disable models and model versions. - Can cancel and close jobs, access their team’s job results, explainability details, and input details. |
Data Scientist
| Identifier | Type | Highlights |
|---|---|---|
DATA_SCIENTIST | user | - Can deploy, manage, and update models - Can create projects. - Can run models and get results. - Can access explainability, drift, and utilization features. - Can edit drift settings. - Can fully use the API. |
Developer
Developers have full access to the API and most ModelOps features. They can integrate Modzy into other applications.
| Identifier | Type | Highlights |
|---|---|---|
DEVELOPER | user | - Can create Projects. - Can run models and get results. - Can fully use the API. |
Auditor
Auditors can view all activity across an installation of Modzy. They are for security, oversight, and compliance users.
| Identifier | Type | Highlights |
|---|---|---|
AUDITOR | user | - Can view all activity, platform-wide. - Can use the API for most monitoring activities. |
Project key
This role can be only assigned to project keys. Unlike team keys which are used for prototyping, project keys are linked to projects and used for ongoing API calls to specific models and can be used for the entire job lifecycle.
| Identifier | Type | Highlights |
|---|---|---|
SYSTEM_KEY | system | - Can complete full job lifecycles. |
The team role
Every API key has the TEAM_ROLE role assigned upon creation. This role provides access to the user profile, to manage own API keys, to switch between different teams, and others.
Entitlements
Entitlements are the roles components. They are the privileges that authorize the usage of private routes.
SCOPE
There are three different types of scopes: ALL, TEAM, and OWN. Entitlements with the ALL scope provide access to all the data a route can access. Entitlements with the TEAM scope provide access to a route’s team data. Entitlements with the OWN scope provide access to a route’s data related to the requestor’s API Keys.
Platform Administrators have most entitlements set with the ALL scope. Team Administrators have most entitlements set with the TEAM scope. Data Scientists and Developers have most entitlements set with the OWN scope. Auditors mostly have the ALL scope but are limited to view-only entitlements. Users with multiple API keys with different roles always access the wider scope.