MLflow Authentication Python API

mlflow.server.auth.client

class mlflow.server.auth.client.AuthServiceClient

Bases: object

Client of an MLflow Tracking Server that enabled the default basic authentication plugin. It is recommended to use mlflow.server.get_app_client() to instantiate this class. See https://mlflow.org/docs/latest/auth.html for more information.

create_experiment_permission(experiment_id: str, username: str, permission: str)

Create a permission on an experiment for a user.

Parameters

• experiment_id – The id of the experiment.

• username – The username.

• permission – Permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or a permission already exists for this experiment user pair, or if the permission is invalid. Does not require experiment_id to be an existing experiment.

Returns

A single mlflow.server.auth.entities.ExperimentPermission object.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
ep = client.create_experiment_permission("myexperiment", "newuser", "READ")

print(f"experiment_id: {ep.experiment_id}")
print(f"user_id: {ep.user_id}")
print(f"permission: {ep.permission}")

Output

experiment_id: myexperiment
user_id: 3
permission: READ

create_gateway_endpoint_permission(endpoint_id: str, username: str, permission: str)

Create a permission on a gateway endpoint for a user.

Parameters

• endpoint_id – The id of the gateway endpoint.

• username – The username.

• permission – Permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Returns

A single mlflow.server.auth.entities.GatewayEndpointPermission object.

create_gateway_model_definition_permission(model_definition_id: str, username: str, permission: str)

Create a permission on a gateway model definition for a user.

Parameters

• model_definition_id – The id of the gateway model definition.

• username – The username.

• permission – Permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Returns

A single mlflow.server.auth.entities.GatewayModelDefinitionPermission object.

create_gateway_secret_permission(secret_id: str, username: str, permission: str)

Create a permission on a gateway secret for a user.

Parameters

• secret_id – The id of the gateway secret.

• username – The username.

• permission – Permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Returns

A single mlflow.server.auth.entities.GatewaySecretPermission object.

create_registered_model_permission(name: str, username: str, permission: str)

Create a permission on an registered model for a user.

Parameters

• name – The name of the registered model.

• username – The username.

• permission – Permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or a permission already exists for this registered model user pair, or if the permission is invalid. Does not require name to be an existing registered model.

Returns

A single mlflow.server.auth.entities.RegisteredModelPermission object.

create_scorer_permission(experiment_id: str, scorer_name: str, username: str, permission: str)

Create a permission on a scorer for a user.

Parameters

• experiment_id – The id of the experiment containing the scorer.

• scorer_name – The name of the scorer.

• username – The username.

• permission – Permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or the scorer permission already exists.

Returns

A single mlflow.server.auth.entities.ScorerPermission object.

create_user(username: str, password: str)

Create a new user.

Parameters

• username – The username.

• password – The user’s password. Must not be empty string.

Raises

mlflow.exceptions.RestException – if the username is already taken.

Returns

A single mlflow.server.auth.entities.User object.

Example

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
user = client.create_user("newuser", "newpassword")
print(f"user_id: {user.id}")
print(f"username: {user.username}")
print(f"password_hash: {user.password_hash}")
print(f"is_admin: {user.is_admin}")

Output

user_id: 3
username: newuser
password_hash: REDACTED
is_admin: False

delete_experiment_permission(experiment_id: str, username: str)

Delete an existing experiment permission for a user.

Parameters

• experiment_id – The id of the experiment.

• username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this experiment user pair, or if the permission is invalid. Note that the default permission will still be effective even after the permission has been deleted.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_experiment_permission("myexperiment", "newuser", "READ")
client.delete_experiment_permission("myexperiment", "newuser")

delete_gateway_endpoint_permission(endpoint_id: str, username: str)

Delete an existing gateway endpoint permission for a user.

Parameters

• endpoint_id – The id of the gateway endpoint.

• username – The username.

delete_gateway_model_definition_permission(model_definition_id: str, username: str)

Delete an existing gateway model definition permission for a user.

Parameters

• model_definition_id – The id of the gateway model definition.

• username – The username.

delete_gateway_secret_permission(secret_id: str, username: str)

Delete an existing gateway secret permission for a user.

Parameters

• secret_id – The id of the gateway secret.

• username – The username.

delete_registered_model_permission(name: str, username: str)

Delete an existing registered model permission for a user.

Parameters

• name – The name of the registered model.

• username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this registered model user pair, or if the permission is invalid. Note that the default permission will still be effective even after the permission has been deleted.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_registered_model_permission("myregisteredmodel", "newuser", "READ")
client.delete_registered_model_permission("myregisteredmodel", "newuser")

delete_scorer_permission(experiment_id: str, scorer_name: str, username: str)

Delete an existing scorer permission for a user.

Parameters

• experiment_id – The id of the experiment containing the scorer.

• scorer_name – The name of the scorer.

• username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this scorer user pair.

delete_user(username: str)

Delete a specific user.

Parameters

username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")

client.delete_user("newuser")

get_experiment_permission(experiment_id: str, username: str)

Get an experiment permission for a user.

Parameters

• experiment_id – The id of the experiment.

• username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this experiment user pair. Note that the default permission will still be effective even if no permission exists.

Returns

A single mlflow.server.auth.entities.ExperimentPermission object.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_experiment_permission("myexperiment", "newuser", "READ")
ep = client.get_experiment_permission("myexperiment", "newuser")
print(f"experiment_id: {ep.experiment_id}")
print(f"user_id: {ep.user_id}")
print(f"permission: {ep.permission}")

Output

experiment_id: myexperiment
user_id: 3
permission: READ

get_gateway_endpoint_permission(endpoint_id: str, username: str)

Get a gateway endpoint permission for a user.

Parameters

• endpoint_id – The id of the gateway endpoint.

• username – The username.

Returns

A single mlflow.server.auth.entities.GatewayEndpointPermission object.

get_gateway_model_definition_permission(model_definition_id: str, username: str)

Get a gateway model definition permission for a user.

Parameters

• model_definition_id – The id of the gateway model definition.

• username – The username.

Returns

A single mlflow.server.auth.entities.GatewayModelDefinitionPermission object.

get_gateway_secret_permission(secret_id: str, username: str)

Get a gateway secret permission for a user.

Parameters

• secret_id – The id of the gateway secret.

• username – The username.

Returns

A single mlflow.server.auth.entities.GatewaySecretPermission object.

get_registered_model_permission(name: str, username: str)

Get an registered model permission for a user.

Parameters

• name – The name of the registered model.

• username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this registered model user pair. Note that the default permission will still be effective even if no permission exists.

Returns

A single mlflow.server.auth.entities.RegisteredModelPermission object.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_registered_model_permission("myregisteredmodel", "newuser", "READ")
rmp = client.get_registered_model_permission("myregisteredmodel", "newuser")

print(f"name: {rmp.name}")
print(f"user_id: {rmp.user_id}")
print(f"permission: {rmp.permission}")

Output

name: myregisteredmodel
user_id: 3
permission: READ

get_scorer_permission(experiment_id: str, scorer_name: str, username: str)

Get a scorer permission for a user.

Parameters

• experiment_id – The id of the experiment containing the scorer.

• scorer_name – The name of the scorer.

• username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this scorer user pair.

Returns

A single mlflow.server.auth.entities.ScorerPermission object.

get_user(username: str)

Get a user with a specific username.

Parameters

username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist

Returns

A single mlflow.server.auth.entities.User object.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
user = client.get_user("newuser")

print(f"user_id: {user.id}")
print(f"username: {user.username}")
print(f"password_hash: {user.password_hash}")
print(f"is_admin: {user.is_admin}")

Output

user_id: 3
username: newuser
password_hash: REDACTED
is_admin: False

update_experiment_permission(experiment_id: str, username: str, permission: str)

Update an existing experiment permission for a user.

Parameters

• experiment_id – The id of the experiment.

• username – The username.

• permission – New permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this experiment user pair, or if the permission is invalid

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_experiment_permission("myexperiment", "newuser", "READ")
client.update_experiment_permission("myexperiment", "newuser", "EDIT")

update_gateway_endpoint_permission(endpoint_id: str, username: str, permission: str)

Update an existing gateway endpoint permission for a user.

Parameters

• endpoint_id – The id of the gateway endpoint.

• username – The username.

• permission – New permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

update_gateway_model_definition_permission(model_definition_id: str, username: str, permission: str)

Update an existing gateway model definition permission for a user.

Parameters

• model_definition_id – The id of the gateway model definition.

• username – The username.

• permission – New permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

update_gateway_secret_permission(secret_id: str, username: str, permission: str)

Update an existing gateway secret permission for a user.

Parameters

• secret_id – The id of the gateway secret.

• username – The username.

• permission – New permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

update_registered_model_permission(name: str, username: str, permission: str)

Update an existing registered model permission for a user.

Parameters

• name – The name of the registered model.

• username – The username.

• permission – New permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this registered model user pair, or if the permission is invalid.

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_registered_model_permission("myregisteredmodel", "newuser", "READ")
client.update_registered_model_permission("myregisteredmodel", "newuser", "EDIT")

update_scorer_permission(experiment_id: str, scorer_name: str, username: str, permission: str)

Update an existing scorer permission for a user.

Parameters

• experiment_id – The id of the experiment containing the scorer.

• scorer_name – The name of the scorer.

• username – The username.

• permission – New permission to grant. Must be one of “READ”, “USE”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this scorer user pair, or if the permission is invalid.

update_user_admin(username: str, is_admin: bool)

Update the admin status of a specific user.

Parameters

• username – The username.

• is_admin – The new admin status.

Raises

mlflow.exceptions.RestException – if the user does not exist

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")

client.update_user_admin("newuser", True)

update_user_password(username: str, password: str)

Update the password of a specific user.

Parameters

• username – The username.

• password – The new password.

Raises

mlflow.exceptions.RestException – if the user does not exist

Example

export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")

client.update_user_password("newuser", "anotherpassword")

mlflow.server.auth.entities

class mlflow.server.auth.entities.ExperimentPermission(experiment_id, user_id, permission)

Bases: object

property experiment_id

classmethod from_json(dictionary)

property permission

to_json()

property user_id

class mlflow.server.auth.entities.GatewayEndpointPermission(endpoint_id, user_id, permission)

Bases: object

property endpoint_id

classmethod from_json(dictionary)

property permission

to_json()

property user_id

class mlflow.server.auth.entities.GatewayModelDefinitionPermission(model_definition_id, user_id, permission)

Bases: object

classmethod from_json(dictionary)

property model_definition_id

property permission

to_json()

property user_id

class mlflow.server.auth.entities.GatewaySecretPermission(secret_id, user_id, permission)

Bases: object

classmethod from_json(dictionary)

property permission

property secret_id

to_json()

property user_id

class mlflow.server.auth.entities.RegisteredModelPermission(name, user_id, permission)

Bases: object

classmethod from_json(dictionary)

property name

property permission

to_json()

property user_id

class mlflow.server.auth.entities.ScorerPermission(experiment_id, scorer_name, user_id, permission)

Bases: object

property experiment_id

classmethod from_json(dictionary)

property permission

property scorer_name

to_json()

property user_id

class mlflow.server.auth.entities.User(id_, username, password_hash, is_admin, experiment_permissions=None, registered_model_permissions=None, scorer_permissions=None)

Bases: object

property experiment_permissions

classmethod from_json(dictionary)

property id

property is_admin

property password_hash

property registered_model_permissions

property scorer_permissions

to_json()

property username