Authorization

Overview

To access Modzy APIs, you need to have a user. Each user gets a team key assigned when they become a team member. Team keys contain a number of roles each of which contains entitlements that provide authorization to perform different calls to the APIs.

Roles

As prebuilt groups of entitlements, roles are elements that get assigned to API keys to authorize access to different kinds of calls. Modzy has six prebuilt roles, to meet your requirements. There are two types of roles: system and user. The system role can only be assigned to project keys while user roles can only be assigned to team keys.

Prebuilt roles

Platform Administrator

Platform Administrators have full control over an installation. including all users and teams.

Identifier

Type

Highlights

SYSTEM_OWNER

user

  • Can view and update accounts, users, keys, and roles.
  • Can manage features.
  • Can create users, keys and roles.
  • Can view and cancel jobs.
  • Can view and download job results, audit logs and statistics.
  • Can see deployed models.

Team Administrator

Team Administrators have full control over their teams

Identifier

Type

Highlights

ACCOUNT_ADMIN

user

  • Can manage their team’s settings, projects, users, and API keys.
  • Can view the team’s Dashboard and audit details.
  • Can update model autoscaling settings, drift settings, and approve, reject, update, and deactivate models.
  • Can approve and disable models and model versions.
  • Can cancel and close jobs, access their team’s job results, explainability details, and input details.

Data Scientist

Identifier

Type

Highlights

DATA_SCIENTIST

user

  • Can deploy, manage, and update models
  • Can create projects.
  • Can run models and get results.
  • Can access explainability, drift, and utilization features.
  • Can edit drift settings.
  • Can fully use the API.

Developer

Developers have full access to the API and most ModelOps features. They can integrate Modzy into other applications.

Identifier

Type

Highlights

DEVELOPER

user

  • Can create Projects.
  • Can run models and get results.
  • Can fully use the API.

Auditor

Auditors can view all activity across an installation of Modzy. They are for security, oversight, and compliance users.

Identifier

Type

Highlights

AUDITOR

user

  • Can view all activity, platform-wide.
  • Can use the API for most monitoring activities.

Project key

This role can be only assigned to project keys. Unlike team keys which are used for prototyping, project keys are linked to projects and used for ongoing API calls to specific models and can be used for the entire job lifecycle.

Identifier

Type

Highlights

SYSTEM_KEY

system

  • Can complete full job lifecycles.

The team role

Every API key has the TEAM_ROLE role assigned upon creation. This role provides access to the user profile, to manage own API keys, to switch between different teams, and others.

Entitlements

Entitlements are the roles components. They are the privileges that authorize the usage of private routes.

SCOPE

There are three different types of scopes: ALL, TEAM, and OWN. Entitlements with the ALL scope provide access to all the data a route can access. Entitlements with the TEAM scope provide access to a route’s team data. Entitlements with the OWN scope provide access to a route’s data related to the requestor’s API Keys.

Platform Administrators have most entitlements set with the ALL scope. Team Administrators have most entitlements set with the TEAM scope. Data Scientists and Developers have most entitlements set with the OWN scope. Auditors mostly have the ALL scope but are limited to view-only entitlements. Users with multiple API keys with different roles always access the wider scope.