MLflow Authentication Python API

mlflow.server.auth.client

class mlflow.server.auth.client.AuthServiceClient[source]

Bases: object

Client of an MLflow Tracking Server that enabled the default basic authentication plugin. It is recommended to use mlflow.server.get_app_client() to instantiate this class. See https://mlflow.org/docs/latest/auth.html for more information.

create_experiment_permission(experiment_id: str, username: str, permission: str)[source]

Create a permission on an experiment for a user.

Parameters

  • experiment_id – The id of the experiment.

  • username – The username.

  • permission – Permission to grant. Must be one of “READ”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or a permission already exists for this experiment user pair, or if the permission is invalid. Does not require experiment_id to be an existing experiment.

Returns

A single mlflow.server.auth.entities.ExperimentPermission object.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
ep = client.create_experiment_permission("myexperiment", "newuser", "READ")

print(f"experiment_id: {ep.experiment_id}")
print(f"user_id: {ep.user_id}")
print(f"permission: {ep.permission}")
Output 
experiment_id: myexperiment
user_id: 3
permission: READ
create_registered_model_permission(name: str, username: str, permission: str)[source]

Create a permission on an registered model for a user.

Parameters

  • name – The name of the registered model.

  • username – The username.

  • permission – Permission to grant. Must be one of “READ”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or a permission already exists for this registered model user pair, or if the permission is invalid. Does not require name to be an existing registered model.

Returns

A single mlflow.server.auth.entities.RegisteredModelPermission object.

create_user(username: str, password: str)[source]

Create a new user.

Parameters

  • username – The username.

  • password – The user’s password. Must not be empty string.

Raises

mlflow.exceptions.RestException – if the username is already taken.

Returns

A single mlflow.server.auth.entities.User object.

Example 
from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
user = client.create_user("newuser", "newpassword")
print(f"user_id: {user.id}")
print(f"username: {user.username}")
print(f"password_hash: {user.password_hash}")
print(f"is_admin: {user.is_admin}")
Output 
user_id: 3
username: newuser
password_hash: REDACTED
is_admin: False
delete_experiment_permission(experiment_id: str, username: str)[source]

Delete an existing experiment permission for a user.

Parameters

  • experiment_id – The id of the experiment.

  • username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this experiment user pair, or if the permission is invalid. Note that the default permission will still be effective even after the permission has been deleted.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_experiment_permission("myexperiment", "newuser", "READ")
client.delete_experiment_permission("myexperiment", "newuser")
delete_registered_model_permission(name: str, username: str)[source]

Delete an existing registered model permission for a user.

Parameters

  • name – The name of the registered model.

  • username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this registered model user pair, or if the permission is invalid. Note that the default permission will still be effective even after the permission has been deleted.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_registered_model_permission("myregisteredmodel", "newuser", "READ")
client.delete_registered_model_permission("myregisteredmodel", "newuser")
delete_user(username: str)[source]

Delete a specific user.

Parameters

username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")

client.delete_user("newuser")
get_experiment_permission(experiment_id: str, username: str)[source]

Get an experiment permission for a user.

Parameters

  • experiment_id – The id of the experiment.

  • username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this experiment user pair. Note that the default permission will still be effective even if no permission exists.

Returns

A single mlflow.server.auth.entities.ExperimentPermission object.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_experiment_permission("myexperiment", "newuser", "READ")
ep = client.get_experiment_permission("myexperiment", "newuser")
print(f"experiment_id: {ep.experiment_id}")
print(f"user_id: {ep.user_id}")
print(f"permission: {ep.permission}")
Output 
experiment_id: myexperiment
user_id: 3
permission: READ
get_registered_model_permission(name: str, username: str)[source]

Get an registered model permission for a user.

Parameters

  • name – The name of the registered model.

  • username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this registered model user pair. Note that the default permission will still be effective even if no permission exists.

Returns

A single mlflow.server.auth.entities.RegisteredModelPermission object.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_registered_model_permission("myregisteredmodel", "newuser", "READ")
rmp = client.get_registered_model_permission("myregisteredmodel", "newuser")

print(f"name: {rmp.name}")
print(f"user_id: {rmp.user_id}")
print(f"permission: {rmp.permission}")
Output 
name: myregisteredmodel
user_id: 3
permission: READ
get_user(username: str)[source]

Get a user with a specific username.

Parameters

username – The username.

Raises

mlflow.exceptions.RestException – if the user does not exist

Returns

A single mlflow.server.auth.entities.User object.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
user = client.get_user("newuser")

print(f"user_id: {user.id}")
print(f"username: {user.username}")
print(f"password_hash: {user.password_hash}")
print(f"is_admin: {user.is_admin}")
Output 
user_id: 3
username: newuser
password_hash: REDACTED
is_admin: False
update_experiment_permission(experiment_id: str, username: str, permission: str)[source]

Update an existing experiment permission for a user.

Parameters

  • experiment_id – The id of the experiment.

  • username – The username.

  • permission – New permission to grant. Must be one of “READ”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this experiment user pair, or if the permission is invalid

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_experiment_permission("myexperiment", "newuser", "READ")
client.update_experiment_permission("myexperiment", "newuser", "EDIT")
update_registered_model_permission(name: str, username: str, permission: str)[source]

Update an existing registered model permission for a user.

Parameters

  • name – The name of the registered model.

  • username – The username.

  • permission – New permission to grant. Must be one of “READ”, “EDIT”, “MANAGE” and “NO_PERMISSIONS”.

Raises

mlflow.exceptions.RestException – if the user does not exist, or no permission exists for this registered model user pair, or if the permission is invalid.

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")
client.create_registered_model_permission("myregisteredmodel", "newuser", "READ")
client.update_registered_model_permission("myregisteredmodel", "newuser", "EDIT")
update_user_admin(username: str, is_admin: bool)[source]

Update the admin status of a specific user.

Parameters

  • username – The username.

  • is_admin – The new admin status.

Raises

mlflow.exceptions.RestException – if the user does not exist

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")

client.update_user_admin("newuser", True)
update_user_password(username: str, password: str)[source]

Update the password of a specific user.

Parameters

  • username – The username.

  • password – The new password.

Raises

mlflow.exceptions.RestException – if the user does not exist

Example 
export MLFLOW_TRACKING_USERNAME=admin
export MLFLOW_TRACKING_PASSWORD=password

from mlflow.server.auth.client import AuthServiceClient

client = AuthServiceClient("tracking_uri")
client.create_user("newuser", "newpassword")

client.update_user_password("newuser", "anotherpassword")

mlflow.server.auth.entities

class mlflow.server.auth.entities.ExperimentPermission(experiment_id, user_id, permission)[source]

Bases: object

property experiment_id
classmethod from_json(dictionary)[source]
property permission
to_json()[source]
property user_id
class mlflow.server.auth.entities.RegisteredModelPermission(name, user_id, permission)[source]

Bases: object

classmethod from_json(dictionary)[source]
property name
property permission
to_json()[source]
property user_id
class mlflow.server.auth.entities.User(id_, username, password_hash, is_admin, experiment_permissions=None, registered_model_permissions=None)[source]

Bases: object

property experiment_permissions
classmethod from_json(dictionary)[source]
property id
property is_admin
property password_hash
property registered_model_permissions
to_json()[source]
property username