Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 4. Managing model registry permissions
You can manage access to a model registry for individual users and user groups in your organization, and for service accounts in a project.
OpenShift AI creates the <model-registry-name>-users group automatically for use with model registries. You can add users to this group in OpenShift, or ask the cluster administrator to do so.
The model registry operator uses OpenShift Role-Based Access Control (RBAC), and creates various RBAC resources in the rhoai-model-registries namespace.
For each model registry instance, the operator creates a registry-users-<model registry instance name> role and an OpenShift group called <model registry instance name>-users. To grant an individual user, service account, or group access to a model registry instance, your cluster administrator must create a role binding to the registry-users-<model registry instance name> role for the instance.
The <model registry instance name>-users group has a role binding to the registry-users-<model registry instance name> role. Your cluster administrator can add users to this group to grant them access to the model registry instance without needing to create a role binding for each user.
For more information about managing RBAC in OpenShift, see Using RBAC to define and apply permissions.
Prerequisites
- You have logged in to OpenShift AI as a user with OpenShift AI administrator privileges.
- An available model registry exists in your deployment.
- The users and groups that you want to provide access to already exist in OpenShift. For more information, see Managing users and groups.
Procedure
-
From the OpenShift AI dashboard, click Settings
Model registry settings. Click Manage permissions beside the model registry that you want to manage access for.
The permissions page for the model registry opens.
Provide one or more OpenShift groups with access to the project.
- On the Users tab, in the Groups section, click Add group.
From the Select a group drop-down list, select a group.
NoteTo enable access for all cluster users, add
system:authenticatedto the group list.-
To confirm your entry, click Confirm (
).
- Optional: To add an additional group, click Add group and repeat the process.
Provide one or more users with access to the model registry.
- On the Users tab, in the Users section, click Add user.
- In the Type username field, enter the username of the user to whom you want to provide access.
-
To confirm your entry, click Confirm (
).
- Optional: To add an additional user, click Add user and repeat the process.
Provide all service accounts in a project with access to the model registry.
- On the Projects tab, in the Projects section, click Add project.
- In the Select or enter a project field, select or enter the name of the project to which you want to provide access.
-
To confirm your entry, click Confirm (
).
- Optional: To add an additional project, click Add project and repeat the process.
Verification
- Users, groups, and accounts that were granted access to a model registry can register, view, edit, version, deploy, delete, archive, and restore models in that registry.
- The Users and Groups sections on the Permissions tab show the respective users and groups that you granted access to the model registry.
- The Projects sections on the Projects tab show the projects that you granted access to the model registry.
After you provide access to a model registry, users with access can store, share, version, deploy, and track models using the model registry feature. For more information, see Working with model registries.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}