If multiple users need to develop, manage, or perform O&M on a workspace, you must add the users as workspace members and assign different roles to the members. PAI provides various roles. You can assign roles to workspace members based on your business requirements. This topic describes how to add RAM users or RAM roles to a workspace and assign roles to them.
Limits
Only the administrator and owner of a workspace can manage the members in the workspace.
Go to the Member and Role Management panel
Go to the Workspace Details page.
Log on to the PAI console.
Go to the Workspace Details page by using one of the following methods:
In the Recently Used Workspaces section of the Overview tab, find the workspace that you want to manage and click the name of the workspace.
To go to the Workspace Details page, perform the following steps:
In the left-side navigation pane, click Workspaces.
On the Workspaces page, click the name of the workspace that you want to manage.
In the Members section of the Workspace Details page, click Manage to go to the Member and Role Management panel.
Add members
On the Workspace Member tab, click Add Member.
In the Add Member dialog box, configure the parameters. The following table describes the parameters.
Parameter
Description
Account
All available RAM users are displayed in the Pending Adding section. Select the desired RAM users and click the
icon. The selected RAM users are displayed in the Selected section. To remove selected RAM users, select the RAM users in the Selected section and click the
icon. The RAM users are removed from the Selected section and displayed in the Pending Adding section. Role
The following roles are supported. You can select one or more roles based on your business requirements.
Basic Role
Administrator: This role has the permissions to modify members and manage resource groups and all assets in a workspace.
Algorithm Developer: This role has the permissions to develop and train models in a workspace.
Algorithm O&M Engineer: This role has the permissions to manage job priorities, publish models, and monitor online services.
Label Administrator: This role has the permissions to use iTAG.
Visitor: This role has the read-only permissions on all assets in a workspace.
Computing Resource Role
MaxCompute Developer: The developer role in DataWorks. This role has the permissions to develop MaxCompute data. You can assign this role to the RAM users that you want to use to submit jobs from PAI to MaxCompute.
Custom role
In the left-side navigation pane of the PAI console, you can choose Activation & Authorization > Roles and Permissions to view the mappings between roles and permissions.
Click OK.
Add a custom role
On the Workspace Role tab, click Create Custom Role and configure the parameters.
Parameters:
No Permissions: This role does not have permissions on a service.
Read-only: This role has the permissions to view the resources owned by a specific member and the resources that are visible to all members in a service.
Modify/Execute: This role has the permissions to modify and manage the resources owned by a specific member in a service.
Full Access: This role has full management permissions on all resources in a service.
Click OK.
Modify the roles of a member
On the Workspace Member tab, find the desired member and add or remove roles in the Role column.
Relationships between members and roles:
Each member must be assigned at least one role.
You cannot delete the Owner role. An Alibaba Cloud account or RAM user that is used to create a workspace automatically becomes the owner of the workspace. The owner has the permissions to modify the members of the workspace, reference and manage resource groups, and manage all assets in the workspace.
References
On the Workspace Details page of a workspace, you can modify the computing resources and storage path of the workspace. For more information, see Manage workspaces.
PAI provides a notification mechanism for workspaces. You can create notification rules of events to track and monitor the status of Deep Learning Containers (DLC) jobs or Machine Learning Designer pipeline jobs. You can also use notification rules to trigger events when the model version status changes. For more information, see Workspace notification.