User management
These docs are for the new Anyscale design. If you started using Anyscale before April 2024, use Version 1.0.0 of the docs. If you're transitioning to Anyscale Preview, see the guide for how to migrate.
Add, remove, and update permissions for users within an Anyscale account. As an organization owner, you can view information and make changes through the console or with an API endpoint.
Anyscale provides Single Sign-On (SSO) built upon the Security Assertion Markup Language (SAML) 2.0 standard. See Configuring SSO to enable IT administrators to manage user access through a single authentication source.
Rolesâ
Two types of users exist in Anyscale:
- Owners: Administrators who manage account-level settings like user access, billing, support access, and cloud deployment.
- Collaborators: Invited by owners. Granted access to resources to interact with the platform, but not edit settings.
Add usersâ
Add users to an organizationâ
An organization in Anyscale is a single place for your company and your work.
- Go to the user menu and select Organization settings. The click the Members tab to view members of the organization.
- Click the Invite teammates button.
- Enter the email addresses of the invitees, separated by commas.
- New members can register with the link sent to their email address.
Add users to an Anyscale Cloudâ
Organization owners must manually add users to each Anyscale Cloud to grant access. Collaborators can then view details and create Anyscale entities like Workspaces, Jobs, and Services using that Cloud's resources.
- Click on the Cloud tab.
- Select the Cloud you want users to access.
- Click Manage users to add users who already exist in the organization.
Modify user rolesâ
- Go to the user menu and select Organization settings. The click the Members tab to view members of the organization.
- Toggle the role to change an existing member to an owner or a collaborator.
Delete usersâ
If your organization set up SSO, remove the user from your SSO Identity Provider's Anyscale integration to fully restrict the user's access.
-
Go to the user menu and select Organization settings. The click the Members tab to view members of the organization.
-
Select the collaborators to remove. To delete an owner, downgrade them to a collaborator first.
-
Confirm deletion.
đī¸ What happens to Anyscale entities created by a deleted user?
Note: The following permissions structure applies to organizations created after August 2023. See Permissions.
| Entity | Details |
|---|---|
| Workspaces | Remain running unless you manually terminate them. Duplicate to retain work while assuming ownership. |
| Jobs | Remain running unless you manually terminate them. Duplicate as Workspaces to submit Jobs and assume ownership. |
| Services | Remain running unless you manually terminate them. Duplicate as Workspaces to deploy Services and assume ownership. |
| Cloud | If the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user. |
đģ Programmatic deletion
Both methods support one-by-one deletion.
- Option 1: Use
DELETE /api/v2/organization_collaborators/{identity_id}to remove users with the API endpoint. - Option 2: Use the Anyscale Python SDK with the following script.
delete_users.py
delete_users.pyfrom anyscale.authenticate import get_auth_api_client
def delete_collaborator():
api_client = get_auth_api_client().api_client
collaborators = api_client.list_organization_collaborators_api_v2_organization_collaborators_get()
email_to_remove = input("Enter the email of the collaborator to remove: ")
# Filter the list to find the collaborator with the matching email.
matching_collaborators = [collaborator for collaborator in collaborators.results if collaborator.email == email_to_remove]
# Ensure only one collaborator matches the provided email.
assert len(matching_collaborators) == 1, f"Error: Found {len(matching_collaborators)} identities matching {email_to_remove}. Expected 1."
input(f"Going to delete the following identity:\n{matching_collaborators[0]}\nPress any key to continue...")
api_client.remove_organization_collaborator_api_v2_organization_collaborators_identity_id_delete(matching_collaborators[0].id)
print("Collaborator successfully removed.")
delete_collaborator()