Skip to main content

User management

ℹī¸For organization owners

Add, remove, and update permissions for users within an Anyscale account. As an organization owner, you can view information and make changes through the console or with an API endpoint.

🔐Looking for SSO?

Anyscale provides Single Sign-On (SSO) built upon the Security Assertion Markup Language (SAML) 2.0 standard. See Configuring SSO to enable IT administrators to manage user access through a single authentication source.

Roles​

Two types of users exist in Anyscale:

  • Owners: Administrators who manage account-level settings like user access, billing, support access, and cloud deployment.
  • Collaborators: Invited by owners. Granted access to resources to interact with the platform, but not edit settings.

Add users​

Add users to an organization​

An organization in Anyscale is a single place for your company and your work.

  1. Go to the user menu and select My organization to view members of the organization.
  2. Click the Invite teammates button.
  3. Enter the email addresses of the invitees, separated by commas.
  4. New members can register with the link sent to their email address.

Add users to an Anyscale Cloud​

Organization owners must manually add users to each Anyscale Cloud to grant access. Collaborators can then view details and create Anyscale entities like Workspaces, Jobs, and Services using that Cloud's resources.

  1. Click on the Cloud tab.
  2. Select the Cloud you want users to access.
  3. Click Manage users to add users who already exist in the organization.

Modify user roles​

  1. Go to the user menu and select My organization to view members of the organization.
  2. Toggle the role to change an existing member to an owner or a collaborator.

Delete users​

Remove user from SSO

If your organization set up SSO, remove the user from your SSO Identity Provider's Anyscale integration to fully restrict the user's access.

  1. Go to the user menu and select My organization to view members of the organization.

  2. Select the collaborators to remove. To delete an owner, downgrade them to a collaborator first.

  3. Confirm deletion.

🗑ī¸ What happens to Anyscale entities created by a deleted user?
Ownership Transfer Table

Note: The following permissions structure applies to organizations created after August 2023. See Access controls.

EntityDetails
WorkspacesRemain running unless you manually terminate them. Duplicate to retain work while assuming ownership.
JobsRemain running unless you manually terminate them. Duplicate as Workspaces to submit Jobs and assume ownership.
ServicesRemain running unless you manually terminate them. Duplicate as Workspaces to deploy Services and assume ownership.
SchedulesA Schedule terminates when it encounters permission errors. Any user can resume, and they become the new creator of subsequent Jobs. The original schedule creator remains unchanged.
ProjectsIf the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user.
CloudIf the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user.
đŸ’ģ Programmatic deletion

Both methods support one-by-one deletion.

  • Option 1: Use DELETE /api/v2/organization_collaborators/{identity_id} to remove users with the API endpoint.
  • Option 2: Use the Anyscale Python SDK with the following script.

    • delete_users.py

    from anyscale.authenticate import get_auth_api_client

    def delete_collaborator():
        api_client = get_auth_api_client().api_client
        collaborators = api_client.list_organization_collaborators_api_v2_organization_collaborators_get()

        email_to_remove = input("Enter the email of the collaborator to remove: ")

        # Filter the list to find the collaborator with the matching email
        matching_collaborators = [collaborator for collaborator in collaborators.results if collaborator.email == email_to_remove]
        # Ensure only one collaborator matches the provided email
        assert len(matching_collaborators) == 1, f"Error: Found {len(matching_collaborators)} identities matching {email_to_remove}. Expected 1."

        input(f"Going to delete the following identity:\n{matching_collaborators[0]}\nPress any key to continue...")
        api_client.remove_organization_collaborator_api_v2_organization_collaborators_identity_id_delete(matching_collaborators[0].id)
        print("Collaborator successfully removed.")

    delete_collaborator()