opensearch-docs-cn/_ml-commons-plugin/model-access-control.md

619 lines
18 KiB
Markdown
Raw Normal View History

Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
---
layout: default
title: Model access control
has_children: false
Add score normalization and combination documentation (#4985) * Add search phase results processor Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add hybrid query Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Normalization processor additions Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more details Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Continue writing Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more query then fetch details and diagram Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Small rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Leaner left nav headers Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Tech review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add semantic search tutorial Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded prerequisites Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Removed comma Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording advanced prerequisites Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Changed searching for ML model to shorter request Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update task type in register model response Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Changing example Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Added huggingface prefix to model names Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Change example responses Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Added note about huggingface prefix Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/semantic-search.md Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * List weights under parameters Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove one-shard warning for normalization processor Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Change links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * More editorial feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Change model-serving framework to ML framework Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Use get model API to check model status Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Added neural search description and diagram Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * More editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add link to profile API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Addressed more tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments on changes Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-09-22 17:29:58 -04:00
nav_order: 20
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
---
# Model access control
You can use the Security plugin with ML Commons to manage access to specific models for non-admin users. For example, one department in an organization might want to restrict users in other departments from accessing their models.
To accomplish this, users are assigned one or more [_backend roles_]({{site.url}}{{site.baseurl}}/security/access-control/index/). Rather than assign individual roles to individual users during user configuration, backend roles provide a way to map a set of users to a role by assigning the backend role to users when they log in. For example, users may be assigned an `IT` backend role that includes the `ml_full_access` role and have full access to all ML Commons features. Alternatively, other users may be assigned an `HR` backend role that includes the `ml_readonly_access` role and be limited to read-only access to machine learning (ML) features. Given this flexibility, backend roles can provide finer-grained access to models and make it easier to assign multiple users to a role rather than mapping a user and role individually.
Ml commons (#5017) * Adding ML Node to cluster settings page Signed-off-by: David Tippett <17506770+dtaivpp@users.noreply.github.com> * Removed Permissions and Cluster Settings from index; added roles to model access control Signed-off-by: David Tippett <17506770+dtaivpp@users.noreply.github.com> * Referenced code sample was for local connector not external Signed-off-by: David Tippett <17506770+dtaivpp@users.noreply.github.com> * Updated ML index page to refrence the order to get started with ML Commons. Signed-off-by: David Tippett <17506770+dtaivpp@users.noreply.github.com> * Fixing style errors. Signed-off-by: David Tippett <17506770+dtaivpp@users.noreply.github.com> * Update _ml-commons-plugin/cluster-settings.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/index.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/index.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/index.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/index.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/extensibility/connectors.md Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/index.md Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> * Update _ml-commons-plugin/index.md Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> --------- Signed-off-by: David Tippett <17506770+dtaivpp@users.noreply.github.com> Signed-off-by: David Tippett <Dtaivpp@gmail.com> Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-09-21 14:44:19 -04:00
## ML Commons roles
The ML Commons plugin has two reserved roles:
- `ml_full_access`: Grants full access to all ML features, including starting new ML tasks and reading or deleting models.
- `ml_readonly_access`: Grants read-only access to ML tasks, trained models, and statistics relevant to the model's cluster. Does not grant permissions to start or delete ML tasks or models.
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
## Model groups
For access control, models are organized into _model groups_---collections of versions of a particular model. Like users, model groups can be assigned one or more backend roles. All versions of the same model share the same model name and have the same backend role or roles.
You are considered a model _owner_ when you create a new model group. You remain the owner of the model and all its versions even if another user registers a model to this model group. When a model owner creates a model group, the owner can specify one of the following _access modes_ for this model group:
- `public`: All users who have access to the cluster can access this model group.
- `private`: Only the model owner or an admin user can access this model group.
- `restricted`: The owner, an admin user, or any user who shares one of the model group's backend roles can access any model in this model group. When creating a `restricted` model group, the owner must attach one or more of the owner's backend roles to the model.
An admin can access all model groups in the cluster regardless of their access mode.
{: .note}
## Model access control prerequisites
Before using model access control, you must satisfy the following prerequisites:
1. Enable the Security plugin on your cluster. For more information, see [Security in OpenSearch]({{site.url}}{{site.baseurl}}/security/).
2. For `restricted` model groups, ensure that an admin has [assigned backend roles to users](#assigning-backend-roles-to-users).
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
3. [Enable model access control](#enabling-model-access-control) on your cluster.
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
If any of the prerequisites are not met, all models in the cluster are `public` and can be accessed by any user who has access to the cluster.
{: .note}
## Assigning backend roles to users
Create the appropriate backend roles and assign those roles to users. Backend roles usually come from an [LDAP server]({{site.url}}{{site.baseurl}}/security/configuration/ldap/) or [SAML provider]({{site.url}}{{site.baseurl}}/security/configuration/saml/), but if you use the internal user database, you can use the REST API to [add them manually]({{site.url}}{{site.baseurl}}/security/access-control/api#create-user).
Only admin users can assign backend roles to users.
{: .note}
When assigning backend roles, consider the following example of two users: `alice` and `bob`.
The following request assigns the user `alice` the `analyst` backend role:
```json
PUT _plugins/_security/api/internalusers/alice
{
"password": "alice",
"backend_roles": [
"analyst"
],
"attributes": {}
}
```
The next request assigns the user `bob` the `human-resources` backend role:
```json
PUT _plugins/_security/api/internalusers/bob
{
"password": "bob",
"backend_roles": [
"human-resources"
],
"attributes": {}
}
```
Finally, the last request assigns both `alice` and `bob` the role that gives them full access to ML Commons:
```json
PUT _plugins/_security/api/rolesmapping/ml_full_access
{
"backend_roles": [],
"hosts": [],
"users": [
"alice",
"bob"
]
}
```
If `alice` creates a model group and assigns it the `analyst` backend role, `bob` cannot access this model.
## Enabling model access control
You can enable model access control dynamically as follows:
```json
PUT _cluster/settings
{
"transient": {
"plugins.ml_commons.model_access_control_enabled": "true"
}
}
```
{% include copy-curl.html %}
## Registering a model group
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
To register a model group, send a `POST` request to the `_register` endpoint. You can register a model group in `public`, `private`, or `restricted` access mode.
Each model group name in the cluster must be globally unique.
{: .important}
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
### Path and HTTP method
```json
POST /_plugins/_ml/model_groups/_register
```
### Request fields
The following table lists the available request fields.
Field |Data type | Description
:--- | :--- | :---
`name` | String | The model group name. Required.
`description` | String | The model group description. Optional.
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
`access_mode` | String | The access mode for this model. Valid values are `public`, `private`, and `restricted`. When this parameter is set to `restricted`, you must specify either `backend_roles` or `add_all_backend_roles`, but not both. Optional. If you specify none of the security parameters (`access_mode`, `backend_roles`, and `add_all_backend_roles`), the default `access_mode` is `private`.
`backend_roles` | Array | A list of the model owner's backend roles to add to the model. Can be specified only if `access_mode` is `restricted`. Cannot be specified at the same time as `add_all_backend_roles`. Optional.
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
`add_all_backend_roles` | Boolean | If `true`, all backend roles of the model owner are added to the model group. Default is `false`. Cannot be specified at the same time as `backend_roles`. Admin users cannot set this parameter to `true`. Optional.
#### Example request
```json
POST /_plugins/_ml/model_groups/_register
{
"name": "test_model_group_public",
"description": "This is a public model group",
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
"access_mode": "public"
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
}
```
{% include copy-curl.html %}
#### Example response
```json
{
"model_group_id": "GDNmQ4gBYW0Qyy5ZcBcg",
"status": "CREATED"
}
```
### Response fields
The following table lists the available response fields.
Field |Data type | Description
:--- | :--- | :---
`model_group_id` | String | The model group ID that you can use to access this model group.
`status` | String | The operation status.
### Registering a public model group
If you register a model group with a `public` access mode, any model in this model group will be accessible to any user with access to the cluster. The following request registers a public model group:
```json
POST /_plugins/_ml/model_groups/_register
{
"name": "test_model_group_public",
"description": "This is a public model group",
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
"access_mode": "public"
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
}
```
{% include copy-curl.html %}
### Registering a restricted model group
To limit access by backend role, you must register a model group with the `restricted` access mode.
When registering a model group, you must attach one or more of your backend roles to the model using one but not both of the following methods:
- Provide a list of backend roles in the `backend_roles` parameter.
- Set the `add_all_backend_roles` parameter to `true` to add all your backend roles to the model group. This option is not available to admin users.
Any user who shares a backend role with the model group can access any model in this model group. This grants the user the permissions included with the user role that is mapped to the backend role.
An admin user can access all model groups regardless of their access mode.
{: .note}
#### Example request: A list of backend roles
The following request registers a restricted model group, which can be accessed only by users with the `IT` backend role:
```json
POST /_plugins/_ml/model_groups/_register
{
"name": "model_group_test",
"description": "This is an example description",
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
"access_mode": "restricted",
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
"backend_roles" : ["IT"]
}
```
{% include copy-curl.html %}
#### Example request: All backend roles
The following request registers a restricted model group, adding all backend roles of the user to the model group:
```json
POST /_plugins/_ml/model_groups/_register
{
"name": "model_group_test",
"description": "This is an example description",
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
"access_mode": "restricted",
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
"add_all_backend_roles": "true"
}
```
{% include copy-curl.html %}
### Registering a private model group
If you register a model group with a `private` access mode, any model in this model group will be accessible only to you and the admin users. The following request registers a private model group:
```json
POST /_plugins/_ml/model_groups/_register
{
"name": "model_group_test",
"description": "This is an example description",
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
"access_mode": "private"
}
```
{% include copy-curl.html %}
If you don't specify any of the `access_mode`, `backend_roles`, or `add_all_backend_roles`, the model will have a `private` access mode:
```json
POST /_plugins/_ml/model_groups/_register
{
"name": "model_group_test",
"description": "This is an example description"
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
}
```
{% include copy-curl.html %}
### Registering a model group in a cluster where model access control is disabled
If model access control is disabled on your cluster (one of the [prerequisites](#model-access-control-prerequisites) is not met), you can register a model group with a `name` and `description` but cannot specify any of the access parameters (`model_access_name`, `backend_roles`, or `add_backend_roles`). By default, in such a cluster, all model groups are public.
## Updating a model group
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
To update a model group, send a `PUT` request to the `model_groups` endpoint and provide the ID of the model group you want to update.
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
When updating a model group, the following restrictions apply:
- The model owner or an admin user can update all fields. Any user who shares one or more backend roles with the model group can update the `name` and `description` fields only.
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
- When updating the `access_mode` to `restricted`, you must specify either `backend_roles` or `add_all_backend_roles` but not both.
- When updating the `name`, ensure the name is globally unique in the cluster.
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
### Path and HTTP method
```json
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
PUT /_plugins/_ml/model_groups/<model_group_id>
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
```
### Request fields
Refer to [Request fields](#request-fields-1) for request field descriptions.
#### Example request
```json
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
PUT /_plugins/_ml/model_groups/<model_group_id>
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
{
"name": "model_group_test",
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
"description": "This is the updated description",
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
"add_all_backend_roles": true
}
```
{% include copy-curl.html %}
### Updating a model group in a cluster where model access control is disabled
If model access control is disabled on your cluster (one of the [prerequisites](#model-access-control-prerequisites) is not met), you can update only the `name` and `description` of a model group but cannot update any of the access parameters (`model_access_name`, `backend_roles`, or `add_backend_roles`).
## Searching for a model group
When you search for a model group, only those model groups to which you have access will be returned. For example, for a match all query, model groups that will be returned are:
- All public model groups in the index
- Private model groups for which you are the owner
- Model groups that share at least one of the `backend_roles` with you
### Path and HTTP method
```json
POST /_plugins/_ml/model_groups/_search
GET /_plugins/_ml/model_groups/_search
```
#### Example request: Match all
The following request is sent by `user1` who has the `IT` and `HR` roles:
```json
POST /_plugins/_ml/model_groups/_search
{
"query": {
"match_all": {}
},
"size": 1000
}
```
{% include copy-curl.html %}
#### Example response
```json
{
"took": 31,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 7,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": ".plugins-ml-model-group",
"_id": "TRqZfYgBD7s2oEFdvrQj",
"_version": 1,
"_seq_no": 2,
"_primary_term": 1,
"_score": 1,
"_source": {
"backend_roles": [
"HR",
"IT"
],
"owner": {
"backend_roles": [
"HR",
"IT"
],
"custom_attribute_names": [],
"roles": [
"ml_full_access",
"own_index",
"test_ml"
],
"name": "user1",
"user_requested_tenant": "__user__"
},
"created_time": 1685734407714,
"access": "restricted",
"latest_version": 0,
"last_updated_time": 1685734407714,
"name": "model_group_test",
"description": "This is an example description"
}
},
{
"_index": ".plugins-ml-model-group",
"_id": "URqZfYgBD7s2oEFdyLTm",
"_version": 1,
"_seq_no": 3,
"_primary_term": 1,
"_score": 1,
"_source": {
"backend_roles": [
"IT"
],
"owner": {
"backend_roles": [
"HR",
"IT"
],
"custom_attribute_names": [],
"roles": [
"ml_full_access",
"own_index",
"test_ml"
],
"name": "user1",
"user_requested_tenant": "__user__"
},
"created_time": 1685734410470,
"access": "restricted",
"latest_version": 0,
"last_updated_time": 1685734410470,
"name": "model_group_test",
"description": "This is an example description"
}
},
...
]
}
}
```
#### Example request: Search for model groups with an owner name
The following request to search for model groups of `user` is sent by `user2` who has the `IT` backend role:
```json
GET /_plugins/_ml/model_groups/_search
{
"query": {
"bool": {
"must": [
{
"nested": {
"query": {
"term": {
"owner.name.keyword": {
"value": "user1",
"boost": 1
}
}
},
"path": "owner",
"ignore_unmapped": false,
"score_mode": "none",
"boost": 1
}
}
]
}
}
}
```
{% include copy-curl.html %}
#### Example response
```json
{
"took": 6,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 4,
"relation": "eq"
},
"max_score": 0,
"hits": [
{
"_index": ".plugins-ml-model-group",
"_id": "TRqZfYgBD7s2oEFdvrQj",
"_version": 1,
"_seq_no": 2,
"_primary_term": 1,
"_score": 0,
"_source": {
"backend_roles": [
"HR",
"IT"
],
"owner": {
"backend_roles": [
"HR",
"IT"
],
"custom_attribute_names": [],
"roles": [
"ml_full_access",
"own_index",
"test_ml"
],
"name": "user1",
"user_requested_tenant": "__user__"
},
"created_time": 1685734407714,
"access": "restricted",
"latest_version": 0,
"last_updated_time": 1685734407714,
"name": "model_group_test",
"description": "This is an example description"
}
},
...
]
}
}
```
#### Example request: Search for model groups with a model group ID
```json
GET /_plugins/_ml/model_groups/_search
{
"query": {
"bool": {
"must": [
{
"terms": {
"_id": [
"HyPNK4gBwNxGowI0AtDk"
]
}
}
]
}
}
}
```
{% include copy-curl.html %}
#### Example response
```json
{
"took": 2,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": ".plugins-ml-model-group",
"_id": "HyPNK4gBwNxGowI0AtDk",
"_version": 3,
"_seq_no": 16,
"_primary_term": 5,
"_score": 1,
"_source": {
"backend_roles": [
"IT"
],
"owner": {
"backend_roles": [
"",
"HR",
"IT"
],
"custom_attribute_names": [],
"roles": [
"ml_full_access",
"own_index",
"test-ml"
],
"name": "user1",
"user_requested_tenant": null
},
"created_time": 1684362035938,
"latest_version": 2,
"last_updated_time": 1684362571300,
"name": "model_group_test",
"description": "This is an example description"
}
}
]
}
}
```
## Deleting a model group
You can only delete a model group if it does not contain any model versions.
{: .important}
If model access control is enabled on your cluster, only the owner or users with matching backend roles can delete the model group. Any users can delete any public model group.
If model access control is disabled on your cluster, users with the `delete model group API` permission can delete any model group.
Admin users can delete any model group.
{: .note}
Update model access control documentation (#4552) * Update model access control documentation Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove duplicated info Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reword registering model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Clarification for model size Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/model-access-control.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add tech review comment Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Update _ml-commons-plugin/api.md Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Reworded for clarity Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-07-18 10:55:58 -04:00
When you delete the last model version in a model group, that model group is automatically deleted from the index.
{: .important}
Add model access control documentation for ML Commons (#4223) * Add model access control documentation for ML Commons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove permissions for delete API Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add copy buttons Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Updated model-level APIs Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add delete model Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Reworded role-related text Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Rewording Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove experimental warning Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Register a model group in note format Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implement tech review comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Resolved Vale comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Remove space Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Implemented doc review feedback Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Implemented editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi <vagimeli@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Add more editorial comments Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> * Fix more links Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> --------- Signed-off-by: Fanit Kolchina <kolchfa@amazon.com> Signed-off-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Chris Moore <107723039+cwillum@users.noreply.github.com> Co-authored-by: Melissa Vagi <vagimeli@amazon.com>
2023-06-19 15:25:13 -04:00
#### Example request
```json
DELETE _plugins/_ml/model_groups/<model_group_id>
```
{% include copy-curl.html %}
#### Example response
```json
{
"_index": ".plugins-ml-model-group",
"_id": "l8nnQogByXnLJ-QNpEk2",
"_version": 5,
"result": "deleted",
"_shards": {
"total": 2,
"successful": 1,
"failed": 0
},
"_seq_no": 70,
"_primary_term": 23
}
```