Team roles in Vast.ai's platform are designed to streamline collaboration and enhance security by assigning specific permissions and access levels to different members of a team. These roles determine what actions a team member can perform and what data they can access within the team's shared workspace.
Predefined Roles: These are standard roles with preset permissions, suitable for common team structures. Examples include:
Custom Roles: Custom roles allow team administrators to create roles with tailored permissions. This feature is particularly useful for teams with unique workflow requirements or specific security protocols.
Note: In the early days we are going to describe these concepts as things like 'instance_read' or 'instance_write', We realize these are confusing. Any questions about what permissions are attributed to what actions should be asked via our support channels.
All team roles are created by passing in a permissions JSON object that delegates what group of endpoints can be accessed.
Currently, the system only supports groups of endpoint categories, but soon it will be extended for further granularity.
The current activated scopes are as follows
misc: Supports uncategorized operations like search offers, getting logs from various sources, etc
user_read: Allows the usage of obtaining basic user data like email, credits, etc. Essential for web usage.
user_write: Allows the ability to change account settings such as email, password, 2FA, etc.
instance_read: Grants ability to view instances, and certain read-only instance operations
instance_write: Grants access to instances and all relevant operations such as starting/stopping instances, cloud copy, reserving credits, etc
billing_read: Ability to view billing page and get billing information
billing_write: Ability to change billing page information
machine_read: Read access to machines owned by the team
machine_write: Ability to add/remove machines, and also edit machine settings
For teams usage you should create apikeys under the "api" section of permissions. An example of permissions json you would upload would be like this:
{
"api": {
"misc": {},
"user_read":{},
"instance_read": {},
"instance_write": {}
}
}
This json would create a team role that would have miscellaneous access to things like search, be able to get basic information like your team's credits, team name etc, and also have the ability to create instances within the team context.
Team roles are a fundamental aspect of managing a collaborative and secure environment on the Vast.ai platform. By effectively utilizing predefined and custom roles, teams can ensure that each member has the appropriate level of access and control, fostering a productive and secure working environment.