Skip to main content
Create and manage custom roles with fine-grained permissions for role-based access control in your Arize account.
The roles client methods are currently in ALPHA. The API may change without notice. A one-time warning is emitted on first use.

Key Capabilities

  • List all roles (predefined and custom) in your account
  • Retrieve a specific role by ID
  • Create custom roles with specific permissions
  • Update a custom role’s name, description, or permissions
  • Delete custom roles

List Roles

List all roles available in your account. Optionally filter to predefined or custom roles only. 
# List all roles
resp = client.roles.list()

for role in resp.roles:
    print(role.id, role.name, role.is_predefined)

# List only predefined (system) roles
resp = client.roles.list(is_predefined=True)

# List only custom roles
resp = client.roles.list(is_predefined=False)
For details on pagination, field introspection, and data conversion (to dict/JSON/DataFrame), see Response Objects.

Get a Role

Retrieve a specific role by its ID. 
role = client.roles.get(role_id="your-role-id")

print(role.id, role.name)
print(role.permissions)
print(role.is_predefined)

Create a Role

Create a new custom role. Role names must be unique within the account. At least one permission must be provided. Predefined (system-managed) roles cannot be created through this endpoint. 
from arize._generated.api_client.models import Permission

role = client.roles.create(
    name="AI Engineer",
    permissions=[
        Permission.PROJECT_READ,
        Permission.DATASET_READ,
        Permission.DATASET_CREATE,
    ],
    description="Can read projects and read/create datasets.",  # optional
)

print(role.id, role.name)

Update a Role

Update an existing custom role. At least one of name, description, or permissions must be provided. When permissions is provided, the existing permissions are fully replaced with the new set. Predefined roles cannot be updated. 
role = client.roles.update(
    role_id="your-role-id",
    name="Updated Role Name",           # optional
    description="Updated description",  # optional
    permissions=[                        # optional — fully replaces existing permissions
        Permission.PROJECT_READ,
        Permission.DATASET_READ,
    ],
)

print(role.id, role.name)

Delete a Role

Delete a custom role by ID. Predefined (system-managed) roles cannot be deleted. 
client.roles.delete(role_id="your-role-id")