Skip to main content
W&B Fully Connected
>
Articles

Introducing Custom Roles for W&B Teams

We're rolling out more nuanced access control for W&B Teams. Here's what you need to know to get started
Elaina Hodgkin, Abhinav Garg
Created on November 30|Last edited on December 8
Strong and simple-to-configure access controls are critical for any enterprise to scale the use of a developer platform across their business. To that end, we are excited to announce the launch of W&B Custom Roles to simplify configuration of who can access what within a W&B team, and help our users more closely align with their governance policies.
Until now, team admins in a Weights & Biases organization were only able to assign one of the following built-in roles to users in their team:
  • Admin: Team admins can add and remove other admins or team members. They have permissions to modify all projects. This includes, but is not limited to, deleting runs, projects, artifacts, and sweeps.
  • Member: A regular member of the team. A team member is invited by email by the team admin. A team member cannot invite other members. Team members can only delete runs and sweep runs created by that member.
  • Viewer (Enterprise-only feature): Viewers can view assets within the team such as runs, reports, and workspaces. They can follow and comment on reports, but they can not create, edit, or delete project overview, reports, or runs.
Many of our customers need a more flexible mechanism to assign permissions to users, ones not limited to these built-in roles. That’s where Custom Roles come in, which are available in all W&B deployment types - SaaS Cloud, Dedicated Cloud and Customer-Managed.
Here's how it works:

Custom roles allow W&B organization admins to compose new roles with specific permissions that map to specific actions within their team. Team admins can then assign those roles just like the built-in ones to specific users within the respective teams.
A key requirement is that a user must have the Member role at the organization level in order to be assigned a custom role within a team. Users with the Viewer role at the organizational level can only have that role on the team, and cannot be assigned any custom roles.

When configured, a custom role inherits a base set of permissions from either of the Member or Viewer roles, before the org admin adds other specific permissions to produce a role that’s suited to their unique needs.

As an example, an org admin may add a Launch Manager custom role with the base role as Viewer, which could allow assigned users to fully manage W&B Launch.


Team admins in that organization can then assign the newly available Launch Manager role to relevant users in their respective teams.

This is just one example. Any kind of custom role could be created to solve specific access control concerns across varied personas.
We are working on more authorization-related capabilities that, in addition to custom roles, would allow W&B admins to strongly follow the least privilege principle within a W&B team. Please reach out to your Weights & Biases team or to support@wandb.com if you would like to learn more.
Tags: Articles, W&B Meta

Created with ❤️ on Weights & Biases.

https://wandb.ai/wandb_fc/announcements/reports/Introducing-Custom-Roles-for-W-B-Teams--Vmlldzo2MTMxMjQ3
Made with Weights & Biases. Sign up or log in to create reports like this one.
Iterate on AI agents and models faster. Try Weights & Biases today.
Sign upTry W&B now