Skip to main content

RBAC roles and permissions

H2O AI Engine Manager (AIEM) controls access through workspace-scoped role-based access control (RBAC). AIEM ships nine built-in roles including a reader, user, and admin tier for each of the three engine types (Driverless AI, H2O-3, and Notebook). A workspace administrator assigns these roles to users per workspace, and the H2O AuthZ server evaluates them on every request.

This page lists each role, the exact permissions it grants, and how to assign roles following the principle of least privilege.

How authorization works

Every AIEM request is authenticated and authorized before it runs:

  • Authentication. Users sign in through the platform-managed identity provider using OIDC/OAuth2 and pass a bearer token on each request. See Authentication and authorization for the full auth flow.
  • Authorization. AIEM resolves permissions per workspace. Each role grants a fixed set of authorization actions, and the request is allowed only when the user's role in the target workspace includes the action the request requires.
  • Role assignment. Administrators assign roles in the H2O AuthZ server for each workspace.
note

Role assignment is workspace-scoped. The same user can hold different roles in different workspaces, for example, DAI Engine Admin in a platform workspace and DAI Engine Reader in a project workspace.

Account tiers

Each engine type uses the same three-tier model.

TierPurpose
ReaderRead-only access. View and list engines, download logs (Driverless AI and H2O-3 only), and view the approved versions or images.
UserCreate and manage their own engines, plus everything a reader can do.
AdminManage engine versions, images, and profiles for the workspace, plus everything a user can do.

Built-in roles

AIEM defines the following nine roles. The role ID is the identifier you assign in the AuthZ server.

Role IDDisplay nameEngine typeTier
enginemanager-dai-engine-readerDAI Engine ReaderDriverless AIReader
enginemanager-dai-engine-userDAI Engine UserDriverless AIUser
enginemanager-dai-engine-adminDAI Engine AdminDriverless AIAdmin
enginemanager-h2o-engine-readerH2O Engine ReaderH2O-3Reader
enginemanager-h2o-engine-userH2O Engine UserH2O-3User
enginemanager-h2o-engine-adminH2O Engine AdminH2O-3Admin
enginemanager-notebook-engine-readerNotebook Engine ReaderNotebookReader
enginemanager-notebook-engine-userNotebook Engine UserNotebookUser
enginemanager-notebook-engine-adminNotebook Engine AdminNotebookAdmin
info

Every role also includes workspace permissions so that a user can see and list the workspaces where they hold a role.

Permissions by engine type

The following tables list every authorization action each role grants.

  • Each AIEM action identifier has the form actions/enginemanager/<resource>/<VERB>
  • The tables show the <resource>/<VERB> portion.
  • The audit trail records the full action identifier, actions/enginemanager/<resource>/<VERB>, for the request.
  • All three tiers also hold the generic engines/LIST action.

Driverless AI engine roles

OperationAuthorization actionReaderUserAdmin
View an enginedaiEngines/GETYesYesYes
List enginesdaiEngines/LISTYesYesYes
Download engine logsdaiEngines/DOWNLOAD_LOGSYesYesYes
View an engine versiondaiEngineVersions/GETYesYesYes
List engine versionsdaiEngineVersions/LISTYesYesYes
Create an enginedaiEngines/CREATENoYesYes
Update an enginedaiEngines/UPDATENoYesYes
Delete an enginedaiEngines/DELETENoYesYes
Pause an enginedaiEngines/PAUSENoYesYes
Resume an enginedaiEngines/RESUMENoYesYes
List assigned profilesdaiEngineProfiles/LIST_ASSIGNEDNoYesYes
Migrate an engine creatordaiEngines/MIGRATE_CREATORNoNoYes
Create an engine versiondaiEngineVersions/CREATENoNoYes
Update an engine versiondaiEngineVersions/UPDATENoNoYes
Delete an engine versiondaiEngineVersions/DELETENoNoYes
Assign version aliasesdaiEngineVersions/ASSIGN_ALIASESNoNoYes
Create a profiledaiEngineProfiles/CREATENoNoYes
View a profiledaiEngineProfiles/GETNoNoYes
List profilesdaiEngineProfiles/LISTNoNoYes
Update a profiledaiEngineProfiles/UPDATENoNoYes
Delete a profiledaiEngineProfiles/DELETENoNoYes

H2O-3 engine roles

H2O-3 engines support create and delete, but not pause, resume, or update.

OperationAuthorization actionReaderUserAdmin
View an engineh2oEngines/GETYesYesYes
List enginesh2oEngines/LISTYesYesYes
Download engine logsh2oEngines/DOWNLOAD_LOGSYesYesYes
View an engine versionh2oEngineVersions/GETYesYesYes
List engine versionsh2oEngineVersions/LISTYesYesYes
Create an engineh2oEngines/CREATENoYesYes
Delete an engineh2oEngines/DELETENoYesYes
List assigned profilesh2oEngineProfiles/LIST_ASSIGNEDNoYesYes
Create an engine versionh2oEngineVersions/CREATENoNoYes
Update an engine versionh2oEngineVersions/UPDATENoNoYes
Delete an engine versionh2oEngineVersions/DELETENoNoYes
Assign version aliasesh2oEngineVersions/ASSIGN_ALIASESNoNoYes
Create a profileh2oEngineProfiles/CREATENoNoYes
View a profileh2oEngineProfiles/GETNoNoYes
List profilesh2oEngineProfiles/LISTNoNoYes
Update a profileh2oEngineProfiles/UPDATENoNoYes
Delete a profileh2oEngineProfiles/DELETENoNoYes

Notebook engine roles

Notebook engines use container images rather than versions, and add an ACCESS action that authorizes opening the notebook interface.

OperationAuthorization actionReaderUserAdmin
View an enginenotebookEngines/GETYesYesYes
List enginesnotebookEngines/LISTYesYesYes
View an imagenotebookEngineImages/GETYesYesYes
List imagesnotebookEngineImages/LISTYesYesYes
Create an enginenotebookEngines/CREATENoYesYes
Update an enginenotebookEngines/UPDATENoYesYes
Delete an enginenotebookEngines/DELETENoYesYes
Pause an enginenotebookEngines/PAUSENoYesYes
Resume an enginenotebookEngines/RESUMENoYesYes
Access an enginenotebookEngines/ACCESSNoYesYes
List assigned profilesnotebookEngineProfiles/LIST_ASSIGNEDNoYesYes
Create an imagenotebookEngineImages/CREATENoNoYes
Update an imagenotebookEngineImages/UPDATENoNoYes
Delete an imagenotebookEngineImages/DELETENoNoYes
Create a profilenotebookEngineProfiles/CREATENoNoYes
View a profilenotebookEngineProfiles/GETNoNoYes
List profilesnotebookEngineProfiles/LISTNoNoYes
Update a profilenotebookEngineProfiles/UPDATENoNoYes
Delete a profilenotebookEngineProfiles/DELETENoNoYes

Actions outside the built-in roles

AIEM defines and enforces a few authorization actions that none of the nine built-in roles grant. A user cannot perform these operations through a built-in role. Granting them requires a custom role defined in the AuthZ server.

ActionApplies toNotes
daiEngines/RESIZE_STORAGE, notebookEngines/RESIZE_STORAGEDriverless AI, NotebookResize an engine's persistent storage.
daiEngines/UPGRADE_VERSION, daiEngines/UPGRADE_DAI_ENGINE_VERSIONDriverless AIUpgrade an engine to a newer version.
h2oEngines/TERMINATE, sandboxEngines/TERMINATEH2O-3, SandboxTerminate a running engine.
engines/LIST_ALLAll engine typesList all engines across users; intended for platform-level administration.
note

The built-in roles cover Driverless AI, H2O-3, and Notebook engines. Sandbox engines, images, and templates have authorization actions defined (for example, sandboxEngines/CREATE, sandboxEngineImages/CREATE, sandboxEngineTemplates/CREATE), but AIEM ships no built-in Sandbox role. Manage access to Sandbox resources through a custom role in the AuthZ server.

Assign roles

Administrators assign roles in the H2O AuthZ server for the relevant workspace. Follow these guidelines:

  • Apply least privilege: Grant the lowest tier that lets a user do their work. Most users need the user or reader tier; reserve the admin tier for the people who manage versions, images, and profiles.
  • Assign per workspace: A role grant applies only to the workspace where you assign it. Grant roles separately in each workspace a user works in.
  • Manage shared resources in the global workspace: AIEM manages engine versions, images, and profiles in the workspaces/global workspace. To let a user manage these, assign the relevant admin role in the global workspace. Engine creation and use happen in regular project workspaces. For the settings these admin roles control, see Engine profile security configuration.

Account lifecycle

AIEM does not manage user accounts itself. A user's access is established, granted, and revoked through the platform identity provider and the H2O AuthZ server, moving through three stages:

StageWhat happens
ProvisioningAIEM establishes a user's identity on their first authenticated request. No separate account creation step is required.
Privilege assignmentAn administrator assigns workspace roles in the AuthZ server. AIEM applies the assigned permissions on the next request.
DeprovisioningRemoving a user's identity provider account or their AuthZ role assignments immediately revokes access. Delete any engines the user created as part of cleanup.

Feedback