Users Management (.users
)
Estimated reading time: 10’
What you’ll learn
This guide’s objective is to help you get familiarized with PySyft’s Users API. You will learn to:
access, register, update and delete user accounts
configure the registration options
update login credentials for user accounts
User Roles in Syft
There are three types of accounts for a domain:
ADMIN - used for internal Datasite administrators and data owners
DATA_SCIENTIST - used for external researchers (accessing data)
GUEST - used for external users
They are differentiated based on what permissions they have. Here is a permissions table for quick reference:
Create Users |
List Users |
Update Users |
Delete Users |
|
---|---|---|---|---|
|
✅ |
✅ |
✅ |
✅ |
|
🚫 |
🚫 |
✔️* |
🚫 |
|
🚫 |
🚫 |
✔* |
🚫 |
* DATA_SCIENTIST
and GUEST
accounts can only update their own information
You can interact with a Datasite through a Syft client.
Account Login
The most straight-forward way to login to a Datasite is by instatiating a client with the sy.login()
function, which requires an account’s credentials (email/password).
Prerequisites
The following code snippets assume you have deployed a Datasite.
Show code cell source
import syft as sy
conn = sy.orchestra.launch(name="local_domain", port="auto", dev_mode=False, reset=True)
import syft as sy
admin_client = sy.login(
url='localhost',
port = conn.port,
email="[email protected]",
password="changethis",
)
An admin can also login as other users or as a guest user.
ds_client = admin_client.login_as('[email protected]')
guest_client = admin_client.login_as_guest()
Changing Login Credentials
It’s important to change an account’s default password (or the password specified when creating the account) as soon as possible. This can be achieved with the client.account.set_password()
function.
admin_client.account.set_password('new_password', confirm=False)
This option is available for every account type. Additionaly, as an admin, you can change an account’s login credentials with the users.update()
function, detailed below.
CRUD on Users Profiles
Create Users
Only ADMIN
users can create new accounts.
New user accounts can be created via the client.users.create()
function, which has the following signature:
client.users.create(user_create: UserCreate)
The user_create
parameter is a UserCreate
object, that will be instantiated with the following arguments:
id: str
- automatically generated by PySyftname: str
- the name associated with the new accountemail: str
- the email address associated with the new accountpassword: str
- the password associated with the new accountinstitution: str (optional)
website: str (optional)
role: ServiceRole
- could be one ofADMIN
,GUEST
orDATA_SCIENTIST
(default)
from syft.service.user.user import UserCreate, ServiceRole
admin_client.users.create(
name='John Doe',
email='[email protected]',
password='password',
role=ServiceRole.DATA_SCIENTIST
)
See Registered Users
Only ADMIN
users can list the users available on a Datasite.
You can see a list of registered users on the Datasite through the client object.
users = admin_client.users
users
You can perform various operations on users by selecting them from the client.users
object.
# Select the second user in the list
users[1]
# Select a user with a specific email
email = '[email protected]'
user = [u for u in users if u.email == email][0]
user.name
Update User Information
Only ADMIN
users can update other users’ information. Every user type can update their own information.
A user’s information can be updated via the client.users.update()
function, which has the following signature.
client.users.update(uid: str, user_update: UserUpdate)
The uid
parameter is the ID of the account you want to update.
The user_udpate
parameter is a UserUpdate
object, that will be instantiated with the same arguments as UserCreate
. However, only updated fields need to be specified.
from syft.service.user.user import UserUpdate, ServiceRole
user = admin_client.users[1]
admin_client.users.update(
uid=user.id,
name='Updated John Doe',
password='123456789',
role=ServiceRole.GUEST
)
Every user, regardless of their account type, can update their own information via the client.account.update()
function.
# Example
admin_client.account.update(name='Updated Admin')
Delete Users
ADMIN
users can delete any other user.
Users can be deleted via the client.user.delete()
function, which has the following signature:
client.users.delete(uid: str)
The uid
parameter is the ID of the account you want to delete.
admin_client.users
user = admin_client.users[1]
admin_client.users.delete(user.id)
admin_client.users
Notifications
PySyft can send notifications for various events in the data access/processing workflows. Only email notifications are currently supported, but future versions will include other types of notifications (SMS, Slack etc.).
You can check if the notifications are enabled for your account by inspecting the client.account.notifications_enabled
object:
admin_client.account.notifications_enabled
For more details on notifications, such as enabling or disabling them, checkout the Notifications API guide
Configure Registration Workflow
ADMIN
users can toggle between two registration workflows:
Manual Registration (default): keep your Datasite private and manually add new users
Self-Service Registration: allow your Datasite to be discoverable, so any visitor can create a new
DATA_SCIENTIST
account
An admin can switch between the two registration workflows via the client.settings.allow_guest_signup()
function, which has the following signature:
client.settings.allow_guest_signup(enable: bool)
When enable
is set to False
the workflow switches to Manual Registration, and when enable
is set to True
the workflow switches to Self-Service Registration and the Datasite becomes discoverable.
# Switch to MANUAL registration
admin_client.settings.allow_guest_signup(enable=False)
# Switch to SELF-SERVICE registration (the Datasite becomes discoverable)
admin_client.settings.allow_guest_signup(enable=True)
When the Datasite is discoverable, the data scientist can connect to the Datasite and register their account with the help of the domain.register()
function, which takes the following parameters:
name: str
email: str
password: str
password_verify: str
- must have the same value aspassword
institution: str (optional)
website: str (optional)
import syft as sy
# Connect to the discoverable Datasite
discoverable_domain = sy.connect(url='localhost', port=conn.port)
discoverable_domain.register(
name='Curious Scientist',
email='[email protected]',
password='data_scientist_password',
password_verify='data_scientist_password',
)
After registering, a DATA_SCIENTIST
user is created, which can be accessed through a client.
admin_client.users
ds_client = sy.login(
url='localhost',
port=conn.port,
email="[email protected]",
password="data_scientist_password",
)
ds_client