Users#

class UsersClient(*, sdk_config: SDKConfiguration, generated_client: ApiClient)[source]#

Bases: object

Client for managing Arize users.

Unlike organizations, users are looked up by ID only — not by name — because display names are not unique within an account.

This class is primarily intended for internal use within the SDK. Users are highly encouraged to access resource-specific functionality via arize.ArizeClient.

The users client is a thin wrapper around the generated REST API client, using the shared generated API client owned by arize.config.SDKConfiguration.

Parameters:

sdk_config (SDKConfiguration) – Resolved SDK configuration.
generated_client (ApiClient) – Shared generated API client instance.

list(*, email: str | None = None, status: list[UserStatus] | None = None, limit: int = 50, cursor: str | None = None) → UserListResponse[source]#

List users in the account.

This endpoint supports cursor-based pagination. When provided, email filters results to users whose email contains the given substring (case-insensitive).

Parameters:

email (str | None) – Optional case-insensitive partial-match filter on email address.
status (list[UserStatus] | None) – Optional list of statuses to filter by (e.g. ["active", "invited"]).
limit (int) – Maximum number of users to return (1-100). The server enforces an upper bound of 100.
cursor (str | None) – Opaque pagination cursor from a previous response.

Returns:

A paginated user list response from the Arize REST API.

Raises:

ApiException – If the API request fails.

Return type:

UserListResponse

get(*, user: str) → User | None[source]#

Get a user by ID or email address.

When user contains @ it is treated as an email address: list is called with the email as a filter, and the first result whose address matches exactly (case-insensitive) is returned. None is returned when no such user exists.

When user does not contain @ it is treated as a user ID and the API is called directly. An ApiException is raised if the user is not found.

Parameters:: user (str) – User ID or exact email address to retrieve.
Returns:: The matching User, or None when user is an email address and no match exists.
Raises:: ApiException – If the API request fails (for example, user not found when querying by ID).
Return type:: User | None

create(*, name: str, email: str, role: PredefinedUserRole | CustomUserRole, invite_mode: InviteMode, is_developer: bool | None = None) → User[source]#

Create a new user.

Parameters:

name (str) – Display name for the user (1-255 characters).
email (str) – Email address (used as the idempotency key).
role (PredefinedUserRole | CustomUserRole) – Account-level role assignment. Use PredefinedUserRole(name="<role>") for predefined roles (admin, member, annotator), or CustomUserRole(id="<role-id>") for custom RBAC roles.
invite_mode (InviteMode) – Invite mode ("none", "email_link", or "temporary_password").
is_developer (bool | None) – Whether the user should have developer permissions (can create GraphQL API keys). Defaults to True for admin and member roles, and False for annotator.

Returns:

The created user object.

Raises:

ApiException – If the API request fails.

Return type:

User

update(*, user_id: str, name: str | None = None, is_developer: bool | None = None) → User[source]#

Update a user’s metadata by ID.

Parameters:

user_id (str) – User ID to update.
name (str | None) – Updated display name for the user.
is_developer (bool | None) – Updated developer permission flag.

Returns:

The updated user object.

Raises:

ValueError – If neither name nor is_developer is provided.
ApiException – If the API request fails (for example, user not found or insufficient permissions).

Return type:

User

delete(*, user_id: str) → None[source]#

Delete a user by ID.

This operation soft-deletes the user and cascades to organization memberships, space memberships, API keys, and role bindings.

Parameters:: user_id (str) – User ID to delete.
Returns:: This method returns None on success (204 No Content response).
Raises:: ApiException – If the API request fails (for example, user not found or insufficient permissions).
Return type:: None

resend_invitation(*, user_id: str) → None[source]#

Resend an invitation email for a pending user.

The target user must be in the invited state.

Parameters:: user_id (str) – User ID to resend the invitation for.
Returns:: This method returns None on success (202 Accepted response).
Raises:: ApiException – If the API request fails (for example, user not found or user already active).
Return type:: None

bulk_delete(*, user_ids: builtins.list[str] | None = None, emails: builtins.list[str] | None = None) → builtins.list[BulkUserDeletionResult][source]#

Bulk-delete users by ID or email.

At least one of user_ids or emails must be provided. When emails is given, each address is resolved to a user ID via the users list endpoint (case-insensitive exact match).

Parameters:

user_ids (builtins.list[str] | None) – User IDs to delete directly.
emails (builtins.list[str] | None) – Email addresses to resolve and then delete.

Returns:

A list of BulkUserDeletionResult recording the outcome of each deletion attempt.

Raises:

ValueError – If neither user_ids nor emails is provided.

Return type:

builtins.list[BulkUserDeletionResult]

reset_password(*, user_id: str) → None[source]#

Trigger a password-reset email for a user.

Generates a reset token and sends the user a password-reset email with a 30-minute link.

The target user must authenticate via password (not SSO/SAML) and must have already verified their account.

Parameters:: user_id (str) – User ID to send the password-reset email to.
Returns:: This method returns None on success (204 No Content response).
Raises:: ApiException – If the API request fails (for example, user not found, user authenticates via SSO, or user has not yet verified their account).
Return type:: None

Response Types#

class User(**data: Any)[source]#

Bases: BaseModel

An account user with domain-typed role.

Create a new model by parsing and validating input data from keyword arguments.

Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.

self is explicitly positional-only to allow self as a field name.

Parameters:: data (Any)

id: str#

name: str#

email: str#

created_at: datetime#

status: UserStatus#

role: _UserRoleField#

is_developer: bool#

model_config: ClassVar[ConfigDict] = {}#: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

class UserCreatedResponse(*, id: Annotated[str, Strict(strict=True)], name: Annotated[str, Strict(strict=True)], email: Annotated[str, Strict(strict=True)], role: UserRoleAssignment, created_at: datetime, status: UserStatus, is_developer: Annotated[bool, Strict(strict=True)], invite_mode: InviteMode, temporary_password: SecretStr | None = None)[source]#

Bases: BaseModel

Create a new model by parsing and validating input data from keyword arguments.

Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.

self is explicitly positional-only to allow self as a field name.

Parameters:

id (Annotated[str, Strict(strict=True)])
name (Annotated[str, Strict(strict=True)])
email (Annotated[str, Strict(strict=True)])
role (UserRoleAssignment)
created_at (datetime)
status (UserStatus)
is_developer (Annotated[bool, Strict(strict=True)])
invite_mode (InviteMode)
temporary_password (SecretStr | None)

id: StrictStr#

name: StrictStr#

email: StrictStr#

role: UserRoleAssignment#

created_at: datetime#

status: UserStatus#

is_developer: StrictBool#

invite_mode: InviteMode#

temporary_password: SecretStr | None#

model_config: ClassVar[ConfigDict] = {'populate_by_name': True, 'protected_namespaces': (), 'validate_assignment': True, 'validate_by_alias': True, 'validate_by_name': True}#: Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

to_str() → str[source]#

Returns the string representation of the model using alias

Return type:: str

to_json() → str[source]#

Returns the JSON representation of the model using alias

Return type:: str

classmethod from_json(json_str: str) → Self | None[source]#

Create an instance of UserCreatedResponse from a JSON string

Parameters:: json_str (str)
Return type:: Self | None

to_dict() → Dict[str, Any][source]#

Return the dictionary representation of the model using alias.

This has the following differences from calling pydantic’s self.model_dump(by_alias=True):

None is only added to the output dict for nullable fields that were set at model initialization. Other fields with value None are ignored.

Return type:: Dict[str, Any]

classmethod from_dict(obj: Dict[str, Any] | None) → Self | None[source]#

Create an instance of UserCreatedResponse from a dict

Parameters:: obj (Dict[str, Any] | None)
Return type:: Self | None

class UserRole(value, names=_not_given, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Bases: str, Enum

Account-level role of the user. These are pre-defined roles in Arize.

ADMIN = 'admin'#

MEMBER = 'member'#

ANNOTATOR = 'annotator'#

classmethod from_json(json_str: str) → Self[source]#

Create an instance of UserRole from a JSON string

Parameters:: json_str (str)
Return type:: Self

class UserStatus(value, names=_not_given, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]#

Bases: str, Enum

Current status of the user in the account. - active: User has verified their email and can access the platform. - invited: User has been invited and their verification token is still valid. - expired: User was invited but their verification token has expired or is missing. A new invite is required.

ACTIVE = 'active'#

INVITED = 'invited'#

EXPIRED = 'expired'#

classmethod from_json(json_str: str) → Self[source]#

Create an instance of UserStatus from a JSON string

Parameters:: json_str (str)
Return type:: Self