Resource Restrictions#

class ResourceRestrictionsClient(*, sdk_config: SDKConfiguration, generated_client: ApiClient)[source]#

Bases: object

Client for managing Arize resource restrictions.

This class is primarily intended for internal use within the SDK. Users are highly encouraged to access resource-specific functionality via arize.ArizeClient.

Resource restrictions prevent roles bound at higher hierarchy levels (space, org, account) from granting access to the restricted resource. Only space admins or users with the PROJECT_RESTRICT permission can restrict or unrestrict a resource.

Currently only PROJECT resources are supported.

The resource restrictions client is a thin wrapper around the generated REST API client, using the shared generated API client owned by arize.config.SDKConfiguration.

Parameters:
  • sdk_config (SDKConfiguration) – Resolved SDK configuration.

  • generated_client (ApiClient) – Shared generated API client instance.

restrict(*, resource_id: str) ResourceRestriction[source]#

Mark a resource as restricted.

Restricting a resource prevents roles bound at higher hierarchy levels (space, org, account) from granting access. Only space admins or users with the PROJECT_RESTRICT permission can perform this action.

This operation is idempotent — restricting an already-restricted resource returns the existing restriction without error.

Currently only PROJECT resources are supported.

Parameters:

resource_id (str) – Global ID of the resource to restrict. Must encode a project resource ID.

Returns:

The resource restriction object.

Raises:

ApiException – If the API request fails (for example, unsupported resource type or insufficient permissions).

Return type:

ResourceRestriction

unrestrict(*, resource_id: str) None[source]#

Remove restriction from a resource.

Removing a restriction means that roles bound at other levels of the hierarchy (space, org, account) can once again grant access to the resource.

Parameters:

resource_id (str) – Global ID of the resource to unrestrict.

Raises:

ApiException – If the API request fails (for example, resource is not restricted, or insufficient permissions).

Return type:

None

Response Types#

class ResourceRestriction(*, resource_type: ResourceRestrictionType, resource_id: Annotated[str, Strict(strict=True)], created_at: datetime)[source]#

Bases: BaseModel

Create a new model by parsing and validating input data from keyword arguments.

Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.

self is explicitly positional-only to allow self as a field name.

Parameters:
  • resource_type (ResourceRestrictionType)

  • resource_id (Annotated[str, Strict(strict=True)])

  • created_at (datetime)

resource_type: ResourceRestrictionType#
resource_id: StrictStr#
created_at: datetime#
model_config: ClassVar[ConfigDict] = {'populate_by_name': True, 'protected_namespaces': (), 'validate_assignment': True, 'validate_by_alias': True, 'validate_by_name': True}#

Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].

to_str() str[source]#

Returns the string representation of the model using alias

Return type:

str

to_json() str[source]#

Returns the JSON representation of the model using alias

Return type:

str

classmethod from_json(json_str: str) Self | None[source]#

Create an instance of ResourceRestriction from a JSON string

Parameters:

json_str (str)

Return type:

Self | None

to_dict() Dict[str, Any][source]#

Return the dictionary representation of the model using alias.

This has the following differences from calling pydantic’s self.model_dump(by_alias=True):

  • None is only added to the output dict for nullable fields that were set at model initialization. Other fields with value None are ignored.

Return type:

Dict[str, Any]

classmethod from_dict(obj: Dict[str, Any] | None) Self | None[source]#

Create an instance of ResourceRestriction from a dict

Parameters:

obj (Dict[str, Any] | None)

Return type:

Self | None