Manage Project Users

In Zilliz Cloud, you can invite users to projects and assign them roles based on their job functions. These roles determine the user's access to projects and the operations they can perform.

This topic describes how to manage project users.

Invite a user to a project

To invite a user to join a project, you must be an Organization Owner or a Project Admin.

When inviting a user to a project, you need to assign a role that defines the privileges to perform specific operations within the project.

To invite users, enter the email addresses of the users you wish to invite. Then select the project role you wish to grant to the new project users.

You can either

• Assign Project Admin to the user or

• Configure project access policies for the user.

Project Admin

A Project Admin role has full privileges to manage a project and all its resources (clusters, databases, collections).

The following table lists the corresponding UI and API privileges of each project role.

UI Privileges	Control Plane RESTful API (V2) Privileges	Data Plane RESTful API (V2) Privileges
Manage clusters in the project Manage volumes in the project Manage collections & indexes Manage project users Manage IP access list and private links Manage project alerts Manage backups Manage data migrations Manage project jobs Manage integrations Plus all Cluster Admin privileges	All cloud meta operations All cluster operations All volume operations All import operations All backup & restore operations All cloud migration operations All cloud job operations	All collection operations All index operations All partition operations All vector operations All alias operations All role operations All user operations

Project Access

To minimize access permissions, you can also configure fine-grained privileges for cluster and volume access for the invited user.

• Cluster Access

  By default, access is granted to All Clusters with the Include all future clusters option enabled. You can assign a role, such as Read-Write*,* to define the invited user's permissions across these clusters. Once the invitation is accepted, the user will have the specified privileges on all current and future clusters within the project.

  To limit access, select specific clusters from the dropdown. You can also disable the Include all future clusters option to exclude newly created clusters from the access scope.

  Click + Cluster Access to add more cluster access policies.

• Volume Access

  By default, access is granted to All Volumes with the Include all future volumes option enabled. You can assign a role, such as Read-Write*,* to define the invited user's permissions across these volumes. Once the invitation is accepted, the user will have the specified privileges on all current and future volumes within the project.

  To limit access, select specific volumes from the dropdown. You can also disable the Include all future volumes option to exclude newly created volumes from the access scope.

  Click + Volume Access to add more cluster access policies.

You can find the specific privileges of the Read-Write and Read-Only roles in the following sections.

Read-Write

A Read-Write role has the privileges to view a project and manage its resources (clusters, databases, collections). The following table lists the corresponding UI and API privileges of each project role.

UI Privileges	Control Plane RESTful API (V2) Privileges	Data Plane RESTful API (V2) Privileges
View clusters in the project and cannot create and manage them View volumes in the project and cannot create and manage them Delete files/folders from a volume Manage collections & indexes View backups, but cannot create or restore from a backup file View project jobs, but cannot cancel jobs or retry failed jobs	All cloud meta operations Part of cluster operations List Projects List Clusters Describe Cluster Query Cluster Metrics Export Metrics Part of volume operations List Volumes All import operations Part of backup & restore operations List Backups Describe Backup Get Backup Policy All cloud job operations	All collection operations All index operations All partition operations All vector operations All alias operations

Read-Only

A Read-Only role has the privileges to view a project and its resources (clusters, databases, collections). The following table lists the corresponding UI and API privileges of each project role.

UI Privileges	Control Plane RESTful API (V2) Privileges	Data Plane RESTful API (V2) Privileges
View clusters in the project and cannot create and manage them View volumes in the project and cannot create and manage them View collections & indexes only View backups, but cannot create or restore from a backup file View project jobs, but cannot cancel jobs or retry failed jobs	All cloud meta operations Part of cluster operations List Projects List Clusters Describe Cluster Query Cluster Metrics Export Metrics Part of volume operations List Volumes Part of import operations Get Import Job Progress List Import Jobs Part of backup & restore operations List Backups Describe Backup Get Backup Policy All cloud job operations	Part of collection operations Describe Collection Get Collection Load State Get Collection Stats Has Collection List Collections Part of index operations Describe Index List Indexes Part of partition operations Get Partition Statistics Has Partition List Partitions Part of alias operations Describe Alias List Aliases Part of vector operations Get Hybrid Search Query Search

Invitation recipients will receive an email invitation that must be accepted within 48 hours to join the project. Alternatively, you can also copy the invitation link from the web console and share it with the invitees.

Once the user joins the project, they automatically become an Organization Member in the organization to which the project belongs.

📘Notes

Each time, you can invite one or more users with the same role to join the project.

Revoke or resend an invitation

When you invite an existing organization member to a project within the same organization, they automatically gain access to the project without receiving a separate invitation. However, if you invite someone to a project within an organization they are not already a part of, they will receive an invitation to join the organization, which also grants them access to the specified project.

To revoke or resend the invitation, you must be an Organization Owner or a Project Admin.

📘Notes

You can revoke or resend an invitation before the user accepts it.

Edit a collaborator's role

After a user accepts the invitation, they become a project collaborator.

To edit a collaborator's role, you must be an Organization Owner or a Project Admin.

Remove a collaborator

To remove a project collaborator, you must be an Organization Owner or a Project Admin.

Leave a project

In addition to removing a collaborator from a project, you can also remove yourself by leaving it.

Note that if you are the only admin of a project, you cannot leave it as each project must have at least one Project Admin at all times.

🚧Warning

Once you leave a project, your access to the project and associated resources will be revoked.