Platform For AI:Create and manage workspaces

Compute resources

View and associate compute resources:

Members and roles

When multiple users (RAM users) need to perform management, development, or O&M tasks in the same workspace, add them as members and assign appropriate roles. PAI provides various roles. To select appropriate roles, view the role-to-permission mapping.

• Add members/roles

  

  You can assign multiple roles to a single RAM user. Supported roles:

  Role type	Description
  basic role	Basic roles: Administrator: Manages workspace members, resource groups, and all assets. Algorithm Developer: Performs development and model training. Algorithm O&M Engineer: Manages task priorities, model deployments, and online service monitoring. Labeling Administrator: Performs operations in Intelligent Annotation. Visitor: Has read-only access to various assets in the workspace.
  compute resource role	Grants permissions for MaxCompute data development and corresponds to the developer role in DataWorks. Assign this role to RAM users who submit jobs from PAI to MaxCompute.
  custom role	To add a custom role: Permission levels: No Permissions: No permissions in the specified product module. Read-only: View own and public resources in the specified product module. Modify/Execute: Edit and run own resources in the specified product module. Full Access: Manage all resources in the specified product module.

• Modify member roles

  

  Member and role rules:

  • Each member must have at least one role.

  • You cannot remove the Owner role. The Alibaba Cloud account or RAM user that creates a workspace is automatically assigned the Owner role. This role grants permissions to manage members, resource groups, and all assets within the workspace.

  • PAI and DataWorks workspaces are interconnected. Administrator, Visitor, and Developer roles are shared. If you remove a member's last shared role in PAI, the member is also removed from the corresponding DataWorks workspace. This may trigger an entity transfer.

Resource scheduling

PAI provides workspace-level resource management and scheduling. Administrators can configure resource scheduling based on business requirements and use cases. For details, see Configure resource scheduling.

Event notifications

Configure event notifications to track and monitor the status of DLC jobs, pipeline jobs, and DSW instances, or to trigger downstream operations automatically based on model version status changes. For details, see Configure event notifications.

Storage path

Configure default storage path for the workspace:

• We recommend configuring default storage for the workspace to store temporary data and models from tasks such as training.

• If Data Storage is also set in Designer, the Data Storage path overrides workspace storage when running a pipeline.

SLS forwarding

Configure log forwarding for DSW instances and DLC jobs in the current workspace to Log Service (SLS) for custom analysis:

General settings

General settings provide the following feature toggles. Note: Restart affected instances for changes to take effect.

Public Resource Group:

• Default Network Configuration: Administrators can set default network settings such as VPC and security groups. This centralized configuration helps control permissions effectively.

DLC Configurations:

• Go to Node Container: Controls whether users can access compute node containers of DLC jobs for debugging or troubleshooting. When enabled, authorized users can access containers using a terminal.

DSW configurations:

• SSH Logon to Instance from Internet: Controls whether users can log on to DSW instances from the internet using SSH.

• Open Instance from Internet: Controls whether users can access DSW instances from the internet.

• Rate Limit for Internet Access: Limits network speed of DSW instances when accessing the internet through a dedicated NAT gateway. This prevents a single instance from consuming excessive bandwidth and ensures stability of shared resources.