Protected Variations

Role-based model deployments for production protection and maintainability

Protected variations restrict sensitive model deployments to authorized users, ensuring only admins and maintainers can update or undeploy the model.


Note: Protected variations are supported for Real-time model deployments only on hybrid deployments.

Roles and permissions

Qwak supports three user roles: Administrators, Maintainers and Members.

By setting a model variation as protected, you ensure that both admins and maintainers will be able to deploy protected deployments.

Members will only be able to view deployment details, without modifying any deployments.

Defining protected variations via UI

When deploying a real time mode you may set the model variation as protected by using the Protected Variation checkbox.

By setting a deployment as protected, you can make sure only admins and maintainers will be able to modify it.

Setting a real time model as protected

Setting a real time model deployment as protected

Defining protected variations via SDK

Starting qwak-sdk 0.5.x, you may use the --protected flag when deploying a real time model to set the model variation as protected.

qwak models deploy realtime --model-id "my-model-id" --variation-name "default" --protected

Deploying multiple variations

When deploying multiple model variations, it is possible to define some variations as protected and some as unprotected.

The protected variations will be modified only by maintainers or admins, while the unprotected variations may be modified by all users.


Note: Updating traffic split configuration is allowed only for maintainers or admins when one of the deployed variations is protected.

Multi-Environment Setup

If a model is deployed across several environments within a single Qwak account, Protected Variations are implemented individually for each environment. For instance, consider having both production and staging environments, with a model deployable to each. It is possible to designate the protected variation exclusively to one of these environments. Consequently, only Admins and Maintainers would have the authority to modify the deployment in the production environment, whereas the staging environment remains accessible to all account Members.