> ## Documentation Index > Fetch the complete documentation index at: https://docs.nx1cloud.com/llms.txt > Use this file to discover all available pages before exploring further. # Set the Keycloak roles allowed to invoke or manage this deployment > Replaces the list of roles that can invoke or manage this deployment via a user PSK. An empty list restricts access to the platform PSK only. A user PSK is a pre-shared key associated with a specific Keycloak user. The API uses the user's Keycloak roles to determine access. A platform PSK is a global credential that bypasses role checks and grants full access regardless of this list. ## OpenAPI ````yaml put /api/models/{model}/deployments/{name}/allowed_roles openapi: 3.1.0 info: title: Nx1 AI API description: | AI API for Nx1 Data Platform Management and Automated Data Tasks. Authentication is required via PSK in Authorization header. Default PSK is | [ask a friend] | version: 0.10.2 servers: [] security: [] paths: /api/models/{model}/deployments/{name}/allowed_roles: put: tags: - Deployments summary: Set the Keycloak roles allowed to invoke or manage this deployment description: >- Replaces the list of roles that can invoke or manage this deployment via a user PSK. An empty list restricts access to the platform PSK only. A user PSK is a pre-shared key associated with a specific Keycloak user. The API uses the user's Keycloak roles to determine access. A platform PSK is a global credential that bypasses role checks and grants full access regardless of this list. operationId: >- update_allowed_roles_api_models__model__deployments__name__allowed_roles_put parameters: - name: model in: path required: true schema: type: string title: Model - name: name in: path required: true schema: type: string title: Name requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AllowedRolesUpdate' responses: '200': description: Successful Response content: application/json: schema: $ref: '#/components/schemas/DeploymentResponse' '404': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: Not Found '422': description: Validation Error content: application/json: schema: $ref: '#/components/schemas/HTTPValidationError' security: - OAuth2AuthorizationCodeBearer: [] - APIKeyHeader: [] components: schemas: AllowedRolesUpdate: properties: allowed_roles: items: type: string type: array title: Allowed Roles description: Empty list locks the proxy to platform-PSK only. type: object title: AllowedRolesUpdate description: Replace the deployment's allow-list of Keycloak roles. DeploymentResponse: properties: deployment_id: type: string format: uuid title: Deployment Id name: type: string title: Name type: $ref: '#/components/schemas/DeploymentType' status: $ref: '#/components/schemas/DeploymentStatus' domain: type: string title: Domain owner: type: string title: Owner model: $ref: '#/components/schemas/ModelReference' resolved_model_version: anyOf: - type: string - type: 'null' title: Resolved Model Version description: >- The model version this deployment currently uses. When the deployment references an alias, this shows the resolved version number. dag_id: anyOf: - type: string - type: 'null' title: Dag Id dag_s3_uri: anyOf: - type: string - type: 'null' title: Dag S3 Uri schedule: anyOf: - type: string - type: 'null' title: Schedule last_run: anyOf: - $ref: '#/components/schemas/DeploymentRunSummary' - type: 'null' service_url: anyOf: - type: string - type: 'null' title: Service Url replica_count: anyOf: - type: integer - type: 'null' title: Replica Count ready_replicas: anyOf: - type: integer - type: 'null' title: Ready Replicas allowed_roles: anyOf: - items: type: string type: array - type: 'null' title: Allowed Roles error_message: anyOf: - type: string - type: 'null' title: Error Message created_at: type: string format: date-time title: Created At updated_at: type: string format: date-time title: Updated At stopped_at: anyOf: - type: string format: date-time - type: 'null' title: Stopped At type: object required: - deployment_id - name - type - status - domain - owner - model - created_at - updated_at title: DeploymentResponse ErrorResponse: properties: error: type: string title: Error description: A brief description of the error that occurred. code: type: integer title: Code description: The HTTP status code associated with the error. default: 500 type: object required: - error title: ErrorResponse HTTPValidationError: properties: detail: items: $ref: '#/components/schemas/ValidationError' type: array title: Detail type: object title: HTTPValidationError DeploymentType: type: string enum: - batch - online title: DeploymentType DeploymentStatus: type: string enum: - pending - deploying - active - failed - stopped - archived title: DeploymentStatus ModelReference: properties: model_name: type: string title: Model Name description: MLflow registered model name. model_version: anyOf: - type: string - type: 'null' title: Model Version description: >- The exact model version to deploy. For example, `3`. Mutually exclusive with `model_alias`. model_alias: anyOf: - type: string - type: 'null' title: Model Alias description: >- The alias to resolve to a version at deployment time. For example, `production`. Mutually exclusive with `model_version`. type: object required: - model_name title: ModelReference description: |- A registered MLflow model with either a version number or an alias. Provide exactly one of ``model_version`` or ``model_alias``. A version number deploys a specific model release. An alias resolves to a concrete version at deployment creation time. DeploymentRunSummary: properties: run_id: type: string format: uuid title: Run Id airflow_run_id: type: string title: Airflow Run Id status: $ref: '#/components/schemas/DeploymentRunStatus' rows_scored: anyOf: - type: integer - type: 'null' title: Rows Scored started_at: anyOf: - type: string format: date-time - type: 'null' title: Started At finished_at: anyOf: - type: string format: date-time - type: 'null' title: Finished At type: object required: - run_id - airflow_run_id - status title: DeploymentRunSummary ValidationError: properties: loc: items: anyOf: - type: string - type: integer type: array title: Location msg: type: string title: Message type: type: string title: Error Type input: title: Input ctx: type: object title: Context type: object required: - loc - msg - type title: ValidationError DeploymentRunStatus: type: string enum: - queued - running - succeeded - failed title: DeploymentRunStatus securitySchemes: OAuth2AuthorizationCodeBearer: type: oauth2 flows: authorizationCode: scopes: {} authorizationUrl: >- https://sso-rapid.rapid.nx1cloud.com/realms/rapid/protocol/openid-connect/auth tokenUrl: >- https://sso-rapid.rapid.nx1cloud.com/realms/rapid/protocol/openid-connect/token APIKeyHeader: type: apiKey in: header name: Authorization-PSK ````