[mlflow] default_permission = READ database_uri = sqlite:///basic_auth.db admin_username = admin admin_password = password1234 authorization_function = mlflow.server.auth:authenticate_request_basic_auth # When true, users inherit default_permission for the reserved 'default' workspace. grant_default_workspace_access = false # Cache settings for resource-to-workspace lookups (used for permission checks). # workspace_cache_max_size = 10000 # workspace_cache_ttl_seconds = 3600 # Cache settings for basic-auth username/password verification. Disabled by default # (auth_cache_ttl_seconds = 0). When enabled, successful credential checks are # cached for this long so PBKDF2 hash comparison runs at most once per (user, # password) per TTL window — a ~3x throughput improvement on request-heavy # auth-enabled workloads. # # The cache lives inside each worker process, so enabling it introduces staleness: # * Password, admin-flag, and deletion changes via the HTTP APIs invalidate the # entry on whichever worker handled the mutation immediately. Other workers in # a multi-worker deployment may continue to accept the old credential until # the TTL expires (at most auth_cache_ttl_seconds). # * Mutations made out-of-band (direct SQL, external IdP sync) reach the cache # on no workers and are likewise reflected only after the TTL expires. # # The cache is bounded by auth_cache_max_size and the TTL, so there is no # unbounded memory growth. Set auth_cache_ttl_seconds to a positive value # (e.g. 60) to opt in. # auth_cache_max_size = 10000 # auth_cache_ttl_seconds = 0