0 / 0
Collaborator security

Collaborator security

Cloud Pak for Data as a Service provides attribute-based access control to protect workspaces such as projects and catalogs. You control access to workspaces by assigning roles and by restricting collaborators.

Table 1. Collaborator security mechanisms for Cloud Pak for Data as a Service
Mechanism Purpose Responsibility Configured on
Project restriction Restrict who can be a collaborator on projects Customer Cloud Pak for Data as a Service
Collaborator roles Assign roles to control access to workspaces Customer Cloud Pak for Data as a Service

Project restriction

When a project is created, you can restrict collaborators to people who are internal to your organization. Eligible collaborators must be members of your IBM Cloud account, or, if your company has SAML federation set up in IBM Cloud, employees of your company. This setting is permanent. See Creating a project.

Collaborator roles

Everyone working in Cloud Pak for Data as a Service is assigned a role that determines the workspaces that they can access and the tasks that they can perform. Collaborator roles control access to projects, deployment spaces, catalogs, and categories using permissions specific to the role. Roles are assigned in Cloud Pak for Data as a Service to provide Admin, Editor, or Viewer permissions. Categories have additional Owner and Reviewer roles with slightly different permissions than Admin, Editor and Viewer.

Users also have an IAM Platform access role for the Cloud account and they may also have an IAM Service access role for workspaces. To understand how the roles provide secure access, see Roles in Cloud Pak for Data as a Service.

To understand the permissions for each collaborator role, see Project collaborator roles.

Parent topic: Security

Generative AI search and answer
These answers are generated by a large language model in watsonx.ai based on content from the product documentation. Learn more