Set up additional account users
The IBM Watson Studio and Watson Knowledge Catalog services are designed for collaboration among many users. After you activate the services, you can add users to your IBM Cloud account so that they can share services and resources that are provisioned for the account.
As the account owner, here’s what you need to do to finish setting up Watson services:
- In IBM Cloud: Provision an IBM Cloud Object Storage service for the account. All Watson applications require an IBM Cloud Object Storage instance, but you need to provision only one instance.
- In IBM Cloud: Add non-administrative users to the account and assign user roles so that they can access the account’s resources.
- In IBM Cloud: Add administrative users to your IBM Cloud account.
- In Watson services: Assign Watson services permissions and roles.
Step 1: Provision an IBM Cloud Object Storage instance for the account in IBM Cloud
- Log in to your IBM Cloud account. Make sure you’re logged in to the account and select the resource group that you want to use for Watson applications.
- Go to the IBM Cloud Object Storage page.
- Choose a pricing plan and click Create to provision the Cloud Object Storage instance.
- Generate the required administrative key for your IBM Cloud Object Storage instance by creating a project.
Step 2: Add non-administrative users to your IBM Cloud account
The non-administrative users that you invite to the account can share services and resources in the account. They can create instances of provisioned services but not provision new services. For example, users can create analytic dashboards by using an existing Cognos Dashboard Embedded service from the account.
However, IBM Cloud Object Storage requires an extra step for users who do not have administrative privileges for it. You must enable non-administrative users to create projects and catalogs.
Non-administrative users can also be added as collaborators in catalogs and restricted projects. If the invited user does not already have an IBM Cloud account, the user receives an email to complete the sign-up process. The process for adding regular users and administrative users to your account is almost the same.
To add non-administrative users to your account:
- Click Manage > Access (IAM).
- On the Users page in IBM Cloud, click Invite users+.
- Enter one or more existing user IBMids. You can add multiple users and the subsequent settings apply to all of them.
- If necessary, collapse the Add users to access groups section.
- Expand the Assign users additional access section.
- Select IAM services and select these values:
- From the What type of access do you want to assign? list, select All Identity and Access enabled services.
- From the resource group list, select the resource group name that you want to use for Watson, for example, default.
- From the Region list, select All regions.
- From the Platform access section, select Editor.
- From the Service access section, select Writer.
- From the Resource group access section, select Viewer and Editor. You might need to click View all to see the Editor option.
- Click Add + and then click Invite.
- If you want any non-administrative users to create projects or catalogs, complete step 4.
Your users can now log in and can switch to your account in their Profile Settings. Users added to your account can now work together and use the services available in the account.
Step 3: (Optional) Add administrative users to your IBM Cloud account
You can add administrative users who can provision new services, upgrade services and Watson services, and add users to the IBM Cloud account. To add administrative users who can add services and users, assign administrative permissions for IAM services and for account management services.
To add a user as an IBM Cloud account administrator:
- Follow the steps to add a non-administrative user, except change these settings in the Services section:
- From the Platform access list, select Administrator.
- From the Service access list, select Manager.
- Click Invite.
- Next, add account management permissions. Click the user’s name, then Access Policies.
- Click Assign access and then Assign access to account management services.
- From the Services list, select All Account Management Services.
- In the Platform access section, select Administrator and click Assign.
Step 4: (Optional) Assign Watson services permissions and roles
To assign rights to create projects and catalogs, and assign the Watson Knowledge Catalog service administrator role:
- Log in to your Watson services.
- Allow all non-administrative users of your IBM Cloud Object Storage instance to create projects or catalogs by going to the Storage Delegation page from the Manage menu and configuring IBM Cloud Object Storage for project and catalog creation.
- For users of Watson Knowledge Catalog, go to the Access control page with the Manage > Catalogs menu option assign some users as Watson Knowledge Catalog service administrators so that they can create catalogs and have full access to policy capabilities.
Go back to Get started and complete the relevant steps for you.