Set up additional account users
The IBM Watson Studio and Watson Knowledge Catalog apps are designed for collaboration among many users. After you activate the apps, you can add users to your IBM Cloud account so that they can share services and resources that are provisioned for the account.
As the account owner, here’s what you need to do to finish setting up IBM Watson apps:
- In IBM Cloud: Provision an IBM Cloud Object Storage service for the account. All applications IBM Watson require an IBM Cloud Object Storage instance, but you need to provision only one instance.
- In IBM Cloud: Add non-administrative users to the account and assign user roles so that they can access the account’s resources.
- In IBM Cloud: Add administrative users to your IBM Cloud account.
- In IBM Watson apps: Assign IBM Watson apps permissions and roles.
Step 1: Provision an IBM Cloud Object Storage instance for the account in IBM Cloud
- Log in to your IBM Cloud account. Make sure you’re logged in to the account and organization that you want to use for IBM Watson applications.
- Go to the IBM Cloud Object Storage page.
- Choose a pricing plan and click Create to provision the Cloud Object Storage instance.
- Generate the required administrative key for your IBM Cloud Object Storage instance by creating a project.
Step 2: Add non-administrative users to your IBM Cloud account
The non-administrative users that you invite to the account can share services and resources in the account. They can create instances of provisioned services but not provision new services. For example, users can create analytic dashboards by using an existing Cognos Dashboard Embedded service from the account.
However, IBM Cloud Object Storage requires an extra step for users who do not have administrative privileges for it. You must enable non-administrative users to create projects and catalogs.
Non-administrative users can also be added as collaborators in catalogs and restricted projects. If the invited user does not already have an IBM Cloud account, the user receives an email to complete the sign-up process. The process for adding regular users and administrative users to your account is almost the same.
To add non-administrative users to your account:
- Click Manage > Access (IAM).
- On the Users page in IBM Cloud, click Invite users+.
- Enter one or more existing user IBMids. You can add multiple users and the subsequent settings apply to all of them.
- On the Access section on the Invite users page, expand Services, and select these values:
- From the Assign access to list, select Resource Group.
- From the Resource group list, select default.
- From the Assign access to a resource group list, select Editor.
- From the Services list, select All Identity and Access enabled services.
- From the Regions list, select All regions.
- From the Assign platform access roles list, select Editor.
- From the Assign service access role list, select Writer.
- For Watson Studio, if you have services that use Cloud Foundry access control, give users the Auditor organization role and the Developer space role. Expand Cloud Foundry access and select these values:
- From the Organization list, select the organization you are adding users to.
- From the Organization roles list, select Auditor.
- From the Region list, keep the default value of All regions.
- From the Space list, keep the default value of All current spaces.
- From the Space roles list, select Developer.
- Click Invite users.
Your users can now log in and can switch to your account in their Profile Settings. Users added to your account can now work together and use the apps and services available in the account.
Step 3: (Optional) Add administrative users to your IBM Cloud account
You can add administrative users who can provision new services, upgrade services and Watson apps, and add users to the IBM Cloud account. To add administrative users who can add services and users, assign administrative permissions for IAM services and for account management services.
To add a user as an IBM Cloud account administrator:
- Follow the steps to add a non-administrative user, except change these settings in the Services section:
- From the Assign platform access roles list, select Administrator.
- From the Assign service access role list, select Manager.
- Click Invite users.
- Next, add account management permissions. Click the user’s name, then Access Policies.
- Click Assign access and then Assign access to account management services.
- From the Services list, select All Account Management Services.
- In the Select roles section, select Administrator and click Assign. .
Step 4: (Optional) Assign IBM Watson apps permissions and roles
To assign rights to create projects and catalogs, and assign the Watson Knowledge Catalog app administrator role:
- Log in to your IBM Watson apps.
- Allow users who are not administrators of an IBM Cloud Object Storage instance to create projects or catalogs by going to the Storage Delegation page from the Manage menu and configuring IBM Cloud Object Storage for project and catalog creation.
- For users of Watson Knowledge Catalog, go to the Manage your Watson Knowledge Catalog app page with the Manage > Catalogs menu option assign some users as Watson Knowledge Catalog app administrators so that they can create catalogs and have full access to data policy capabilities.
Go back to Get started and complete the relevant steps for you.
- Roles in IBM Watson apps
- Assign Watson Knowledge Catalog app administrators
- Configure IBM Cloud Object Storage for project and catalog creation
- IBM Cloud docs: Managing identity and access
- IBM Cloud docs: IBM Cloud Access
- IBM Cloud docs: Configure single sign-on
- IBM Cloud docs: Setting up identity federation