0 / 0
Add users to the account
Last updated: Nov 27, 2024
Add users to the account

As an Administrator, you add the people in your organization who need access to IBM watsonx to the IBM Cloud account and then assign them the appropriate roles for their tasks.

  1. Add nonadministrative users to the IBM Cloud account and assign access groups or roles so that they can work in IBM watsonx. The new users receive an email invitation to join the account. They must accept the invitation to be added to the account.
  2. Set up access groups to simplify permissions and role assignment.
  3. Optional: Add administrative users to the IBM Cloud account.

Add nonadministrative users to your IBM Cloud account

You invite users to your IBM Cloud account by sending an email invitation. The user accepts the invitation to join the account. You must assign them roles (or access groups) to provide the necessary permissions to work in IBM watsonx. For a baseline role assignment, you can provide minimum permissions by assigning the following roles in the Manage > Access(IAM) > Users > Invite users > Access policy screen in IBM Cloud:

Table 1. Minimum roles for new IBM watsonx users
Level Role Description
Service All Identity and Access enabled services Can access all services that use IAM for access management; usually assigned only to administrators in a production environment
Resources All resources Scope of resources for which user has access
Resource group access Viewer Can view but not modify resource groups
Service access Reader Can perform read-only actions within a service
Platform access Viewer Can view but not modify service instances

IBM account membership

To be authorized for IBM watsonx, users must have existing IBMids. If the invited user does not have an IBMid, it is created for them when they join the account.

Assigning roles

To assign minimum permissions to individual users:

  1. From IBM watsonx, click Administration > Access (IAM) to open the Manage access and users page for your IBM Cloud account.

  2. Click Users > Invite users+.

  3. Enter one or more email addresses that are separated by commas, spaces, or line breaks. The limit is 100 email addresses. The settings apply to all the email addresses.

  4. Click the Access policy tile.

  5. Select All Identity and Access enabled services, then click Next to assign Resource access.

  6. For Resources, choose All resources. Click Next.

  7. For Resource group access, choose Viewer. Click Next

  8. For Roles and action, choose the following minimum permissions:

    • In the Service access section, select Reader
    • In the Platform access section, select Viewer.

  9. Review the settings and edit if necessary.

  10. Click Add to save the policy.

  11. Click Invite to send an email invitation to each email address. The policies are assigned to the users when they accept the invitation to join the account.

Watch this video to see how to invite users to your account.

This video provides a visual method to learn the concepts and tasks in this documentation.

Modifying a user's role

When you change a user's role, their access to services changes. Their ability to complete work in IBM watsonx can be impacted if they do not have the necessary access.

Optional: Add administrative users to your IBM Cloud account

You can add administrative users with the Administrator role for account management. This role also provides the Manager role for all services in the account.

To add a user as an IBM Cloud account administrator:

  1. Follow the steps to add a non-administrative user, except change these settings for an individual user's roles:
    • In the Service access section, select Manager.
    • In the Platform access section, select Administrator.
  2. Alternatively, create an access group containing these roles and assign the user to the access group.
  3. Click Invite. The new users receive an email invitation to join the account. They must accept the invitation to be added to the account.
  4. After the user joins the account, add account management permissions. Click the user's name, then Access > Assign access under Access policies.
  5. For the service to assign access to, choose All Account Management Services.
  6. Next, in the Platform access section, select Administrator and click Add.
  7. Click Assign.

Next steps

Learn more

Parent topic: Managing users and access