Configuring Identity and Access Management
To provide users access to your IBM Watson OpenScale instance, you must configure IBM Cloud Identity and Access Management (IAM). When you configure IAM, you can control what actions users can take in your service instance.
With IAM, you must assign each user a role that enables them to complete specific actions and determines their level of access. This access is defined by the policies that you create to manage the services on your IBM Cloud account. For more information about IAM roles and actions, see Watson OpenScale Identity and Access Management
The following steps describe how to assign users access to IBM Watson OpenScale.
Assign the access policy. The method that you use to assign the access policy depends on whether you're assigning the policy to a new user or an existing user.
- To add the access policy to existing users, from the IBM Cloud dashboard, go to Manage > Access (IAM) > Users. Then, click Assign access in the List of actions menu.
- To invite new users and assign the access policy to their accounts, from the IBM Cloud dashboard, click Manage > Access (IAM) > Users > Invite user.
- Select IAM service in the Assign users additional access menu.
- Select Watson OpenScale in the Which service do you want to assign access to? menu.
- Select Resources based on selected attributes in the How do you want to scope the access? list.
- If you have multiple IBM Watson OpenScale instances, you must find the IBM Watson OpenScale data mart ID to specify the instance that you want to assign users access to. You can use of the following methods to find the data mart ID:
- On the Insights dashboard, click a model deployment tile and go to Actions > View model information to find the data mart ID.
- On the Insights dashboard, click the hamburger menu on a model deployment tile and select Configure monitors. Then, go to the Endpoints tab and find the data mart ID in the Integration details section of the Model information tab.
- Select Service instance in the Add attributes list and specify your IBM Watson OpenScale instance in the Enter or select an instance menu.
- Select the roles that you want to assign to users in the Platform access list.
- Assign access to users.
- If you are assigning access to new users, click Add, and then click Invite in the Access summary pane.
- If you are assigning access to existing users, click Add, and then click Assign in the Access summary pane.
For service access roles, which enable user access to model evaluation and the ability to call the REST API, Watson OpenScale defers to the platform management roles. For more information about assigning user roles in the UI, see Managing access to resources.
Parent topic: Information security