Configuring Identity and Access Management

Last updated: Apr 28, 2023
Configuring Identity and Access Management

To provide users access to your IBM Watson OpenScale instance, you must configure IBM Cloud Identity and Access Management (IAM). When you configure IAM, you can control what actions users can take in your service instance.

With IAM, you must assign roles to users that enable them to complete specific actions and determines their level of access. This access is defined by the policies that you create to manage the services on your IBM Cloud account. For more information about IAM roles and actions, see Watson OpenScale Identity and Access Management

You can create access groups to assign roles and policies to groups of users and create access policies to assign roles and policies to individual users. The following sections describe how to assign users access to IBM Watson OpenScale:

Creating access policies

  1. If you're assigning the access policy to existing users, from the IBM Cloud dashboard, go to Manage > Access (IAM) > Users. Then, click Assign access in the List of actions menu.

    List of actions menu is displayed

  2. If you're assigning the access policy to new users, from the IBM Cloud dashboard, click Manage > Access (IAM) > Users > Invite user.

  3. Select Access policy in the How do you want to assign access? menu.

  4. Select Watson OpenScale in the Which service do you want to assign access to? menu and click Next.

  5. Select the scope of access for users in the How do you want to scope the access? list and click Next.

    • If you select Specific resources, select an attribute type and specify a value for each condition that you add.
    • If you select Service instance in the Attribute type list, specify your IBM Watson OpenScale instance in the Value field.
  6. If you have multiple IBM Watson OpenScale instances, you must find the IBM Watson OpenScale data mart ID to specify the instance that you want to assign users access to. You can use one of the following methods to find the data mart ID:

    • On the Insights dashboard, click a model deployment tile and go to Actions > View model information to find the data mart ID.
    • On the Insights dashboard, click the hamburger menu on a model deployment tile and select Configure monitors. Then, go to the Endpoints tab and find the data mart ID in the Integration details section of the Model information tab.
  7. Select the roles that you want to assign to users in the Platform access or Service access list.

  8. Assign access to users.

    • If you are assigning access to new users, click Add, and then click Invite in the Access summary pane.
    • If you are assigning access to existing users, click Add, and then click Assign in the Access summary pane.

Creating access groups

  1. From the IBM Cloud dashboard, go to Manage > Access (IAM) and select Create access group.
  2. Specify a name and description, then click Create.
  3. On the Access tab, click Assign access.
  4. Select Watson OpenScale in the Which service do you want to assign access to? menu and click Next.
  5. Select the scope of access for users in the How do you want to scope the access? list and click Next.
    • If you select Specific resources, select an attribute type and specify a value for each condition that you add.
    • If you select Service instance in the Attribute type list, specify your IBM Watson OpenScale instance in the Value field.
  6. If you have multiple IBM Watson OpenScale instances, you must find the IBM Watson OpenScale data mart ID to specify the instance that you want to assign users access to. You can use one of the following methods to find the data mart ID:
    • On the Insights dashboard, click a model deployment tile and go to Actions > View model information to find the data mart ID.
    • On the Insights dashboard, click the hamburger menu on a model deployment tile and select Configure monitors. Then, go to the Endpoints tab and find the data mart ID in the Integration details section of the Model information tab.
  7. Select the roles that you want to assign to users in the Platform access or Service access list.
  8. Click Add, and then click Assign in the Access summary pane.
  9. Click Users > Invite users.
  10. Select Access groups in the How do you want to assign access? menu and select the access group that you created.
  11. Click Add, then click Invite to add users to your access group.

Next steps

Securing your connection to Watson OpenScale

Related topics:

Parent topic: Information security