You can set up watsonx.governance to monitor model assets in your IBM watsonx projects or deployment spaces. To set up watsonx.governance, you can manage users and roles for your organization to control access to your projects or deployment spaces.
To set up watsonx.governance, complete the following tasks:
You must configure AI use cases before users can create and use AI use cases for governance. The following roles are required to complete the setup of AI use cases and create inventories.
Required access roles
Copy link to section
These are the minimum access roles required to set up AI uses cases.
Service: All IAM account management services Platform access role: Viewer, Operator, Editor, or Administrator
Click AI use cases on the main navigation menu. If you do not see a button to Complete setup, you might have insufficient access. Check your access settings and try again.
Click Complete setup. A service ID named watsonx.governance_DO_NOT_DELETE is created for the IAM account.
If there is no default inventory available for your account, you are prompted to create one. A default inventory is a platform catalog that provides a repository for inventory assets. It is required for governing external models or managing
attachments and reports. For details, see Setting up the default inventory.
Caution:
Do not delete this service ID. Deleting this service ID will cause certain watsonx.governance features to stop working. If the service ID is deleted, contact IBM Support for assistance with recovery.
Rotate the API key
Copy link to section
You can rotate the API key of the service ID watsonx.governance_DO_NOT_DELETE by using the following cURL command.
You can complete the following steps to invite users to an IBM Cloud account that has a watsonx.governance instance installed and assign service access.
Required roles
Users must have the Reader, Writer, or higher IBM Cloud IAM Platform roles for service access. Users that are assigned the Writer role or higher can access information across projects and
deployment spaces in watsonx.governance.
From the IBM Cloud homepage, click Manage > Access (IAM).
From the IAM dashboard, click Users and select Invite user.
Complete the following fields:
How do you want to assign access? : Access policy.
Which service do you want to assign access to? : watsonx.governance then click Next.
Select the scope of access for users in the How do you want to scope the access? list and click Next.
If you select Specific resources, select an attribute type and specify a value for each condition that you add.
If you select Service instance in the Attribute type list, specify your instance in the Value field.
If you have multiple instances, you must find the data mart ID to specify the instance that you want to assign users access to. You can use one of the following methods to find the data mart ID:
On the Insights dashboard, click a model deployment tile and go to Actions > View model information to find the data mart ID.
On the Insights dashboard, click the navigation menu on a model deployment tile and select Configure monitors. Then, go to the Endpoints tab and find the data mart ID in the Integration details section of the Model information tab.
Select the Reader role in the Service access list.
Assign access to users.
If you are assigning access to new users, click Add, and then click Invite in the Access summary pane.
If you are assigning access to existing users, click Add, and then click Assign in the Access summary pane.
Note:
You can create an access group with the required permissions for watsonx.governance and assign users to the group. For details on creating an access group, see Managing users and access.
IBM watsonx.governance users and roles
Copy link to section
You can assign roles to watsonx.governance users to collaborate on model evaluations in projects and deployment spaces.
The following table lists permissions for roles that you can assign for access to evaluations. The Operator and Viewer roles are equivalent.
Table 1. Operations by role The first row of the table describes separate roles that you can choose from when creating a user. Each column provides a checkmark in the role category for the capability associated with that role.
Operations
Admin role
Editor role
Viewer/Operator role
Evaluation
✔
✔
View evaluation result
✔
✔
✔
Configure monitoring condition
✔
✔
View monitoring condition
✔
✔
✔
Upload training data CSV file in model risk management
About cookies on this siteOur websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising.For more information, please review your cookie preferences options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.