0 / 0
Setting up watsonx.governance on IBM Cloud
Last updated: Aug 23, 2024
Setting up watsonx.governance on IBM Cloud

You can set up watsonx.governance to monitor model assets in your IBM watsonx projects or deployment spaces. To set up watsonx.governance, you can manage users and roles for your organization to control access to your projects or deployment spaces.

To set up watsonx.governance, complete the following tasks:

Setting up AI use cases

You must configure AI use cases before users can create and use AI use cases for governance. The following roles are required to complete the setup of AI use cases and create inventories.

Required access roles

These are the minimum access roles required to set up AI uses cases.

  • Service: watsonx.governance Platform access role: Administrator
  • Service: All IAM account management services Platform access role: Viewer, Operator, Editor, or Administrator
  1. Click AI use cases on the main navigation menu. If you do not see a button to Complete setup, you might have insufficient access. Check your access settings and try again.
  2. Click Complete setup. A service ID named watsonx.governance_DO_NOT_DELETE is created for the IAM account.
Caution:

Do not delete this service ID. Deleting this service ID will cause certain watsonx.governance features to stop working. If the service ID is deleted, contact IBM Support for assistance with recovery.

Rotate the API key

You can rotate the API key of the service ID watsonx.governance_DO_NOT_DELETE by using the following cURL command.

curl -X 'POST' \
  'https://api.dataplatform.test.cloud.ibm.com/v1/aigov/factsheet/rotate_api_key' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer $TOKEN' \
  -d ''

Creating access policies

You can complete the following steps to invite users to an IBM Cloud account that has a watsonx.governance instance installed and assign service access.

Required roles
Users must have the Reader, Writer, or higher IBM Cloud IAM Platform roles for service access. Users that are assigned the Writer role or higher can access information across projects and deployment spaces in watsonx.governance.
  1. From the IBM Cloud homepage, click Manage > Access (IAM).
  2. From the IAM dashboard, click Users and select Invite user.
  3. Complete the following fields:
    • How do you want to assign access? : Access policy.
    • Which service do you want to assign access to? : watsonx.governance and All IAM account management service then click Next.
    • How do you want to scope the access : Assign Viewer access to All IAM account management service and for the watsonx.governance policy, then click Next.
      • If you select Specific resources, select an attribute type and specify a value for each condition that you add.
      • If you select Service instance in the Attribute type list, specify your instance in the Value field.
  4. If you have multiple instances, you must find the data mart ID to specify the instance that you want to assign users access to. You can use one of the following methods to find the data mart ID:
    • On the Insights dashboard, click a model deployment tile and go to Actions > View model information to find the data mart ID.
    • On the Insights dashboard, click the navigation menu on a model deployment tile and select Configure monitors. Then, go to the Endpoints tab and find the data mart ID in the Integration details section of the Model information tab.
  5. Select the Reader role in the Service access list.
  6. Assign access to users.
    • If you are assigning access to new users, click Add, and then click Invite in the Access summary pane.
    • If you are assigning access to existing users, click Add, and then click Assign in the Access summary pane.
Note:

You can create an access group with the required permissions for watsonx.governance and assign users to the group. For details on creating an access group, see Managing users and access.

IBM watsonx.governance users and roles

You can assign roles to watsonx.governance users to collaborate on model evaluations in projects and deployment spaces.

The following table lists permissions for roles that you can assign for access to evaluations. The Operator and Viewer roles are equivalent.

Table 1. Operations by role
The first row of the table describes separate roles that you can choose from when creating a user. Each column provides a checkmark in the role category for the capability associated with that role.
Operations Admin role Editor role Viewer/Operator role
Evaluation
View evaluation result
Configure monitoring condition
View monitoring condition
Upload training data CSV file in model risk management
Create inventory

Parent topic: Setting up the platform for administrators

Generative AI search and answer
These answers are generated by a large language model in watsonx.ai based on content from the product documentation. Learn more