IBM Cloud Docs
Managing user access

Managing user access

Security in IBM® watsonx.data is based on roles. A role is a group of permissions that control the actions you can perform in watsonx.data. To perform certain actions and manage specific sessions in watsonx.data, the user must also have the appropriate authorization.

Authorization is granted by assigning a specific role to the user account. Use the Role Based Access Control feature in watsonx.data to grant users the access privileges they require for their role.

Access to provision IBM Cloud resources is governed by using IAM access and account management services. You must have Administrator privileges to access the resource group in which you need to create the resources.

To manage access, complete the following steps:

  1. Log in to the watsonx.data console.

  2. From the navigation menu, select Access control. Under the Infrastructure tab, the different components (Engine, Catalog, Storage, and Database) are displayed in the table.

  3. To provide access to individual infrastructure component, complete the following steps:

    1. Click the overflow icon in the components row and then click Manage access. Alternatively, you can click the Display name of the component. The selected component page opens.

    2. Under the Access control tab, click Add access.

    3. In the Grant access to users and user groups window, provide the following details.

      Add user
      Field Description
      Name You can select one or more users or user groups.
      Role Select the role from the drop-down list. You can assign roles based on the component type. For more information, see Roles and privileges.

    4. Click Add. The user is added and assigned the role.

  4. To provide access to infrastructure components in batches, complete the following steps:

    1. Click Add access. The Add access to infrastructure components page opens.

    2. In the Add access to infrastructure components page, do the following :

      1. Select the components. You can select a maximum of twenty components at a time.
      2. Click Next.
      3. Select the uses or user groups. You can select a maximum of 100 users or user groups altogether at a time.
      4. Click Next.
      5. You can view a table with the list of users and the infrastructure components against each user. Select a role against each component from the Choose a role list.

      You cannot change the existing role against a user (if it is seen already available in the table) from the page. To edit an existing role, see step 5.

      1. Click Save. The data is successfully saved.

  5. To change the role that is assigned to a user, complete the following steps:

    1. Under the Infrastructure tab, click the Display name of the component in the table.

      The Access control tab for selected component opens.

    2. Click the overflow menu for the selected user and then select Change role.

    3. In the Change role window, select the role from the drop-down list.

    4. Click Save.

  6. To remove a user for a component, complete the following steps:

    1. Under the Infrastructure tab, click the Display name of the component in the table.

      The Access control tab for the selected component opens.

    2. Click the overflow menu for the selected user and then select Remove.

    3. In the Confirm removal window, click Remove.

      The user remains in the Access control tab after removing from IBM Cloud or Cloud Pak for Data. You must remove the user manually from the Access control tab. You might see the user in the Access control tab of the engine after confirming the removal. It takes up to 20 minutes for the access revoke to be effective for the user and disappear from the tab.