Managing IAM access for NPSaaS
Identity and Access Management (IAM) enables you to securely authenticate users for platform services and control access to resources consistently across the IBM Cloud platform. For example, with only a single login to IBM Cloud® with your IBMid, you have access to any of your service consoles and their applications without having to log in to each of them separately.
Access to the IBM® Netezza® Performance Server for IBM Cloud Pak® for Data as a Service service instances for users in your account is controlled by IBM Cloud® (IAM). Every user that accesses the NPSaaS service in your account must be assigned an access policy with an IAM role. Review the following roles, actions, and more to help determine the best way to assign access to NPSaaS.
Roles and actions
The access policy that you assign users in your account determines what actions a user can perform within the context of the service or specific instance that you select. The allowable actions are customized and defined by NPSaaS as operations that are allowed to be performed on the service. Each action is mapped to an IAM platform that you can assign to a user.
If a specific role and its actions don't fit the use case that you're looking to address, you can create a custom role and pick the actions to include.
IAM access policies enable access to be granted at different levels.
| Role | Connect | User Management | Scaling | Backup and Restore | Monitoring | DR |
|---|---|---|---|---|---|---|
| IAM Platform Administrator | Y | Y | Y | Y | Y | Y |
| IAM Platform Operator | Y | Y | Y | Y | Y | Y |
| IAM Platform Editor | Y | Y | Y | Y | Y | Y |
| IAM Platform Viewer | Y | N | N | N | N | N |
NPSaaS does not use IAM Service roles.
For information about the steps to assign IAM access, see Managing access to resources.