IBM Cloud Docs
Managing user access

Managing user access

Security in IBM® watsonx.data is based on roles. A role is a group of permissions that control the actions you can perform in watsonx.data. To perform certain actions and manage specific sessions in watsonx.data, the user must also have the appropriate authorization.

Authorization is granted by assigning a specific role to the user account. Use the Role Based Access Control feature in watsonx.data to grant users the access privileges they require for their role.

Access to provision IBM Cloud resources is governed by using IAM access and account management services. You must have Administrator privileges to access the resource group in which you need to create the resources.

To manage access, complete the following steps:

  1. Log in to the watsonx.data console.

  2. From the navigation menu, select Access control. Under the Infrastructure tab, the different components (Engine, Catalog, Bucket, and Database) are displayed in the table.

  3. Click the overflow icon in the components row and then click Manage access. Alternatively, you can click the Display name of the component. The selected component page opens.

  4. Under the Access control tab, click Add access.

  5. In the Add access window, provide the following details.

    Table 1. Add user
    Field Description
    Name You can select individual users or a user group.
    Role Select the role from the drop-down list. You can assign roles based on the component type. For more information, see Roles and privileges.
  6. Click Add. The user is added and assigned the role.

  7. To change the role that is assigned to a user, complete the following steps:

    1. Under the Infrastructure tab, click the Display name of the component in the table.

      The Access control tab for selected component opens.

    2. Click the overflow menu for the selected user and then select Change role.

    3. In the Change role window, select the role from the drop-down list.

    4. Click Save.

  8. To remove a user for a component, complete the following steps:

    1. Under the Infrastructure tab, click the Display name of the component in the table.

      The Access control tab for the selected component opens.

    2. Click the overflow menu for the selected user and then select Remove.

    3. In the Confirm removal window, click Remove.

      The user remains in the Access control tab after removing from IBM Cloud or Cloud Pak for Data. You must remove the user manually from the Access control tab. You might see the user in the Access control tab of the engine after confirming the removal. It takes up to 20 minutes for the access revoke to be effective for the user and disappear from the tab.