Service to service authorization
For integrating IBM® watsonx.data with IBM watsonx.data intelligence, you must configure service-to-service authorization in IBM Cloud. A service authorization grants a source service or group of services in any account access to a target service or group of services in this account. You must be in the account where the target service is deployed.
Ensure that the required steps are first completed in the watsonx.data account and then repeated in the watsonx.data intelligence account, logging in separately to each environment.
Procedure
- Log in to IBM Cloud where watsonx.data is deployed.
- Go to Manage > Access (IAM). The IBM Cloud Identity and Access Management page opens.
- From the left panel, select Authorizations.
- On the Manage authorizations page, click Create.
- On the Grant a service authorization page:
- If you are setting up authorization in your account, select This account.
- If you are setting up authorization in the enterprise account, select Other account.
- Search and select IBM watsonx.data intelligence as the source and watsonx.data as the target.
- Select All resources as the scope of access.
- Select all the three roles:
- Viewer
- DataAccess
- MetastoreViewer
- Click Authorize.
- Log in to the account where watsonx.data intelligence (IKC) is deployed.
- On the Manage authorizations page, click Create.
- Repeat steps 5 to 7 by selecting watsonx.data as the source and IBM watsonx.data intelligence as the target.
- Select the Watsonx.data Service Access role and click Authorize.
If you skip these steps, you may still be able to test the connection and add data from it, but metadata enrichment will fail and produce the following error:
Failed to get Flight info: CDICO0100E: Connection failed: SQL error: Client error: Authentication failed: Unauthorized