Configuring application user privileges

By configuring application user privileges, you can control the functions that are available to application users.

About this task

How you configure user privileges depends on whether application login settings are configured for your Watson Explorer Content Analytics system:

If you did not enable application login settings, or if you want to grant privileges to application users without adding user IDs or group names to the system, you can specify default privileges.
If you enabled application login settings and configured the system to use a Lightweight Directory Access Protocol (LDAP) server to authenticate users, ensure that the user names and group names that you want to authorize exist in the user registry. For a function to be available, the user ID that the user specifies to log in to the application must match the user ID in the registry.
If you enabled application login settings and use WebSphere® Application Server to manage user roles and authentication, you must use the WebSphere Application Server administrative console to map specific security roles to users or groups. The following table shows the user privileges and the roles that must be assigned in WebSphere Application Server if you do not handle authentication through the embedded web application server.

Application user privilege	Required roles, if you use WebSphere Application Server
Privileges for enterprise search and content mining
Save searches.	SAVE_SEARCH
Export documents that match the current query conditions.	EXPORT
Set and clear flags for selected documents or all documents in the results.	DOCUMENT_FLAGGING
Use the query builder to build queries by highlighting text and facets in a selected document.	QUERY_BUILDER
Add rules to a category that are based on the current query.	CATEGORY_RULE_REGISTRATION
Rebuild the category index after adding category rules. Requires the privilege to add rules to a category that are based on the current query.	CATEGORY_REBUILD
Privileges for enterprise search
Modify the layout of the panes displayed in the enterprise search application.	MODIFY_LAYOUT
Export flagged documents to a content analytics collection.	EXPORT_FLAGGED_DOCUMENT
Privileges for content mining
Create deep inspection reports to explore analysis statistics with other tools instead of interactively through the content analytics miner.	DEEP_INSPECTION
Create reports that can be opened with IBM® Cognos® Business Intelligence analytical tools.	COGNOS_REPORT

To assign application user privileges:

Click Security to open the Security dashboard and go to the system-level security area.
If application login settings are enabled and users are required to log in to the application:
1. Click Actions > Add an application user or group.
2. Specify a user ID to authorize an individual user or a group name to authorize a user group, and then select the check boxes for the functions that the user can do.
3. If you specified a user ID, specify the application ID for the collections that this user has privileges for. You can select an existing application ID or create a new application ID and select the collections that you want this user to have privileges for.
If users are not required to log in to the application, or if you want to specify default application functions for users without explicitly registering them:
1. Click Actions > Specify default application user privileges.
2. Select the check boxes for the functions that all users can do.
The applications that these privileges apply to is controlled by the application's configuration settings. For example, you can use the customizer applications to identify the application ID and the collections that these privileges apply to.