Managing users for the Watson OpenScale service

You can approve sign up requests, invite users, and add users to IBM Cloud Pak® for Data from the Administer > Manage users page.

Before you begin

If you plan to use SAML for single sign-on (SSO), it is strongly recommended that you familiarize yourself with the steps that are outlined in the Managing users topic. If you add users before you configure SSO, you will need to re-add the users with their SAML ID to enable them to use SSO.
Best practice: By default, Cloud Pak for Data user records are stored in an internal repository database. The internal repository database enables you to complete the initial set up of Cloud Pak for Data. However, after you set up Cloud Pak for Data, it is strongly recommended that you use your enterprise-grade LDAP provider for user management. After you grant Cloud Pak for Data administrator privileges to a user in your LDAP server, it is recommended that you remove all users from the internal database repository.

User management

Predefined user roles

The Watson™ OpenScale service has permissions and predefined roles that are available when Watson OpenScale is installed on top of Cloud Pak for Data. When you add or approve a user, you must specify the role that the user has.

Operations Admin role Editor role Viewer role
Add machine learning engine configuration    
Remove machine learning engine configuration    
Update machine learning configuration    
View machine learning configuration    
Add database configuration    
Remove database configuration    
Update database configuration    
View database configuration    
IBM OpenPages configuration    
Approve a model for production  
Run an evaluation  
View users and roles    
Add subscription to dashboard  
Remove subscription from dashboard  
View subscription
Configure monitors  
View monitor configuration
Upload payload logging record  
Upload feedback data  
Upload training data CSV file in model risk management  
Run auto setup    
API calls to update the system  
API calls to query the subscriptions and monitoring

Roles

The following table describes the actions that are associated with each role.

Role Feature area Description
Admin Machine learning providers
Users with this permission can perform the following machine learning provider tasks:
  • Add machine learning engine configuration
  • Remove machine learning engine configuration
  • Update machine learning configuration
  • View machine learning configuration
Databases
Users with this permission can perform the following database tasks:
  • Add database configuration
  • Remove database configuration
  • Update database configuration
  • View database configuration
Subscriptions
Users with this permission can perform the following subscription tasks:
  • Add subscription to dashboard
  • Remove subscription from dashboard
  • View subscriptions
Monitors
Users with this permission can perform the following monitor tasks:
  • Configure monitoring condition
  • View monitoring condition
Data
Users with this permission can perform the following data tasks:
  • Upload payload logging records
  • Upload feedback data
  • Upload training data CSV file in model risk management
Set up or configure
Users with this permission can perform the following set up tasks:
  • Run the auto setup
  • Configure IBM OpenPages to work with Watson OpenScale
  • Approve and evaluate models
  • View users and roles inside the Watson OpenScale service
API
Users with this permission can perform the following API tasks
  • Make API calls to update the system
  • Make API calls to query the subscriptions and monitoring
Editor Subscriptions
Users with this permission can perform the following subscription tasks:
  • Add subscription to dashboard
  • Remove subscription from dashboard
  • View subscriptions
Monitors
Users with this permission can perform the following monitor tasks:
  • Configure monitoring condition
  • View monitoring condition
Data
Users with this permission can perform the following data tasks:
  • Upload payload logging records
  • Upload feedback data
  • Upload training data CSV file in model risk management
Set up or configure
Users with this permission can perform the following set up tasks:
  • Approve and evaluate models
API
Users with this permission can perform the following API tasks
  • Make API calls to update the system
  • Make API calls to query the subscriptions and monitoring
Viewer Subscriptions
Users with this permission can perform the following subscription tasks:
  • View subscriptions
Monitors
Users with this permission can perform the following monitor tasks:
  • View monitoring condition
API
Users with this permission can perform the following API tasks
  • Make API calls to query the subscriptions and monitoring

Adding users to Watson OpenScale instances

You can add users to your Watson OpenScale instances. To add users to an instance, complete the following steps:

  1. From the list of your Watson OpenScale instances, click the overflow menu on the row of the instance that you want to share.
  2. Click Manage access.
  3. Click Add users and select the user and role.
  4. Click Add.

Viewing users and roles in Watson OpenScale

As an administrator, you can view users and roles in Watson OpenScale. Go to the configuration tab and click Users and roles.

Quota limits

To help you manage your resources efficiently and avoid performance issues, Watson OpenScale applies the following quota limits by default when users configure assets:
Asset Limit
DataMart 100 per service instance
Service providers 100 per service instance
Integrated systems 100 per service instance
Subscriptions 100 per service provider
Monitor instances 100 per any target

Every asset in Watson OpenScale has a hard limitation of 10000 instances of the asset per service instance.