Managing users and roles

Edit online

There are two levels of role-based access to consider when adding users to IBM® Concert: instance-level and object-level.

  • Instance-level access is managed by using the IBM SaaS Console or IBM Cloud Pak® foundational services. This access level determines who can access your organization's instance of Concert and defines their global permissions.
  • Object-level access is managed in the Concert platform and refers to a user's ability to view or manage individual applications and environments.
Note: To ensure the security and integrity of your application data in Concert, limit access to your instance and objects to only what is necessary for each user or user group.

Instance-level access

After creating your Concert instance in IBM SaaS Console or IBM Cloud Pak foundational services, you can use those tools to specify the authorized users who can log in to your instance and their instance-level roles: Service owner, service admin, or service user.

To know more about managing SaaS user accounts, check Managing SaaS accounts.

Instance-level role access details
Instance-level role Access details
Service owner
  • Grant or revoke access to other users or user groups
  • Create, edit, delete, and run ingestion jobs
  • View, use, create, update, and delete shared third-party credentials (connections)
  • Define applications and environments
Note: This role is not available for Concert on CFPS.
Service admin
  • Grant or revoke access to other users or user groups (except for the Owner role)
  • Create, edit, delete, and run ingestion jobs
  • View, use, create, update, and delete shared third-party credentials (connections)
  • Define applications and environments
Service user
  • View ingestion jobs
  • View and use shared third-party credentials (connections)
  • Define applications and environments

The person who creates the Concert instance is automatically assigned the Service owner role and can add other users or user groups.

Note: You must add users to your instance before you can grant them access to individual applications or environments.

Object-level access

You can grant users different levels of access to individual applications or environments within the IBM Concert. There are three resource-level roles that you can grant an individual user: Admin, Editor, or Viewer.

Object-level access details
Object-level role Access to applications or environments Access to automation rules Access to managing other users or user groups
Admin View, edit, and delete an application or environment View, create, edit, or delete an automation rule for applications/environments to which you have access Grant or revoke access to other users
Editor View and update an application or environment View, create, edit, or delete an automation rule for applications/environments to which you have access No access
Viewer View an application or environment View an automation rule No access
Note: Any user who defines an application or environment is automatically assigned the Admin role for that resource.

Refer to Managing access to applications and environments for more information.