Roles and permissions for Data Product Exchange

Review the roles and permissions that users need for working with data products on Data Product Exchange.

IAM and collaborator roles

Users of the Data Product Exchange require two types of roles:

  • Roles assigned in IBM Cloud, which are called IAM roles
  • Roles assigned in Data Product Exchange, which are called collaborator roles

As the IBM Cloud account owner or administrator, you assign IAM roles to individual users or to access groups on IBM Cloud on the Manage users and access feature.

IAM roles are for either Platform or Service level permissions. Any of the IAM Platform roles of Viewer, Editor, Operator, and Administrator can be assigned to work in Data Product Exchange. However, the minimum IAM Platform role for working in Data Product Exchange is Viewer.

The IAM Service level role Manager applies to the Data Product Exchange IAM Service. It is assigned to the person who initializes the Data Product Exchange by logging in for the first time.

Collaborator role assignment

Data Product Exchange requires that all users to have a collaborator role. Collaborator roles are assigned in Data Product Exchange by the Administrator on the Manage community page.

Collaborators have one of these roles that provide permissions:

  • Viewer: Data product consumers who discover and order data products.
  • Editor: Data product producers who author, publish, and manage data products. Editor role includes permissions for Viewer.
  • Admin: Administrators who add users and assign roles and other configuration tasks. Admin role includes permissions for Viewer and Editor.

The following table shows the actions that you can complete depending on your collaborator role.

+ indicates that users need to be owners of an order or data product to perform the action.

Table 1. Permissions by role
Action Viewer Editor Admin
Log in to Data Product Exchange
View Data Product Exchange dashboard
Search for published data products
Order a data product
View orders ✓+ ✓+ ✓+
Create data product drafts
Publish, edit, and delete data products ✓+ ✓+
Manage data products from My work page ✓+ ✓+
Create connections to data sources
Add or delete users or groups
Assign and modify roles

IAM Manager role for the Data Product Exchange service

The IAM Service level role Manager applies to the Data Product Exchange IAM Service. The Service level Manager role is reserved for the user who is going to be the first to log in to Data Product Exchange. The first login initializes the Data Product Exchange. Either the account administrator or the Manager can initialize the Data Product Exchange by logging in.

Action Service name Role
Initialize Data Product Exchange Data Product Exchange Manager

IAM Platform role assignment

Data product tasks and required roles and permissions
Action Service name IAM Platform role IAM Service access roles
Set up Cloud Object Storage IBM Cloud Object Storage Administrator Manager
Add users and assign roles in the IBM Cloud account All Identity and Access enabled services Administrator Manager
All Account Management services Editor Service level roles are not applicable.

Learn more

Parent topic: Overview for setting up IBM Data Product Exchange