Managing user access to Data Gate

As an administrator or creator of a Data Gate instance, you can give other Cloud Pak for Data users access to the instance.

Before you begin

To give another user access to a Data Gate instance, your user profile must include the Manage service instances permission.
A user can only be given access to a Data Gate instance if a profile for that user exists on Cloud Pak for Data. To create a not yet existing Cloud Pak for Data user, you (your user profile) must have Manage users permission on Cloud Pak for Data.
To include a user in a user group, you must also have the Manage user groups permission.

The Administrator role includes these permissions by default.

Adding a user (example):

Make sure that the Cloud Pak for Data perspective is selected. If necessary, click to change the perspective.
Click Manage users.
You see the Access control list. The Users tab is in front.
To add a user, click Add users on the right.
In the search field under Profile information, you can search for existing Cloud Pak for Data users.
Click Next to go to the Platform access page. On this page, you can assign roles directly, or assign the new user to a user group that has the required permissions.
Assign roles directly
1. To assign roles directly to the user, select this tile and click Next.
2. On the next page, select the appropriate user roles on the left. By default, you can select the following roles:
  - Administrator
  - User
  For each role, you can display a description on the right, which includes all the permissions the role has.
3. Click Next to continue.
Add to user group
1. To add the user to a group, select this tile and click Next.
2. On the User groups page, select the groups that you want to add the user to. In the rightmost column of the tables that lists the available groups, you can see the permissions that are assigned to each group.
3. Click Next to continue.
On the Summary page, key information about the user profile and the assigned roles is displayed. Confirm and finish by clicking Add.

About this task

A user with access to a Data Gate instance can have the following access privileges to the instance. The privileges are grouped in sets that are called roles.

By default, you can select the Administrator role and the User role.

Administrator

By default, the Adminstrator role has 16 permissions, including:

Create service instances
Manage service instances
Manage user groups
Manage users

User

By default, the User role has no permissions, which means that permissions are given to this role indirectly, for example by giving the user access to a service instance.

You can create custom roles if needed. Permissions that are associated with a custom role are entirely independent of the privileges that are associated with the basic roles on Cloud Pak for Data.

Procedure

To give a Cloud Pak for Data user access to a Data Gate instance or change a user's role regarding the instance:

Make sure that the Cloud Pak for Data perspective is selected. If necessary, click to change the perspective.
On the side bar, click Instances.
You see the Service instances page. All instances are listed in the Name column. You find a 3-dot-menu () to the right of each listed instance name.
Locate and click the menu of the instance.
From the menu choices that are displayed, select Manage access.
You see the Access management page.
Depending on what you want to do, follow one of the following set of steps:
- To add users or groups:
  1. Click Add users.
    You see the Grant access to users and user groups window.
  2. Select one or more users or groups in the Users and user groups column by selecting the check boxes in front of the usernames.
    The check boxes of users that already have access are grayed out. Selecting the checkbox on the table header, you can select all available users.
    
    If the list is long, you can search for a particular user by entering the username or a part of it in the Find users field above the table.
  3. For each selected user or group, select a role by clicking the appropriate Choose a role drop-down button. You can select between the following roles:
    Admin
    An administrator of a Data Gate instance can:
    
    View the details of the instance
    
    Modify the instance (for example, change the data source or add tables)
    
    Manage access to the instance (give access to other users or change their roles regarding the instance
    
    Delete the instance
    User
    A Data Gate instance user can:
    
    View the details of the instance
    
    Modify the instance (for example, change the data source or add tables)
    
    A user cannot delete instances. Neither can an instance user give other users access to the instance or change their roles.
  4. Click Add. You return to the Access management page.
- To change the role of a user or user group:
  1. Select one or more users or groups in the Name column of the Access management page by selecting the check boxes in front of the usernames .
    If the list is long, you can search for a particular user by entering the username or a part of it in the Find users field above the table.
  2. Click the appropriate drop-down button in the Service role column and select a differnt role.
- To remove a user's or user group's access to the Data Gate instance:
  1. Select one or more users or groups in the Name column of the Access management page by selecting the check boxes in front of the usernames .
    If the list is long, you can search for a particular user by entering the username or a part of it in the Find users field above the table.
  2. To remove just a single selected user or group, click in the table row that lists the user or group.
    To remove more than one selected user or group, click the button.