Managing user access

Security in IBM® watsonx.data is based on roles. A role is a group of permissions that control the actions you can perform in watsonx.data. To perform certain actions and manage specific sessions in watsonx.data, the user must also have the appropriate authorization.

watsonx.data Developer edition

watsonx.data on IBM Software Hub

About this task

Authorization is granted by assigning a specific role to the user account. Use the Role Based Access Control feature in watsonx.data to grant users the access privileges they require for their role.

Procedure

  1. Log in to the watsonx.data console.
  2. From the navigation menu, select Access control. Under the Infrastructure tab, the different components (Engine, Catalog, Bucket, and Database) are displayed in the table.
  3. Click the overflow icon in the components row and then click Manage access. Alternatively, you can click the Display name of the component. The selected component page opens.
  4. Under the Access control tab, click Add access.
  5. In the Add access window, provide the following details.
    Field Description
    Name You can select individual users or a user group.
    Role Select the role from the drop-down list. You can assign roles based on the component type. For more information, see Roles and privileges.
  6. Click Add. The user is added and assigned the role.
  7. To change the role that is assigned to a user, complete the following steps:
    1. Under the Infrastructure tab, click the Display name of the component in the table.
    2. The Access control tab for selected component opens.
    3. Click the overflow menu for the selected user and then select Change role.
    4. In the Change role window, select the role from the drop-down list.
    5. Click Save.
  8. To remove a user for a component, complete the following steps:
    Note: An admin of a catalog, bucket, or database or a user in a group with an admin role can remove their own access to those resources if they have explicit permission.
    1. Under the Infrastructure tab, click the Display name of the component in the table.
    2. The Access control tab for the selected component opens.
    3. Click the overflow menu for the selected user and then select Remove.
    4. In the Confirm removal window, click Remove.
    Note: When you add a user to watsonx.data instance and grant that user access control of a pre-defined catalog, that user cannot be removed.
  9. To export the resource policies, complete the following steps:
    Note: You can export the details to a JSON file.
    1. Under the Infrastructure tab, select a component and click the Display name of the component in the table.
    2. The Access control tab for the selected component opens with the list of existing resource policies.
    3. To export the policies, select the required (or all) policies and click the Export link.
    4. The Export Users page opens. Specify the file name and click Export. The file gets downloaded to your machine.
  10. To import the resource policies, complete the following steps:
    Note: You can import JSON files only.
    1. Under the Infrastructure tab, select a component and click the Display name of the component in the table.
    2. The Access control tab for the selected component opens.
    3. To import policies, click the Import link. The Import page opens.
    4. In the Upload File section, select the file with policies that you want to upload.
    5. Click Next. The Validate section appears. The file that you uploaded is validated and if any invalid data items are found, it gets displayed in the Invalid data items table with the error description.
    6. Click Next. The Summary section opens. Verify and click Add imported users.