Collaborator security on AWS
IBM watsonx provides attribute-based access control to protect the platform and workspaces. You control access to the platform and workspaces by assigning roles and by restricting collaborators.
| Mechanism | Purpose | Responsibility | Configured on |
|---|---|---|---|
| Collaborator roles | Assign roles to control access to platform and workspaces | Customer | IBM watsonx |
Collaborator roles
Every user of IBM watsonx has multiple levels of roles with the corresponding permissions, or actions. The permissions determine what actions a user can perform on the platform or within a service. Some roles are set in IBM SaaS console, and others are set in IBM watsonx.
The levels of roles are:
- IAM Platform access roles determine your permissions for the IBM Cloud account. At least the Viewer role is required to work with services
- IAM Service access roles determine your permissions within services
- Workspace collaborator roles determine what actions you have permission to perform within workspaces in IBM watsonx.
The IBM SaaS console account owner or administrator sets the Identity and Access (IAM) Platform and Service access roles in the IBM SaaS console account. Workspace administrators in watsonx set the collaborator roles for workspaces, for example, projects and deployment spaces.
This illustration shows the different levels of roles assigned to each user so that they can work in IBM watsonx.
Familiarity with the IBM SaaS console IAM feature, Platform roles, and Service roles is required to configure user access for IBM watsonx. See:
- Managing SaaS accounts for a description of IAM Platform roles
- Creating service IDs for a description of IAM Service roles
- Project collaborator roles for a description of workspace permissions
Learn more
Parent topic: Security on AWS