IBM Data Platform Ideas Portal for Customers
This portal is to open public enhancement requests against products and services offered by the IBM Data Platform organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,
Post an idea
Upvote ideas that matter most to you
Get feedback from the IBM team to refine your idea
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
IBM Employees should enter Ideas at https://ideas.ibm.com
This use case is already supported. Only Catalog Admins can add/remove other catalog collaborators.
Not all users with project access can delete connections in the project.
To delete asset in project, user must be Project Admin or Editor.
To delete asset in catalog, user must be one of the following:
1. catalog admin, or
2. catalog editor + asset owner, or
3. catalog editor + asset editor
This use case is already supported. Today, only Catalog Admins can add/remove other catalog collaborators.
Catalog Editors can add content to a catalog, but they cannot add/remove other catalog collaborators.
See https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=catalogs-managing-access-catalog
This use case is already supported by creating connections with personal credentials only. When you say "view data", I assume you're referring to previewing data assets through connections. If the connections are created with personal credentials, admins will need to be given credentials to access actual data. Admins do not need connection credentials to manage metadata.
Perhaps you can list the admin tasks you are referring to, coz some tasks to require access to data today (such as profiling, classification, metadata enrichment analysis that require access to data).
This use case is already supported. To update or delete asset metadata in catalogs, user needs to be one of the following (same as my response as Use Case 1 above):
1. catalog admin, or
2. catalog editor + asset owner, or
3. catalog editor + asset editor
For example, the customer can create a user group "chief editor", and assign the catalog admin/editor and asset owner/editor roles to the "chief editor" user group as appropriate, then add individual users to the "chief editor" user group.
Roles and permissions for managing governance artifacts through categories are more granular, as Michal mentioned above. Please refer to the link he provided on custom category roles.
This use case is already supported. At a high level, to assign artifacts to assets in catalogs, user needs to be one of the following:
1. catalog admin, or
2. catalog editor + asset owner, or
3. catalog editor + asset editor
For details, see:
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=assets-editing-asset-properties
@Guest The link you shared above is not the correct doclink on current user roles in IKC. Please refer to the links Michal shared above on category roles (for managing governance artifacts) and catalog roles (for managing assets in catalogs), in addition to the following links on platform roles:
Pre-defined platform roles (managed through IBM Software Hub): https://www.ibm.com/docs/en/software-hub/5.2.x?topic=users-predefined-roles-permissions-in-software-hub#roles-permissions__permssion
How to create custom platform roles: https://www.ibm.com/docs/en/software-hub/5.2.x?topic=users-managing-roles-in-software-hub
Customer more recent examples:
use case 4:
As someone authorized to add content to a catalog, should NOT also have permission to update the "Access Control" section. That goes against all security best practices and against the «Zero Trust» concept.
2 Possible Solutions:
The ability to configure Editor roles to be more granular
Use case 5:
Introducing a new role such as Catalog Access Controller.
Problem:
Same issue for an assignment/quality project when a connection is available.
Possible Solution:
Do not allow all users with project access to delete the connection. This permission should be restricted to a limited group. Example: Connection Controller.
IBM Knowledge Catalog provides a broad set of built-in collaborator roles for categories to support a wide range of governance use cases. You can learn more about these predefined roles at:
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=categories-category-collaborator-roles
In addition, it’s also possible to define your own custom roles to tailor access and responsibilities to your organization's specific needs. Instructions for creating custom category roles are available at:
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=categories-creating-custom-category-collaborator-roles
For catalogs, predefined roles (viewer, editor, admin) help manage access to data assets:
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.2.x?topic=catalog-collaborator-roles
As to specific use cases: Use case 1: “Only administrators at the catalog level can assign artifacts - they would want the owner or editor to allow this” – editor can also assign governance artifacts (users need to be owners or members of an asset to perform the action).
Use case 2:
"allow to delete the active information is only allowed by the admin we would want to create a chief editor role that would be able to do such deletion." – editor can also assign governance artifacts (users need to be owners or members of an asset to perform the action).
Use case 3:
"They want admins to manage IKC, but not see data. For them that is a security breech. If they could create some type of custom rôle that can do admin tasks, but not see the data. They really want to separate administrator and ability to view the data." – this still requires triaging on our end.
Use case 1:
“Only administrators at the catalog level can assign artifacts - they would want the owner or editor to allow this”
Use case 2:
allow to delete the active information is only allowed by the admin we would want to create a chief editor role that would be able to do such deletion.
Use case 3:
They want admins to manage IKC, but not see data. For them that is a security breech.
If they could create some type of custom rôle that can do admin tasks, but not see the data.
They really want to separate administrator and ability to view the data.
Current user roles in IKC:
https://www.ibm.com/docs/en/cloud-paks/cp-data/5.1.x?topic=cases-collaboration-roles-governance
This is just an example, not necessarily a real use case: The customer would like to have the ability to create a custom role for example called "data reporter" where he could hand pick what this role can do. For example assign "Evaluate model deployment" and "Generate reports", but not have "Edit AI use case"