Managing user permissions

You can manage various user permissions for Automation Decision Services in IBM Cloud Pak Platform UI (Zen). These permissions are used to access the admin-platform page or control access to decision runtime REST API endpoints and manage decision service archives and their metadata.

1. Click Manage users in the administrator's UI.
2. Create a role and add permissions to it.
   1. In the Roles tab on the Access control page, click New role.
   2. In the Details section, enter a name of the role and its description. Click Next.
   3. In the Permissions section, expand IBM Cloud Pak for Business Automation and select permissions to add to the role. Click Next.

      Table 1. Permissions for Automation Decision Services

      User permissions	Description
      Administer platform for decision services	Users with this permission can manage credentials for decision services in Decision Designer. You can access the administration page (admin-platform) in Decision Designer to perform various tasks as an administrator.
      Execute decision services	Users with this permission can execute decisions and invoke related endpoints. Examples of what related endpoints can do: List the operations of a decision service. Generate an OpenAPI specification for a decision service. Retrieve an example payload for a decision service. Generate the schemas of the input and output for a decision service.
      Manage deployed decision services	Users with this permission can manage the decision service archives and associated metadata by using the create, retrieve, update, and delete operations on their respective storage service. Note: Users must have this permission to run, build, and deploy decision services in Decision Designer.
      Manage deployment spaces	Users with this permission can manage deployment spaces.
      Monitor decision runtime	Users with this permission can take a snapshot of the state of the decision runtime on demand.

      For more information about the permissions for decision runtime, see User permissions and authentication modes.

   4. Verify the information in the Summary section, and then click Create.
3. Assign the role to users or user groups.
   For example, to assign the role to a user:
   1. In the Users tab on the Access control page, select a user.
   2. Click Assign roles on the user's page.
   3. Select the role that you want to assign on the Assign roles page, and then click Assign 1 role.

      You can assign the role that you created in the previous step, or you can assign a predefined role.

      Table 2. Predefined roles

      Predefined role	Description	Associated permission
      Decision Designer Platform Administrator	Users with this role can manage credentials for decision services in Decision Designer. You can access the administration page (admin-platform) in Decision Designer to perform various tasks as an administrator.	Administer platform for decision services
      Decision User	Users with this role can perform actions that are allowed with the Execute decision services permission.	Execute decision services
      Deployed Decision Manager	Users with this role can perform actions that are allowed with the Manage deployed decision services permission.	Manage deployed decision services
      Decision Runtime Monitor	Users with this role can perform actions that are allowed with the Monitor decision runtime permission.	Monitor decision runtime
      Decision Runtime Deployment Spaces Manager	Users with this role can perform actions that are allowed with the Manage deployment spaces permission.	Manage deployment spaces