Configure User Groups and Permissions¶
The AI Studio uses the EnOS Identity and Access Management (IAM) service to control the user groups and permissions. AI Studio administrators can manage the products and resources accessible for users or user groups by assigning corresponding access policies to them.
AI Studio provides built-in user groups to quickly manage user permissions, each user only needs to be added into one group, the group with higher permissions takes precedence if a user is added to multiple groups. AI Studio administrators can also create custom groups if the built-in groups cannot meet the business needs.
Create Policy¶
After AI Studio is installed, the OU administrator needs to create a policy for AI Studio menus:
Log in to EnOS Management Console as an OU administrator and select Identity and Access Management > Policy.
Select New Policy, enter a policy name, and then select Next.
Select the menu checkboxes to grant permissions. We recommend that you select AI Studio and Resource Configuration checkboxes so users can view all AI Studio menus in most cases.
Create and Configure User Groups¶
After the policy is created, the OU administrator needs to create the following user groups with same names as AI Studio built-in user groups through Identity and Access Management > User Group, and then assign users and policies to the group:
eap_admin
eap_developer
eap_operator
eap_visitor
Created user groups are as follows.
For more information, see IAM Overview.
Manage User Group Permissions¶
AI Studio administrators can configure and manage the permissions (read, create, update, delete, and execute) to access module resources for each user group.
Log in to EnOS Management Console as an AI Studio administrator and select Data Analytics > AI Studio > Dashboard.
Select Basic Information > Permission Mgmt, on the Permission Configuration page, view or edit the permissions of built-in user groups to access AI Studio resources.
If you need additional user groups, select + Custom Group and configure the permissions. And then add a user group with the same name through Identity and Access Management > User Group, assign users and policies to the group. Note that currently logged in users need to log in again for the new permissions to take effect.