Skip to main content
IBM Quantum Platform

Set up access policies and access groups

Note

This documentation is relevant to the new IBM Quantum® Platform. If you need the previous version, return to the IBM Quantum Platform Classic documentation.

In IBM Cloud®, the IAM (Identity and Access Management) model gives account owners and administrators more flexibility to manage the access of their users. For example, with IAM, you can grant a user access to view account usage analytics without granting any other management access.

When you create an instance in IBM Quantum Platform, an access group is automatically generated (unless you opt out) for access to that instance. If you want to customize an access group for an instance, or create other access groups, you must do so on the IBM Cloud console for Access groups.

Visit these topics for more information:

How to create a Qiskit Runtime Administrators access group

After setting up an account for your organization, it's recommended that you go to the IBM Cloud console for Access groups and create a Qiskit Runtime Administrators access group. This access group gives access to other users to create and manage instances, and manage user access for the Qiskit Runtime service.

When you create this access group, include the following three policies (you can copy and paste the code into the JSON entry feature on the IAM console):

  • All IAM Account Management services (Administrator), required for inviting users, managing access groups and creating access policies
{
    "type": "access",
    "roles": [
        {
            "role_id": "crn:v1:bluemix:public:iam::::role:Administrator"
        }
    ],
    "resources": [
        {
            "attributes": [
                {
                    "name": "accountId",
                    "value": "[ACCOUNT_ID]"
                },
                {
                    "name": "service_group_id",
                    "value": "IAM"
                }
            ]
        }
    ]
}
  • All Account Management services (viewer), needed for listing all the resource groups in the account
{
    "type": "access",
    "roles": [
        {
            "role_id": "crn:v1:bluemix:public:iam::::role:Viewer"
        }
    ],
    "resources": [
        {
            "attributes": [
                {
                    "name": "accountId",
                    "value": "[ACCOUNT_ID]"
                },
                {
                    "name": "serviceType",
                    "value": "platform_service"
                }
            ]
        }
    ]
}
  • Qiskit Runtime Service (Manager, Administrator), required to manage all Qiskit Runtime instances in the account and view account usage analytics
{
    "type": "access",
    "roles": [
        {
            "role_id": "crn:v1:bluemix:public:iam::::serviceRole:Manager"
        },
        {
            "role_id": "crn:v1:bluemix:public:iam::::role:Administrator"
        }
    ],
    "resources": [
        {
            "attributes": [
                {
                    "name": "accountId",
                    "value": "[ACCOUNT_ID]"
                },
                {
                    "name": "serviceName",
                    "value": "quantum-computing"
                }
            ]
        }
    ]
}
Was this page helpful?
Report a bug or request content on GitHub.