Create the IDBroker mapping

To enable your CDP user to utilize the central authentication features CDP provides and to exchange credentials for AWS or Azure access tokens, you have to map this CDP user to the correct IAM role or Azure Managed Service Identity (MSI). The option to add/modify these mappings is available from the Management Console in your CDP environment.

  1. Access IDBroker Mappings.
    1. To access IDBroker Mappings in your environment, click Actions | Manage Access.
    2. Choose the IDBroker Mappings tab where you can provide mappings for users or groups and click Edit.
  2. Add your CDP user and the corresponding AWS or Azure role that provides write access to your folder in your S3 bucket or ADLS folder to the Current Mappings section.
  3. Click Save and Sync.
  4. Go to the environment in which your Flow Management and Data Engineering clusters are running. Click Actions | Manage Access and select the IDBroker Mapping tab in the next screen. Add a new mapping for your service user, mapping the user to an existing IAM role or Azure Managed Identity Resource ID that has access to the underlying storage which is used by the target Hive table.

    For example:

  5. Ensure that your IDBroker mapping change is synchronized to the environment successfully.
Create a Hive table and add Ranger policies that allow your machine user write access to your Hive table.