Create IDBroker mapping

To enable your CDP user to utilize the central authentication features CDP provides and to exchange credentials for AWS or Azure access tokens, you have to map this CDP user to the correct IAM role or Azure Managed Service Identity (MSI). The option to add/modify these mappings is available from the Management Console in your CDP environment.

  1. Go to the environment in which your Flow Management and Data Engineering clusters are running.
  2. To access IDBroker Mappings, click Actions | Manage Access and select the IDBroker Mapping tab in the next screen, where you can provide mappings for users or groups.
  3. Click Edit.
  4. Add a new mapping for your service user, mapping the user to an existing IAM role or Azure Managed Identity Resource ID that has access to the underlying storage which is used by the target Hive table.

    For example:

  5. Add your CDP user and the corresponding AWS or Azure role that provides write access to your folder in your S3 bucket or ADLS folder to the Current Mappings section.
  6. Click Save and Sync.
  7. Ensure that your IDBroker mapping change is synchronized to the environment successfully.
Create a Hive table and add Ranger policies that allow your machine user write access to your Hive table.