As an EnvironmentAdmin, you need provide access to users to your environment and to
the Streaming Analytics cluster by assigning user roles, adding users to Ranger policies,
and creating IDBroker mappings.
The cluster you have created using the Streaming Analytics cluster definition is
kerberized and secured with SSL. Users can access cluster UIs and endpoints through
a secure gateway powered by Apache Knox. Before you can use Flink and SQL Stream
Builder, you must provide users access to the Streaming Analytics cluster
components.
-
Assign the EnvironmentUser role to the users to grant access to the CDP
environment and the Streaming Analytics cluster.
-
Add the user to the appropriate predefined Ranger policies.
-
Create IDBroker mapping.
You must create IDBroker mapping for a user or group to have access to the S3
cloud storage. As a part of Knox, the IDBroker allows a user to exchange
cluster authentication for temporary cloud credentials.
The following roles are created when registering the CDP environment:
idbroker-role: granting permissions to IDBroker
istances associated wit the CDP environemtndatalake-admin-role: granting access to CDP cloud
rescourceslogs-role: granting access to the logs storage
location
For using Streaming Analytics in CDP Public Cloud, you must map the users
using Flink to the the
datalake-admin-role as it grants access
to the cloud resources required to run the Flink service. You can configure the
IDBroker mappings for Flink users with the following steps:
- Navigate to , and select the environment where you have created your
cluster.
- Click on .
- Select tab.
- Click in the Current Mappings pane.
- Make sure that the users who run Flink jobs are associated with the ARN
of the datalake-admin-role.
If you need to add more users or
groups:
- Add a new row using the plus
icon.
- Search and select the user or
group.
- Click Save and Sync.
