CDP One user roles

Your available CDP One services depend on what has been provisioned for you as part of your CDP One subscription, as well as your assigned user groups.

CDP One roles and permissions

  • Data Analyst (data_analyst) – Access to data and endpoints are driven by Ranger policies. By default any user in this group only has access to their home directory and the default database.

  • System Administrator (system_admin) – Full access to CDP One capabilities, including access to data, service administration, and service consumption.

  • User Administrator (user_admin) – User Administrators can manage user and groups in CDP One, including data policies enforced by Ranger.

Data Analyst is a generic group that is supplanted by specific groups originating from the customer's identity provider (IdP). It is generally insufficient to have a single user group that caters to all data policies. Any additional groups must be forwarded to Support so that these groups can be seeded with the basic permissions assigned to the Data Analyst default group. All further privileges can then be configured for that specific group(s) by the User Administrator via data access policies in Ranger.