Cloudera Manager user accounts
Access to Cloudera Manager features is controlled by user accounts. A user account identifies how a user is authenticated and determines what privileges are granted to the user.
Minimum Required Role: User Administrator (also provided by Full Administrator) This feature is not available when using Cloudera Manager to manage Data Hub clusters.
When you are logged in to the Cloudera Manager Admin Console, the username you are logged in as is located at the far right of the top navigation bar.
A user with the User Administrator or Full Administrator role manages user accounts through the
page. View active user sessions on the User Sessions tab.User Authentication
Cloudera Manager provides several mechanisms for authenticating users. You can configure Cloudera Manager to authenticate users against the Cloudera Manager database or against an external authentication service. The external authentication service can be an LDAP server (Active Directory or an OpenLDAP compatible directory), or you can specify another external service. Cloudera Manager also supports using the Security Assertion Markup Language (SAML) to enable single sign-on.
If you are using LDAP or another external service, you can configure Cloudera Manager so that it can use both methods of authentication (internal database and external service), and you can determine the order in which it performs these searches. If you select an external authentication mechanism, Full Administrator users can always authenticate against the Cloudera Manager database. This prevents locking everyone out if the authentication settings are misconfigured, such as with a bad LDAP URL.
With external authentication, you can restrict login access to members of specific groups, and can specify groups whose members are automatically given Full Administrator access to Cloudera Manager.
Users accounts in the Cloudera Manager database page show Cloudera Manager in the User Type column. User accounts in an LDAP directory or other external authentication mechanism show External in the User Type column.
User Roles
User accounts include the user's role, which determines the Cloudera Manager features visible to the user, the actions the user can perform, and, for certain roles, what clusters actions can be performed on. All tasks in the Cloudera Manager documentation indicate which role is required to perform the task.
Determining the Role of the Currently Logged in User
- Click the logged-in username at the far right of the top navigation bar.
- Select My Profile. The role displays. For example:
Changing the Logged-In Internal User Password
- Click the logged-in username at the far right of the top navigation bar and select Change Password.
- Enter the current password and a new password twice, and then click OK.
Adding an Internal User Account
- Select .
- Click the Add User button.
- Enter a username and password.
- In the Role drop-down menu, select a role for the new user.
- Click Add.
Assigning User Roles
- Select .
- Check the checkbox next to one or more usernames.
- Select .
- In the drop-down menu, select the role.
- Click the Assign Role button.
Changing an Internal User Account Password
- Select .
- Click the Change Password button next to a username with User Type Cloudera Manager.
- Type the new password and repeat it to confirm.
- Click the Update button to make the change.
Deleting Internal User Accounts
- Select .
- Check the checkbox next to one or more usernames with User Type Cloudera Manager.
- Select .
- Click the OK button. (There is no confirmation of the action.)
Viewing User Sessions
- Select .
- Click the tab User Sessions.