Cloudera user management system

Cloudera Management Console includes a user management system that allows you to integrate your identity provider and manage user access to Cloudera resources.

During the initial setup of a Cloudera subscription, Cloudera designates a user account as a Cloudera account administrator. A Cloudera account administrator has all privileges and can perform any task in Cloudera. Administrators can create other Cloudera administrators by assigning the PowerUser role to users. Cloudera administrators can also register environments and create Data Lake clusters.

Cloudera administrators can create users and groups and then assign roles and resource roles to users or groups. The Cloudera Management Console also enables Cloudera administrators to federate access to Cloudera by configuring an external identity provider. Cloudera users can include users corresponding to an actual living person within the organization or machine users.

In addition to the SSO credentials mentioned above, Cloudera uses another set of credentials that must be used for accessing some Cloudera components (for example accessing Cloudera Data Hub clusters via SSH).

To access to the CDP CLI or SDK, each user must have an API access key and private key. Each user must generate this key pair using the Cloudera Management Console, and Cloudera creates a credentials file based on the API access key. When you use the CDP CLI or SDK, Cloudera uses the credentials file to get the cluster connection information and verify your authorization.