Cloudera Docs

Default User Roles

By default, Cloudera Manager ships with user roles that have privileges for all clusters managed by Cloudera Manager.

The following list describes the actions each user role can perform:
  • Auditor
    • View configuration and monitoring information in Cloudera Manager.
    • View audit events.
  • Read-Only
    • View configuration and monitoring information in Cloudera Manager.
    • View service and monitoring information.
    • View events and logs.
    • View replication jobs and snapshot policies.
    • View YARN applications and Impala queries.
    The Read-Only role does not allow the user to:
    • Add services or take any actions that affect the state of the cluster.
    • Use the HDFS file browser.
    • Use the HBase table browser.
    • Use the Solr Collection Statistics browser.
  • Dashboard
    • Create, edit, or remove dashboards that belong to the user.
    • Add an existing chart or create a new chart to add to a dashboard that belongs to the user.
    • Perform the same actions as the Read-Only role.
  • Limited Operator
    • View configuration and monitoring information in Cloudera Manager.
    • View service and monitoring information.
    • Decommission hosts (except hosts running Cloudera Management Service roles).
    • Perform the same actions as the Read-Only role.

    The Limited Operator role does not allow the user to add services or take any other actions that affect the state of the cluster.

  • Operator
    • View configuration and monitoring information in Cloudera Manager.
    • View service and monitoring information.
    • Stop, start, and restart clusters, services (except the Cloudera Management Service), and roles.
    • Decommission and recommission hosts (except hosts running Cloudera Management Service roles).
    • Decommission and recommission roles (except Cloudera Management Service roles).
    • Start, stop, and restart KMS.
    • Perform the same actions as the Read-Only role.

    The Operator role does not allow the user to add services, roles, or hosts, or take any other actions that affect the state of the cluster.

  • Configurator
    • View configuration and monitoring information in Cloudera Manager.
    • Perform all Operator operations.
    • Configure roles and services (except the Cloudera Management Service).
    • Enter and exit maintenance mode.
    • Manage dashboards (including Cloudera Management Service dashboards).
    • Start, stop, and restart KMS
    • Perform the same actions as the Read-Only role.
  • Cluster Administrator
    • Apply policies to redact sensitive data.
    • Recommission hosts, and decommission and recommission roles.
    • Enter and exit Maintenance Mode.
    • Edit the configuration of services and roles.
    • Access all functionality that Cloudera Manager offers.
    • Start, stop, and restart most clusters, services, and roles.
    • View data in Cloudera Manager.
    • Start, stop, and restart KMS.
    • Decommission hosts.
  • BDR Administrator
    • View configuration and monitoring information in Cloudera Manager.
    • View service and monitoring information.
    • Perform replication and define snapshot operations.
    • Perform the same actions as the Read-Only role.
  • Navigator Administrator
    • View configuration and monitoring information in Cloudera Manager.
    • View service and monitoring information.
    • Administer Cloudera Navigator.
    • View audit events.
    • Perform the same actions as the Read-Only role.
  • User Administrator
    • View configuration and monitoring information in Cloudera Manager.
    • View service and monitoring information.
    • Manage user accounts and configuration of external authentication.
    • Create, update, or delete external account configuration.
    • Perform the same actions as the Read-Only role.
  • Key Administrator
    • View configuration and monitoring information in Cloudera Manager.
    • Configure HDFS encryption, administer Key Trustee Server, and manage encryption keys.
    • Start, stop, and restart KMS
    • Configure KMS ACLs
    • Perform the same actions as the Read-Only role.
  • Full Administrator
    • Apply policies to redact sensitive data.
    • Administer Cloudera Navigator.
    • Create, modify, and delete your own dashboards.
    • Manage user accounts and configuration of external authentication.
    • Enter and exit Maintenance Mode.
    • Edit the configuration of services and roles.
    • View data in Cloudera Manager.
    • Start, stop, and restart KMS.
    • Manage Full Administrator accounts.
    • Decommission hosts.
    • View audit events.
    • Create, update, or delete external account configuration.
    • Configure HDFS Encryption, administer Key Trustee Server, and manage encryption keys.
    • Recommission hosts, and decommission and recommission roles.
    • Access all functionality that Cloudera Manager offers.
    • Create replication schedules and snapshot policies.
    • Start, stop, and restart most clusters, services, and roles.