Stop sharing an artifact with a user or group

Learn about how to stop sharing an artifact with a user or group.

Prerequisites

When you want to share an artifact or stop sharing an artifact, you must provide the Workload User Name of the user in the Cloudera Data Engineering CLI or Cloudera Data Engineering API. To check your workload user name, go to Cloudera Management Console > User Management > Users, find the user name, and then find the Workload User Name.

Cloudera Data Engineering UI
Cloudera Data Engineering CLI
Cloudera Data Engineering API

To stop sharing jobs with a user or group, perform the following steps:

In the Cloudera console, click the Data Engineering tile. The Cloudera Data Engineering Home page displays.
In the left navigation menu, click Jobs. The Jobs page is displayed.
Select the job that you want to stop sharing and click on the Sharing tab.
In the Users and Groups table, click the icon under the Actions column for the user or group that you want to stop sharing the job.
In the Remove Assignment pop-up, click Remove.

To stop sharing repositories with a user or group, perform the following steps:

In the Cloudera console, click the Data Engineering tile. The Cloudera Data Engineering Home page displays.
In the left navigation menu, click Repositories. The Repositories page is displayed.
Select the repository that you want to stop sharing and click on the Sharing tab.
In the Users and Groups table, click the icon under the Actions column for the user or group that you want to stop sharing the repository.
In the Remove Assignment pop-up, click Remove.

To stop sharing resources with a user or group, perform the following steps:

In the Cloudera console, click the Data Engineering tile. The Cloudera Data Engineering Home page displays.
In the left navigation menu, click Resources. The Resources page is displayed.
Select the resource that you want to stop sharing and click on the Sharing tab.
In the Users and Groups table, click the icon under the Actions column for the user or group that you want to stop sharing the resource.
In the Remove Assignment pop-up, click Remove.

Run the following command to stop sharing an artifact with a user or group:

./cde <***ARTIFACT_TYPE***> update -h
Usage:
  cde <***ARTIFACT_TYPE***> update [flags]

Flags:
      --remove-acl-full-access-group stringArray   remove group with full access permission (can be repeated to remove multiple groups)
      --remove-acl-full-access-user stringArray    remove user with full access permission (can be repeated to remove multiple users) (set '*' value for all VC Users)
      --remove-acl-view-only-group stringArray     remove group with view only permission (can be repeated to remove multiple groups)
      --remove-acl-view-only-user stringArray      remove user with view only permission (can be repeated to remove multiple users) (set '*' value for all VC Users)

The <***ARTIFACT_TYPE***> value can be job, session, resource, repository, or credential. Only Artifact access management specific flags are shown for clarity.

Examples

The following examples are for jobs. But the same flags apply to sessions, resources, repositories, or credentials.

# remove cdpuser5 from view-only, cdpuser6 from full-access
./cde job update --name job-1 --remove-acl-view-only-user 'cdpuser5' --remove-acl-full-access-user 'cdpuser6' 

# combine user and groups. Add cdpuser5 and qe-group group
./cde job update --name job-1 --add-acl-view-only-user 'cdpuser5' --add-acl-full-access-group 'qe-group'

Run the following JSON payload to stop sharing an artifact with a user or a group:

curl -X PATCH \
<jobs_api_url>/<***ARTIFACT_TYPE***>/<***ARTIFACT_NAME***> \
-H "Authorization: Bearer ${CDE_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
	"acls": {
    		"full_access": {
        		"users": []
    		},
		"view_only": {
			"users": []
		}
}
}'

The <***ARTIFACT_TYPE***> value can be jobs, resource, repository, or credential and the <***ARTIFACT_NAME***> value is the name of the artifact.

Example

This exmaple shows removing cdpuser1 from view-only access and cdpuser2 from full-access.

# remove cdpuser1 from view-only and cdpuser2 from full-access
curl -X PATCH \
https://qnrjlcs6.cde-fllv7d7m.apps.apps.shared-rke-dev-01.kcloud.cloudera.com/dex/api/v1/jobs/job-1 \
-H "Authorization: Bearer ${CDE_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
	"acls": {
    		"full_access": {
        		"users": []
    		},
		"view_only": {
			"users": []
		}
}
}'