Stop sharing an artifact with a user or group

Learn about how to stop sharing an artifact with a user or group.

Prerequisites:

When you want to share an artifact or stop sharing an artifact, you must provide the Workload User Name of the user in the Cloudera Data Engineering CLI or Cloudera Data Engineering API. To check your workload user name, select Cloudera Management Console > User Management > Users, find the user name, and then find the Workload User Name.

Cloudera Data Engineering CLI
Cloudera Data Engineering API

Run the following command to stop sharing an artifact with a user or group:

./cde <***ARTIFACT_TYPE***> update -h
Usage:
  cde <***ARTIFACT_TYPE***> update [flags]

Flags:
      --remove-acl-full-access-group stringArray   remove group with full access permission (can be repeated to remove multiple groups)
      --remove-acl-full-access-user stringArray    remove user with full access permission (can be repeated to remove multiple users) (set '*' value for all VC Users)
      --remove-acl-view-only-group stringArray     remove group with view only permission (can be repeated to remove multiple groups)
      --remove-acl-view-only-user stringArray      remove user with view only permission (can be repeated to remove multiple users) (set '*' value for all VC Users)

Where, <***ARTIFACT_TYPE***> value can be job, session, resource, repository, or credential. Only Artifact access management specific flags are shown for clarity.

Examples: The following examples are for jobs. But the same flags apply to sessions, resources, repositories, or credentials.

# remove cdpuser5 from view-only, cdpuser6 from full-access
./cde job update --name job-1 --remove-acl-view-only-user 'cdpuser5' --remove-acl-full-access-user 'cdpuser6' 

# combine user and groups. Add cdpuser5 and qe-group group
./cde job update --name job-1 --add-acl-view-only-user 'cdpuser5' --add-acl-full-access-group 'qe-group'

Run the following JSON payload to stop sharing an artifact with a user or a group:

curl -X PATCH \
<jobs_api_url>/<***ARTIFACT_TYPE***>/<***ARTIFACT_NAME***> \
-H "Authorization: Bearer ${CDE_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
	"acls": {
    		"full_access": {
        		"users": []
    		},
		"view_only": {
			"users": []
		}
}
}'

Where, <***ARTIFACT_TYPE***> value can be jobs, resource, repository, or credential and <***ARTIFACT_NAME***> is the name of the artifact.

Example: To remove cdpuser1 from view-only and cdpuser2 from full-access:

# remove cdpuser1 from view-only and cdpuser2 from full-access
curl -X PATCH \
https://qnrjlcs6.cde-fllv7d7m.apps.apps.shared-rke-dev-01.kcloud.cloudera.com/dex/api/v1/jobs/job-1 \
-H "Authorization: Bearer ${CDE_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
	"acls": {
    		"full_access": {
        		"users": []
    		},
		"view_only": {
			"users": []
		}
}
}'