Access roles in Cloudera Data Engineering

Learn about role-based access in Cloudera Data Engineering.

Access roles available in Cloudera Data Engineering:

DE Admin: A DEAdmin user has full access to all the components in the Cloudera Data Engineering including the Services and the Virtual Clusters within a specific environment. A DEAdmin can view and manage the artifacts created by any user in the environment.
Roles at Cloudera Data Engineering Service:
- Service Admin: A Service Admin can manage a specific Service with full access to the underlying Virtual Clusters, including the associated artifacts. By default, a Service Admin gets full-access to all the Virtual Clusters and the associated artifacts in a specific Service even though they are not assigned any role in the Virtual Cluster.
- Service User: A Service User can only view the details of a specific Service. A Service User cannot update or delete a Service. Also, a Service User cannot implicitly view the underlying Virtual Clusters or the artifacts within a Virtual Cluster, unless they are explicitly assigned at least a VC User role in the Virtual Cluster.
Roles at Cloudera Data Engineering Virtual Cluster:
- VC Admin: A VC Admin can manage a specific Virtual Cluster with full access to all its associated artifacts.
- VC User: A VC User can access a specific Virtual Cluster to create and manage the artifacts that are owned by them or explicitly shared with them by another user.
- VC Viewer: A VC Viewer can access a specific Virtual Cluster with view-only access to all the artifacts in the Virtual Cluster. A VC Viewer cannot run, delete, or change any artifacts. Cloudera recommends using the VC Viewer role for view-only scenarios. For example, support-related scenarios, where a Support Executive has to view the artifacts and the logs to debug any issue.

important

In a Cloudera Data Engineering Virtual Cluster, you must have at least one of the following roles to access the Virtual Cluster:
- DEAdmin
- DEUser (deprecated)
- Service Admin
- VC Admin
- VC Uset
- VC Viewer
A DEAdmin and Service Admin can assign a role in a Cloudera Data Engineering Service.
A DEAdmin, Service Admin, and VC Admin can assign a role in a Cloudera Data Engineering Virtual Cluster.
For a user or a group to appear in the search while assigning a role in the Virtual Cluster, the user or group must have a role assigned in the corresponding Cloudera Data Engineering Service. You must have at least a Service User role to assign a role in the Virtual Cluster. For example, if you want to assign user-01 as VC Admin for the VC-01 (Virtual Cluster) in the Service-01 (Service), then user-01 must at least be a Service User in Service-01.
A Service User can only access the Virtual Cluster only if they have a role assigned in the Virtual Cluster. A Service User with a VC Admin role can view, update, and delete the specific Virtual Cluster. Whereas, a Service User with either a VC User or VC Viewer role can only view a Virtual Cluster.

Role-based access for Services

The following table lists the roles and actions a user can perform in the Cloudera Data Engineering Service:


Role	Create	View	Update	Delete
DE Admin	Yes	Yes	Yes	Yes
Service Admin	No	Yes	Yes	Yes
Service User	No	Yes	No	No
VC Admin	No	Yes	No	No
VC User	No	Yes	No	No
VC Viewer	No	Yes	No	No

Role-based access for Virtual Clusters

The following table lists the roles and actions a user can perform in the Cloudera Data Engineering Virtual Cluster:


Role	Create	View	Update	Delete
DE Admin	Yes	Yes	Yes	Yes
Service Admin	Yes	Yes	Yes	Yes
VC Admin	No	Yes	Yes	Yes
VC User	No	Yes	No	No
VC Viewer	No	Yes	No	No