CDE Virtual Cluster Access Controls Troubleshooting

Learn about troubleshooting scenarios for user and group access issues in CDE Virtual Clusters (VCs).

A user is added to a group with access to a VC, but the user still cannot access the VC: As the user is added to the group, do a user synchronization. For information about synchronizing users in an environment, see Performing user sync.
note
If the user still cannot access the VC, it might be due to internal caching. Wait for five minutes and try again.
A user or group is not displayed in the drop-down list while adding roles: If the user or group exists in the CDP account, but the user is not displayed in the drop-down list, it is very likely that the user is given a role already. Check the current access list.
Adding access controls while creating a VC: From the UI, you can add access controls only after the VC is created. Using CLI or API, you can add access controls during VC creation.
A user is added, but if the user tries to access the VC, the UI shows a 403 error: The user needs to have either a DEUser or a DEAdmin role in the environment irrespective of the roles in the VC. For more information, see Giving access to Data Engineering users.
User access works, but group access does not: If the group access does not work as expected, do a user synchronization in the environment and wait for five minutes. If the user access still does not work, a miscommunication between the authorization server and the LDAP server can be the cause. To find such errors, access the kubernetes cluster and check for logs of the dex-authz pod in the dex-base- namespace.