Cloudera Docs

All groups requirement

The Require all groups option ensures that only members of ALL groups listed in the role membership fields have the role's defined access.

In this example, the role Administrators Only is shared by members of both Administrators and Data Viz users user groups. If you do not select the Require all groups option, all members of either group get the privileges of the role. However, if you check the Require all groups options, only users who are members of BOTH Administrators and Data Viz users user groups get the privileges of the role.

There are two other ways a user can be a member of the role, even when the Require all groups option is on:

  • If the user is named specifically in the Users section of the membership page.
  • For roles that are imported, if the Groups section is empty, and the user is a member of ANY imported group.