Cloudera Docs

Setting role privileges

Role privileges are separate components of the Role Based Access Control (RBAC) system in Data Visualization. They define the level of dataset access that a role is allowed to grant to the members of a specified role.

The following steps demonstrate how to add role privileges to a role. In this example, Test Role 1 is used.

  1. Add another privilege by clicking the ADD PRIVILEGE button.
  2. The ADD PRIVILEGE modal window appears.

    You can see that the default privilege type is at the Connection level, but it can be changed by selecting Role or Dataset from the list of Component Types.

  3. In the Add Privilege modal window, under Component Type, select Role.
  4. From Roles(s), select either Visual Consumer, a role that was defined earlier.
    You can repeat this step to add more roles to this privilege.
  5. After selecting the appropriate roles, click CREATE.

    The Role privilege for the Visual Consumer role appears on the list of privileges.

    By default, it contains all possible privileges for a role component:
    • Grant manage dataset
    • Grant manage dashboards
    • Grant view dashboards

    Note the following:

    1. The privilege type appears with the Roles icon.
    2. The Grant view dashboards permission is mandatory if the other permissions exist, and cannot be removed. If you uncheck both Grant manage dashboards and Grant manage dataset, then the Grant view dashboards permission becomes mutable and can be unselected.
    3. The Grant manage dashboards permission is mandatory if Grant manage dataset permission is, and cannot be removed. If you uncheck Grant manage dataset, it becomes mutable and can be unselected.
    4. This privilege may be deleted by clicking the Delete icon.
  6. For the role permission on Visual Consumer, select only the Grant view dashboards permission.
  7. Repeat the previous steps twice, creating the following privileges:
    • On role Analyst, specify the Grant manage dashboards and Grant view dashboards permissions.
    • On role Data Admin, specify all permissions: Grant manage dataset, Grant manage dashboards, and Grant view dashboards.
  8. Click SAVE at the top of the interface to save the updates.
  • The members that get this role, defined under the Members tab, can grant dataset access defined by the role-based privilege rows.
  • The selections in the rows indicate the level of privilages that each role, as defined on the Component line, receives. For example, Analysts can grant Manage and View privilages to users.
  • The dataset access permissions are granted to the roles defined on the component line.

Proceed to Setting connection privileges.