Setting role privileges

Role privileges are integral components of the Role-Based Access Control (RBAC) system in Cloudera Data Visualization. They define the level of dataset access that a role is allowed to grant to the members of a specified role.

Follow the steps below to add role privileges to a role, using "Test Role 1" as an example:

Add a new role privilege by clicking +ADD PRIVILEGE.

The ADD PRIVILEGE modal window appears.

note
The default privilege type is at the Connection level, but it can be changed by selecting Role or Dataset from the Component Types list.
In the Add Privilege modal window, under Component Type, select Role.
From Roles(s), choose one of the roles.

note
You can repeat this step to add more roles to this privilege.
After selecting the appropriate roles, click CREATE.
The Role privilege for the selected role appears on the list of privileges.
By default, it contains all possible privileges for a role component:
- Grant manage dataset
- Grant manage dashboards
- Grant view dashboards
Additional notes:
1. The privilege type is identified with the Roles icon.
2. The Grant view dashboards permission is mandatory if other permissions exist and cannot be removed. If you uncheck both Grant manage dashboards and Grant manage dataset, the Grant view dashboards permission becomes mutable and can be unselected.
3. The Grant manage dashboards permission is mandatory if Grant manage dataset permission is present and cannot be removed. If you uncheck Grant manage dataset, it becomes mutable and can be unselected.
4. The privilege can be deleted by clicking the Delete icon.
For the role permission on Visual Consumer, select only the Grant view dashboards permission.
Repeat the process for Analyst and Data Admin roles, specifying the following permissions:
- For Analyst, specify the Grant manage dashboards and Grant view dashboards permissions.
- For Data Admin, specify all permissions: Grant manage dataset, Grant manage dashboards, and Grant view dashboards.
Click SAVE at the top of the interface to save the updates.

Members assigned to this role under the Members tab, can now grant dataset access based on the role-based privilege rows.
The selections in the rows indicate the level of privileges each role receives on the Component line. For example, Analysts can grant Manage and View privileges to users.
The dataset access permissions are granted to the roles defined on the component line.

Proceed to Setting connection privileges.

For more information on possible permissions, see RBAC permissions.