Configuring initial administrator users and groups

When you add the Cloudera Data Visualization service in Cloudera Manager, you can configure which users and groups are granted administrator privileges in the application. Administrator access can be assigned either by explicitly specifying admin users and groups, or, when using LDAP, by assigning administrator privileges based on LDAP group membership.

This section explains how to explicitly configure administrator users and groups using Cloudera Manager. For information about assigning administrator privileges using LDAP user flags, see Configuring user authentication using LDAP.

The Cloudera Data Visualization service is already added to the Cloudera Base on premises cluster.
Authentication is configured (for example, LDAP or SSO).
User and group information is available through your configured authentication provider.

note
Group information is required only if you plan to assign administrator privileges based on groups.

In Cloudera Manager, go to > Configuration.
Locate the following properties (use the search field if needed).
- Admin Users maps to the ADMIN_USERS environment variable
- Admin Groups maps to the ADMIN_GROUPS environment variable
Configure the values as required.
- Admin Users
  
  Enter a comma‑separated list of usernames that should be granted administrator privileges.
  Example: alice,bob
- Admin Groups
  
  Enter a comma‑separated list of group names whose members should be granted administrator privileges.
  Example: cdv-admins,platform-admins
Click Save.
If prompted, restart the Cloudera Data Visualization service to apply the changes.

At each login to Cloudera Data Visualization:

If the user’s username matches an entry in the list of Admin Users, the user is granted administrator privileges.
If Admin Groups is configured and the user belongs to one of the listed groups, the user is granted administrator privileges.

Security considerations

Grant administrator privileges only to users or groups that require full platform access. The Administrator role provides unrestricted control over Cloudera Data Visualization, including access to all datasets, visualizations, and system settings.
Use Admin Groups instead of individual users wherever possible, as group-based administration simplifies access management and reduces the risk of orphaned admin accounts.
Removing a user or group from these configuration properties does not automatically revoke existing administrator privileges. To demote an administrator, update the user’s role manually in the Cloudera Data Visualization UI or through the appropriate API.