Cloudera Docs

Cloudera Data Flow user roles

As a security administrator with the PowerUser role, you must assign one or more Cloudera Data Flow roles to a user to allow the user to perform tasks in the Cloudera Data Flow Catalog, the Cloudera Data Flow environment, and the Apache NiFi cluster.

Review each of the following Cloudera Data Flow roles to determine which roles a user requires:

For information on configuring Cloudera user management, see User Management in the Cloudera Management Console documentation.

DFAdmin

This role allows a user to manage the lifecycle of a Cloudera Data Flow environment.

A user with the DFAdmin role can perform the following tasks:

  • Enable a Cloudera environment for Cloudera Data Flow
  • View an environment
  • View environment details and Cloudera Data Flow Settings
  • Disable an environment
  • Update resource roles
  • Grant remote access to an environment
  • Revoke remote access to an environment
  • Terminate all running deployments when disabling the Cloudera Data Flow service for an environment.

A user with the DFAdmin and PowerUser roles can perform the following additional tasks:

  • Assign the DFAdmin role to other users
  • Revoke the DFAdmin role from other users

DFCatalogAdmin

This role allows a user to centrally manage flow definitions and ReadyFlows.

A user with the DFCatalogAdmin role can perform the following tasks in the Cloudera Data Flow Catalog:

  • View and search flow definitions
  • Import flow definitions
  • Import new versions of existing flow definitions
  • View flow definition details
  • Publish flow drafts to the Catalog
  • Delete flow definitions
A user with the DFCatalogAdmin role can perform the following tasks in the ReadyFlow Gallery:
  • View and search ReadyFlows
  • Add ReadyFlows to the Catalog

DFCatalogPublisher

This role allows a user to perform the following tasks:
  • View and search flow definitions
  • Import flow definitions
  • Import new versions of existing flow definitions
  • View flow definition details
  • Publish flow drafts to the Catalog

A user with the DFCatalogPublisher, and the DFCollectionMemeber or DFCollectionAdmin roles can perform the following additional task:

  • Import a flow definition into a Catalog collection

DFCatalogViewer

This role allows a user to perform the following tasks:
  • View and search flow definitions in the Cloudera Data Flow Catalog
  • View and search ReadyFlows in the ReadyFlow Gallery

DFCollectionAdmin

This role is automatically assigned to users with DFCollectionsCreator role upon creating a collection.

A use with the DFCollectionAdmin role can perform the following roles within a collection:

  • Add/remove users and groups
  • Change user and group roles (DFCollectionAdmin, DFCollectionMember, or DFCollectionViewer)
  • Modify the collection name and description
  • Delete the collection.

DFCollectionsAdmin

This role allows a user to centrally manage collections.

A user with the DFCollectionsAdmin role can perform the following tasks in a tenant:

  • Create and manage collections
  • Edit users and groups assigned to collections
  • Delete collections

DFCollectionsCreator

This role allows the user to create Cloudera Data Flow Catalog collections.

A user with the DFCollectionsCreator role can perform the following tasks in a tenant:

  • Create and manage collections
  • The DFCollectionsCreator automatically receives administrator (DFCollectionAdmin) role over collections they create. This role allows them to
    • Manage the collection
    • Edit users and groups assigned to the collection
    • Delete the collection

DFCollectionMember

A user with the DFCollectionMember role can perform the following tasks in a Catalog collection:

  • View flow definitions in the collection
  • Publish flow definitions to the collection
  • Import flow definitions to the collection
  • Delete flow definitions from the collection
  • Reassign flow definitions between collections (This requires DFCollectionMember or DFCollectionAdmin role both in the source and target collections) or move a flow definition out of the collection, rendering it 'unassigned'.

DFCollectionViewer

A user with the DFCollectionViewer role can perform the following tasks in a Catalog collection.

  • View flow definitions in the collection

A user with the DFFlowAdmin role and the DFCatalogViewer role can perform the following additional task:

  • Deploy flow definitions

DFFlowAdmin

This role allows a user to manage flow deployments in a Cloudera Data Flow environment. In addition, this role together with either the DFCatalogViewer or DFCatalogAdmin role allows the user to deploy flows.

A user with the DFFlowAdmin role alone can perform the following tasks:

  • View a deployment on the dashboard
  • View deployment details and settings
  • View a deployment in NiFi
  • Stop a deployment in NiFi
  • Suspend a deployment in NiFi
  • Terminate a deployment in NiFi
  • Change NiFi version
A user with the DFFlowAdmin and PowerUser roles can perform the following additional tasks:
  • Assign the DFFlowAdmin and DFFlowUser roles to other users
  • Revoke the DFFlowAdmin and DFFlowUser roles from other users

A user with the DFFlowAdmin role and either the DFCatalogViewer or DFCatalogAdmin role can perform the following additional task:

  • Deploy flow definitions

DFFlowDeveloper

This role allows a user to view, search, create, and manage drafts in Flow Designer on environment level.

A user with the DFDeveloper role can perform the following tasks:

  • Create a new draft
  • View all drafts in an environment
  • View all draft details and settings in an environment
  • Update all drafts in an environment
  • Start and end Test Sessions for any draft in an environment
  • Delete any draft in an environment

A user with the DFDeveloper and the DFCatalogViewer, DFCatalogPublisher, or DFCatalogAdmin roles can perform the following additional tasks:

  • Create drafts from flow definitions in the Cloudera Data Flow Catalog
  • Create drafts from ReadyFlows in the ReadyFlow Gallery
  • Publish drafts as flow definitions to the Catalog (DFCatalogPublisher or DFCatalogAdmin only)

DFFlowUser

This role allows a user to view, search, and monitor flow deployments in a Cloudera Data Flow environment.

A user with the DFFlowUser role can perform the following tasks:

  • View a deployment on the dashboard
  • View deployment details and settings
  • View a deployment in NiFi

DFProjectAdmin

This role is automatically assigned to users with DFProjectCreator role upon creating a Project.

A user with the DFProjectAdmin role can perform the following tasks:

  • Add/remove users and group
  • Change user and group roles (DFProjectAdmin or DFProjectMember)
  • Modify the Project name and description
  • Delete the Project.

DFProjectCreator

This role allows a user to create and manage Projects on environment level.

A user with the DFProjectCreator role can perform the following tasks:
  • Create a Project.
  • Edit a Project.
  • Manage users and groups assigned to a Project.

DFProjectMember

This role enables users to access resources assigned to a Project and perform actions on them that are allowed by their other user roles.

DFProjectsAdmin

This role allows a user to centrally manage Projects.

A user with the DFProjectsAdmin role can perform the following tasks in a tenant:
  • View and create Projects.
  • Edit users and groups assigned to Projects.
  • Delete Projects.