Managing Users and Groups for the Cloudera Navigator Data Management Component

Required Role: Any one of the following: Cloudera Navigator User Administrator or Full Administrator; or Cloudera Manager Navigator Administrator or Full Administrator.

Users granted the Cloudera Manager role of Navigator Administrator who log in to Cloudera Navigator console are essentially the same as the Full Administrator (in the context of Cloudera Navigator user roles).

Cloudera Navigator supports user authentication against Cloudera Manager user accounts and against an external LDAP or Active Directory service. External authentication enables you to assign Cloudera Navigator user roles to LDAP or Active Directory groups containing the appropriate users for each user role.

Assigning Cloudera Navigator User Roles to LDAP or Active Directory Groups

The steps below assume that Cloudera Manager has been configured to integrate with Active Directory or other LDAP directory service as detailed in Configuring External Authentication for Cloudera Navigator. The steps also assume that user groups in the directory service have been granted permissions associated with the appropriate Cloudera Navigator user roles. If not, assign Cloudera Navigator users to such groups in the directory service now. Cloudera Navigator user roles are as follows:
  • Full Administrator
  • User Administrator
  • Auditing Viewer
  • Lineage Viewer
  • Metadata Administrator
  • Policy Viewer
  • Policy Administrator

Each role and its permissions is described in Cloudera Navigator User Roles. Plan out the user group-to-role mapping in advance—you must know the names of the Active Directory or LDAP user groups you want to configure.

To add or remove Cloudera Navigator user roles to LDAP or Active Directory user groups, perform the following steps:

  1. Log in to Cloudera Navigator with the credentials of a user having one or more of the following user roles:
    • Cloudera Manager Full Administrator
    • Cloudera Manager Navigator Administrator
    • Cloudera Navigator Full Administrator
    • Cloudera Navigator User Administrator
  2. Click the Administration tab in the upper right.
  3. Click the Role Management tab.
  4. Search for an LDAP or Active Directory group by entering its name (or the first portion of the name) in the search field and pressing Enter or Return.
    • Select All Groups to search among all groups in the external directory.
    • Select Groups with Navigator Roles to display only external directory groups that have already been assigned one or more Cloudera Navigator user roles.
  5. From the LDAP or Active Directory groups displayed, select the group to which you want to assign a Cloudera Navigator user role or roles. If roles have already been assigned to the group, they are listed beneath the name of the group in the main panel.
  6. Click Manage Role Assignment in the upper right.
  7. Click the checkbox for each Cloudera Navigator user role you want assigned to that Active Directory or LDAP group. Uncheck any already-assigned roles that you want to remove from the group.
  8. Click Save.

Changes to user role assignments take effect the next time the user logs in to Cloudera Navigator.