Administering User Roles
Cloudera Navigator user roles can be assigned to groups that are managed by an external LDAP-compliant identity/authentication system (Active Directory, OpenLDAP) using the Role Management tab of the Cloudera Navigator console, as detailed below. The Role Management feature only becomes available in the Cloudera Navigator console after the external system has been successfully configured for use by Cloudera Navigator. See Authentication for Cloudera Navigator for configuration details.
Assigning User Roles to Groups
Cloudera Navigator user roles determine the Cloudera Navigator features and functions available to the logged in account holders. Data stewards, auditors, and other business users log in to the Cloudera Navigator console and have available only those menu selections and options appropriate for the user role (or roles) granted to group of which they are a member. The groups are defined in an external LDAP service that has been configured for use by Cloudera Navigator. See Authentication for Cloudera Navigator for details.
- Cloudera Manager Full Administrator or Navigator Administrator, or Cloudera Navigator User Administrator.
To assign Cloudera Navigator user roles to groups:
- Log in to Cloudera Navigator console.
- Click the Administration menu.
- Click the Role Management tab.
- Select All Groups to search among all groups in the external directory.
- Select Groups with Navigator Roles to filter your search to groups that have already been assigned one or more Cloudera Navigator user roles.
- Enter the name of the specific group in the search field.
- Select the group from among those returned in the list. Existing roles, if any, display under the group name. For example:
- Click Manage Role Assignment in the upper right corner (not shown above).
- Click the box to select each user role you want to assign to the group.
- Click to de-select any checked box to remove an existing user role assigned to the group. .
- Click Save.
Changes to user role assignments take effect the next time users in the group log in to Cloudera Navigator.
Displaying Roles for Current User Account Login
The user roles associated with a given login session are available from the Cloudera Navigator menu. Assuming you are logged in to Cloudera Navigator console, you can always verify the user roles associated with your current login as follows:
- Select My Roles from the username drop-down menu, where username is the name of the logged in account. For example, the current login is admin:
- The Roles pop-up window displays all roles assigned to the LDAP or Active Directory groups to which the current user belongs.
- Click Close to dismiss the window.
Categories: Active Directory | Administrators | Authentication | Cloudera Manager | Groups | LDAP | Navigator | Roles | Users | All Categories