Managing Users and Groups for the Cloudera Navigator Data Management Component

Required Role:

Cloudera Navigator supports user authentication against Cloudera Manager user accounts and against an external LDAP or Active Directory service. External authentication enables you to assign Cloudera Navigator user roles to LDAP or Active Directory groups containing the appropriate users for each user role.

Assigning Cloudera Navigator User Roles to LDAP or Active Directory Groups

This section assumes that values for your LDAP or Active Directory directory service have been configured in Cloudera Manager as described in Configuring External Authentication for Cloudera Navigator. This section also assumes that your LDAP or Active Directory service contains user groups that correspond to Cloudera Navigator user roles having the permissions you want each group of users to have. If not, you should assign your users to such groups now. The Cloudera Navigator user roles are as follows:
  • Full Administrator
  • User Administrator
  • Auditing Viewer
  • Lineage Viewer
  • Metadata Administrator
  • Policy Viewer
  • Policy Administrator

Each of these roles and the permissions associated with it are described in Cloudera Navigator User Roles.

To add or remove Cloudera Navigator user roles to LDAP or Active Directory user groups, you should know the names of the directory groups you want to configure, and then perform the following steps:

  1. Open the Cloudera Navigator Web UI in one of the following ways:
    • On the Clusters menu of Cloudera Manager, click Cloudera Navigator in the Cloudera Management Service section for the desired cluster.
    • Click the Instances tab on the Cloudera Management Service page, and click Navigator Metadata Server. In the Summary section's Quick Links, click Cloudera Navigator.
  2. Log in to Cloudera Navigator with the credentials of a user having one or more of the following user roles:
    • Cloudera Manager Full Administrator
    • Cloudera Manager Navigator Administrator
    • Cloudera Navigator Full Administrator
    • Cloudera Navigator User Administrator
  3. Click the Administration tab in the upper right.
  4. Search for an LDAP or Active Directory group by entering its name (or the first portion of the name) in the search field.
    • Select All Groups to search among all groups in the external directory.
    • Select Groups with Navigator Roles to display only external directory groups that have already been assigned one or more Cloudera Navigator user roles.
  5. From the LDAP or Active Directory groups displayed, select the group to which you want to assign a Cloudera Navigator user role or roles. If roles have already been assigned to the group, they are listed beneath the name of the group in the main panel.
  6. Click Manage Role Assignment in the upper right.
  7. Click the checkbox for each Cloudera Navigator user role you want assigned to that Active Directory or LDAP group. Uncheck any already-assigned roles that you want to remove from the group.
  8. Click Save.

If a user's role assignments are changed, the changes take effect with the user's next new session, that is, the next time the user logs in to Cloudera Navigator.