User Roles and Privileges Reference
Cloudera Navigator lets authenticated users—those who have successfully logged in to Cloudera Navigator console—access features and functionality according to specifically assigned user roles. The Cloudera Navigator user role scheme requires the use of an external LDAP-compliant identity-directory service, such as OpenLDAP or Microsoft Server Active Directory. See Cloudera Navigator Authentication Overview for details.
After users have been assigned to various groups in the external LDAP-compliant identity-directory service, Cloudera Navigator administrators can grant user roles to various groups as needed. See Administering Navigator User Roles for details.
Information about user roles and the specific privileges to Cloudera Navigator is contained in the high-level summary and detailed matrix below.
Cloudera Navigator User Roles
- Auditing Viewer—View audit events, view audit analytics, and create audit reports.
- Custom Business Metadata Editor—Search for entities, view metadata, view lineage, view metadata analytics, edit user-defined properties and tags.
- Managed and Custom Business Metadata Editor—Search for entities, view metadata, view lineage, edit user-defined properties, edit managed properties, and define managed metadata models.
- Metadata & Lineage Viewer—Search for entities, view metadata, view lineage, and view metadata analytics such as the Data Stewardship Dashboard and the Data Explorer.
- Policy Editor—View, create, update, and delete metadata policies.
- Policy Viewer—View policies that can be applied to metadata. Note that this role needs to be combined with other roles to give view access to Navigator metadata.
- User Administrator—Assign user roles to groups. Requires the group (and the user accounts it contains) to exist in an LDAP-compliant directory service. See Configuring Navigator User Roles and Authentication and Cloudera Navigator for details.
- Full Administrator—All Navigator permissions.
- Full Administrator—Complete administrative and management access, including assigning user roles to groups. Required to install Cloudera Navigator. Users with this role are automatically assigned the Navigator Full Administrator role.
- Navigator Administrator—View data in Cloudera Manager, view service and monitoring information, administer Cloudera Navigator, view audit events. Users with this role are automatically assigned the Navigator Full Administrator role.
Cloudera Navigator User Role Details
The Cloudera Manager user roles Full Administrator and Navigator Administrator have the privileges listed for Full Administrator in the table below.
|Cloudera Navigator User Role|
|Auditing Viewer||Custom Business Metadata Editor||Managed and Custom Business Metadata Editor||Metadata & Lineage Viewer||Policy Editor||Policy Viewer||User Administrator||Full Administrator|
|Define metadata models|
|Edit entity name or description|
|Edit user-defined properties and tags|
|Edit managed properties|
|Search for entities|
|Start maintenance job|
|View audit analytics|
|View audit events and create reports|
|View maintenance history|
|View metadata analytics|
|View metadata policies|
|Enable debugging tools|
Categories: Authorization | Navigator | Roles | Security | Users | All Categories