Cloudera Manager User Accounts
Access to Cloudera Manager features is controlled by user accounts. A user account identifies how a user is authenticated and determines what privileges are granted to the user.
When you are logged in to the Cloudera Manager Admin Console, the username you are logged in as is at the far right of the top navigation bar—for example, if you are logged in as admin you will see .
An user in the Administrator role manages user accounts through the
page.User Authentication
Cloudera Manager provides several mechanisms for authenticating users. You can configure Cloudera Manager to authenticate users against the Cloudera Manager database or against an external authentication service. The external authentication service can be an LDAP server (Active Directory or an OpenLDAP compatible directory), or you can specify another external service. Cloudera Manager also supports using the Security Assertion Markup Language (SAML) to enable single sign-on.
If you are using LDAP or an external service you can configure Cloudera Manager so that it can use both methods of authentication (internal database and external service), and you can determine the order in which it performs these searches. If you select an external authentication mechanism, Administrator users can always authenticate against the Cloudera Manager database. This is to prevent locking everyone out if the authentication settings are misconfigured—such as with a bad LDAP URL.
With external authentication, you can restrict login access to members of specific groups, and can specify groups whose members are automatically given Administrator access to Cloudera Manager.
Users accounts in the Cloudera Manager database page show Cloudera Manager in the User Type column. User accounts in an LDAP directory or other external authentication mechanism show External in the User Type column.
User Roles
- Read-Only - Allows the user to view service and monitoring information but cannot add services or take any actions that affect the state of the cluster.
- Limited Operator - Allows the user to view service and monitoring information and decommission hosts (except hosts running Cloudera Management Service roles), but cannot add services or take any other actions that affect the state of the cluster.
- Operator - Allows the user to view service and monitoring information, stop, start, and restart clusters, services, and roles (except the Cloudera Management Service and roles), decommission and recommission hosts (except hosts running Cloudera Management Service roles), and decommission and recommission roles (except Cloudera Management Service roles), but cannot add services, roles, or hosts, or take any other actions that affect the state of the cluster.
- Configurator - Allows the user to perform all Operator operations, configure services (except the Cloudera Management Service), enter and exit maintenance mode, and manage dashboards (including Cloudera Management Service dashboards).
- Administrator - Allows the user to add, change, delete, and configure services, roles, and hosts and administer user accounts. Even if you are using an external authentication mechanism for user authentication, users with Administrator privileges can log in to Cloudera Manager using their local Cloudera Manager username and password. (This prevents the system from locking everyone out if the external authentication settings get misconfigured.)
Changing the Logged-In Internal User Password
- Right-click the logged-in username at the far right of the top navigation bar and select Change Password.
- Enter the current password, and a new password twice and then click Update.
Adding an Internal User Account
- Select .
- Click the Add User button.
- Enter a username and password.
- In the Role drop-down, select a role for the new user.
- Click Add.
Assigning User Roles
- Select .
- Check the checkbox next to one or more usernames.
- Select .
- In the drop-down, select the role.
- Click the Assign Role button.
Changing an Internal User Account Password
- Select .
- Click the Change Password button next to a username with User Type Cloudera Manager.
- Type the new password and repeat it to confirm.
- Click the Update button to make the change.
Deleting Internal User Accounts
- Select .
- Check the checkbox next to one or more usernames with User Type Cloudera Manager.
- Select .
- Click the OK button. (There is no confirmation of the action.)
<< Managing Users and Authentication | Configuring External Authentication >> | |