CDP machine user

A machine user account provides programmatic access to CDP. Create a machine user account if you have an application that needs to access the CDP services with the CLI or the CDP SDK for Java.

You can define the machine user account in your application to create and manage clusters and run jobs in CDP using the CLI or API commands.

You can create and manage a machine user account within CDP. You must assign an API access key to a machine user account to enable it to access the CDP service with the CLI or CDP SDK for Java. You must assign roles to a machine user account to authorize it to perform tasks in CDP.

A machine user account does not have an associated Cloudera user account. You cannot use a machine user to log in to the CDP console.

Machine users created in the control plane are not automatically created in the customer LDAP. Therefore you cannot use machine users to access data in the base cluster.

Use the following guidelines when you manage user accounts in CDP:

  • When you create a machine user account, you assign roles and environments to the machine user account in the same way that you assign roles and environments to other user accounts. For more information about assigning roles and environments to a user account, see Setting Up User Access and Authorization.
  • When you revoke permissions for a machine user, ensure that you remove all the roles that grant the permissions that you want to revoke. To revoke all permissions granted to a machine user account, complete the following steps:
    • Remove all roles assigned to the machine user.
    • Delete any access key created for the machine user.
  • You can delete a machine user account in CDP. You can delete the machine user account on the CDP console or using the CLI. For more information about deleting a machine user account, see Deleting a Machine User Account.