CDP machine user

A machine user account provides programmatic access to CDP. Create a machine user account if you have an application that needs to access the CDP services with Management Console APIs.

You can define the machine user account in your application to create and manage clusters and run jobs in CDP using the CLI or API commands.

You can create and manage a machine user account within CDP. You must assign an API access key to a machine user account to enable it to access the CDP service. You must assign roles to a machine user account to authorize it to perform tasks in CDP.

A machine user account does not have an associated Cloudera user account. You cannot use a machine user to log in to the CDP console.

Machine users created in the control plane are not automatically created in the customer LDAP. Therefore you cannot use machine users to access data in the base cluster.

Use the following guidelines when you manage user accounts in CDP:

• When you create a machine user account, you assign roles and environments to the machine user account in the same way that you assign roles and environments to other user accounts.
• When you revoke permissions for a machine user, ensure that you remove all the roles that grant the permissions that you want to revoke. To revoke all permissions granted to a machine user account, complete the following steps:
  • Remove all roles assigned to the machine user.
  • Delete any access key created for the machine user.
• You can delete a machine user account in CDP. You can delete the machine user account on the CDP console.