Cloudera Docs

Configuring roles for Cloudera Lakehouse Optimizer users

Ensure that you have the right roles assigned to you before you use Cloudera Lakehouse Optimizer. Depending on you role, you can deploy the Data Hub, create the Cloudera Lakehouse Optimizer policies, and monitor the policies.

To access the Cloudera Lakehouse Optimizer features and REST APIs, you might require one or more of the following roles:
Role Description
Cloudera Lakehouse Optimizer-specific roles
Administrators* Can access and use all the features including all the REST APIs.
Operators* Have limited access to REST APIs. They can run certain tasks, and have no privileges to modify the service configuration.
Monitors* Can only observe the health and status of the service and its running tasks.
Other required roles
Privileged CDP User Can create new groups and assign Cloudera users to those groups, which can then be mapped to Cloudera Lakehouse Optimizer roles in Cloudera Manager.
EnvironmentUser Can access the Lakehouse Optimizer UI.
DataHubCreator Can create the Data Hub.
*Ensure that you define the role for the entire environment. This is because you cannot define the role for a specific namespace or table.

To assign a role to a user, the Privileged CDP User must perform the following steps:

  1. Create the required user groups.
    1. Go to the Cloudera Management Console > User Management > Groups tab.
    2. Create an administrator group.
      1. Click Create Group.
      2. Enter a Name for the administrator group on the Create Group modal window, and click Create.

        For example, CLO_Admin as shown in the following screenshot:

        The image shows the Create Group modal window in User Management.
    3. Create an operator group.
      1. Click Create Group.
      2. Enter a Name for the operator group on the Create Group modal window, and click Create.

        For example, CLO_Operator.

    4. Create a monitor group.
      1. Click Create Group.
      2. Enter a Name for the monitor group on the Create Group modal window, and click Create.

        For example, CLO_Monitor.

  2. Identify and add the users to each group.
    1. Go to the Cloudera Management Console > User Management > Groups page.
    2. Search, and click the group name. For example, CLO_Admin.
    3. Enter the user name, or choose a user on the Members tab.
      The following screenshot shows the search field where you can enter the user name for the group:
      The image shows the Members tab in User Management.
      The user is added to the group.
  3. Synchronize the users for the environment.
    1. Go to the Cloudera Management Console > User Management page.
    2. Click Actions > Synchronize Users.
    3. Click Synchronize Users.
      For more information, see Performing user sync.
  4. Map the groups to the Cloudera Lakehouse Optimizer roles.
    1. Go to the Cloudera Manager > Clusters > cloudera_lakehouse_optimizer > Configuration tab.
    2. Search for the CLO Security Role Admin property, remove the default dlm_admin role, and add the [*** ADMINISTRATOR GROUP NAME ***]. For example, CLO_Admin.
    3. Search for the CLO Security Role Operator property, remove the default dlm_operator role, and add the [*** OPERATOR GROUP NAME ***]. For example, CLO_Operator.
    4. Search for the CLO Security Role Monitor property, remove the default dlm_monitor role, and add the [*** MONITOR GROUP NAME ***]. For example, CLO_Monitor.
    5. Save Changes