Enabling admin and user access to environments

To get admin access to a fully functional environment, follow this procedure to create an environment and assign admin and user groups to the environment successfully.

Initial tasks to be performed by the power user

  1. A CDP user with PowerUser role creates an environment.
  2. The PowerUser assigns the EnvironmentAdmin resource role to the intended admin user(s). For instructions, refer to Assigning resources to users.
  3. Additional admin resource roles enumerated in Understanding roles and resource roles should be assigned if admin access to specific CDP service(s) is needed. For example, for admin access to the Data Warehouse service, assign DWAdmin role. For instructions, refer to Assigning resources to users.
  4. The PowerUser associates an existing group to the EnvironmentUser resource role for this environment. For instructions, refer to Assigning a resource role to a group.
  5. Additional user roles enumerated in Understanding roles and resource roles should be assigned if user access to specific CDP service(s) is needed. For example, for user access to the Data Warehouse service, assign DWUser role. For instructions, refer to Assigning resources to users.
  6. The PowerUser performs user sync after assigning the roles. For instructions, refer to Performing user sync.

Tasks to be performed by the admin

  1. The admin sets his/her workload password. For instructions, refer to Setting the workload password.
  2. The admin logs into Ranger and gets admin privileges.
  3. The admin logs into Ranger and modifies policies and other admin privileges. For instructions on how to set up authorization in Ranger, refer to Using Ranger to provide authorization documentation.

Tasks to be performed by the users

  1. The users should set their workload passwords. For instructions, refer to Setting the workload password.
  2. The users can upload their SSH keys that can be used for access to workload cluster nodes. For instructions, refer to Managing SSH keys.