September 21, 2021
This release of the Management Console service introduces the following changes:
New authorization model
CDP introduces a new authorization model. The following table summarizes new, changed, and deprecated roles. The roles that are not mentioned in this table are unchanged.
|New account role||
||This is a new account-level role.|
|Deprecated account roles||
||These roles have been deprecated in June 2020 and have been removed from the official documentation.|
|New environment resource roles||
||These roles can be assigned on the scope of a specific environment.|
|New Data Hub resource role||
||This role can be assigned on the scope of a specific Data Hub.|
|New shared resource role||
||This role can be assigned on the scope of a specific shared resource (cluster template, credential, image catalog, or recipe). Note that unlike other shared resources, proxies can only be managed by a PowerUser.|
|New resource role applicable to environments, Data Hubs, shared resources, and classic clusters||
||Grants all permissions required to manage the resource in CDP including the ability to delete it, but does not grant any cluster-level access. The user creating the resource automatically gets the Owner role on that resource.|
Steps for assigning roles
- The steps for assigning account roles and managing access to environments are unchanged.
- The steps for managing access to Data Hubs, shared resources (cluster templates, credentials, image catalogs, and recipes), and classic clusters are similar to the steps for managing access to environments: You can use the Manage access option from the resource details page.
- For updated information about all built-in roles in CDP, refer to Understanding account-level roles and resource roles.
- For updated instructions for how to manage access to resources, refer to Assigning a resource role to a user and Assigning a resource role to a group.
- For a migration guide to the new role-based authorization model, refer to Migrating to the new role-based authorization model.
- Other new and updated documentation:
Dots are now supported in group names
Improved AWS cloud storage setup documentation
AWS cloud storage setup documentation has been improved to include exact steps for creating the required S3 bucket, IAM policies, and IAM roles. See Minimal setup for cloud storage and Onboarding CDP users and groups for cloud storage .