September 21, 2021

This release of the Management Console service introduces the following changes:

New authorization model

CDP introduces a new authorization model. The following table summarizes new, changed, and deprecated roles. The roles that are not mentioned in this table are unchanged.

Account roles

Roles Description
New account role
  • EnvironmentCreator
This is a new account-level role.
Deprecated account roles
  • EnvironmentAdmin
  • EnvironmentUser
These roles have been deprecated in June 2020 and have been removed from the official documentation.

Resource roles

Roles Description
New environment resource roles
  • DataSteward
  • DataHubCreator
These roles can be assigned on the scope of a specific environment.
New Data Hub resource role
  • DataHubAdmin (Technical Preview)
This role can be assigned on the scope of a specific Data Hub.
New shared resource role
  • SharedResouceUser
This role can be assigned on the scope of a specific shared resource (cluster template, credential, image catalog, proxy, or recipe).
New resource role applicable to environments, Data Hubs, shared resources, and classic clusters
  • Owner
Grants all permissions required to manage the resource in CDP including the ability to delete it, but does not grant any cluster-level access. The user creating the resource automatically gets the Owner role on that resource.

Steps for assigning roles

  • The steps for assigning account roles and managing access to environments are unchanged.
  • The steps for managing access to Data Hubs, shared resources (cluster templates, credentials, image catalogs, and recipes), and classic clusters are similar to the steps for managing access to environments: You can use the Manage access option from the resource details page.

Updated documentation

Dots are now supported in group names

The list of supported characters in group names was extended to include dots. See updated documentation:

Improved AWS cloud storage setup documentation

AWS cloud storage setup documentation has been improved to include exact steps for creating the required S3 bucket, IAM policies, and IAM roles. See Minimal setup for cloud storage and Onboarding CDP users and groups for cloud storage .