Assign a classic cluster resource role to a group

You can assign a classic cluster resource role to a group to allow them to manage a specific classic cluster.

Required roles:
  • Owner or a role that allows administering the environment AND
  • One of the following: IamViewer or IamUser (required for listing users).
In order to assign a role, a user must have all rights from the role that they are planning to assign to another user; That is, a user can only assign a role higher than his own.
  1. In the Cloudera Management Console navigate to the Classic Clusters dashboard.
  2. Click on the (context menu) next to the cluster that you want to update and select Manage Access.
  3. Find the group that you want to update and click on Update Roles.
  4. Select or deselect the roles and then click on Update Roles.

To assign a resource role to a group:

cdp iam assign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value> 

To remove a resource role from a group:

cdp iam unassign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
  • The resource-role-crn parameter requires the CRN of the resource role you want to assign to the group.
  • The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions.

To get a list of the resource roles assigned to a group:

cdp iam list-group-assigned-resource-role \
--group-name <value>