Assign a Cloudera resource role to a group

You can assign a Cloudera Data Hub resource role to a group to allow them to manage a specific Cloudera Data Hub.

Required roles:

Owner or a role that allows administering the environment AND
One of the following: IamViewer or IamUser (required for listing users).

In order to assign a role, a user must have all rights from the role that they are planning to assign to another user; That is, a user can only assign a role higher than his own.

CDP UI
CDP CLI

Sign in to the Cloudera console.
Navigate to the details page of your Cloudera Data Hub cluster. This can be done in a few ways. For example:
- From the Cloudera home page, click Data Hub Clusters and then click on the specific cluster.
- From the Cloudera home page, click on Cloudera Management Console, navigate to the Data Hub Clusters page, and then click on the specific cluster.
From the Actions menu select Manage Access.
Enter the name of the group in the text box.
In the Update Resource Roles window, select the required resource role.
Click Update Roles.

To assign a resource role to a group:

cdp iam assign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>

To remove a resource role from a group:

cdp iam unassign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>

The resource-role-crn parameter requires the CRN of the resource role you want to assign to the group.
The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions.

To get a list of the resource roles assigned to a group:

cdp iam list-group-assigned-resource-role \
--group-name <value>