Assign a shared resource resource role to a group

You can assign shared resources such as credentials, clusters templates, recipes, image catalogs, or proxies to groups. To assign a shared resource to a group, assign a specific resource role on the scope of the specific shared resource.

Required roles:
  • Owner or a role that allows administering the environment AND
  • One of the following: IamViewer or IamUser (required for listing users).
In order to assign a role, a user must have all rights from the role that they are planning to assign to another user; That is, a user can only assign a role higher than his own.
  1. Sign in to the Cloudera console.
  2. From the Cloudera home page, click Cloudera Management Console.
  3. From the left pane, select Shared Resources, and then select a resource type (for example Cluster Templates) to view a summary of all resources of that type.
  4. Find the specific resource (for example a specific cluster template) and click on it to navigate to its details page.
  5. Click on Manage Access.
  6. Enter the name of the group in the text box.
  7. In the Update Resource Roles window, select the required resource role.
  8. Click Update Roles.

To assign a resource role to a group:

cdp iam assign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value> 

To remove a resource role from a group:

cdp iam unassign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
  • The resource-role-crn parameter requires the CRN of the resource role you want to assign to the group.
  • The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions.

To get a list of the resource roles assigned to a group:

cdp iam list-group-assigned-resource-role \
--group-name <value>