Assign a shared resource role to a user

You can assign shared resources such as credentials, clusters templates, recipes, image catalogs, or proxies to users and machine users. To assign a shared resource to a user or a machine user, assign a specific resource role on the scope of the specific shared resource.

Required roles:
  • Owner or a role that allows administering the environment AND
  • One of the following: IamViewer or IamUser (required for listing users).
In order to assign a role, a user must have all rights from the role that they are planning to assign to another user; That is, a user can only assign a role higher than his own.
  1. Sign in to the Cloudera console.
  2. From the Cloudera home page, click Cloudera Management Console.
  3. From the left pane, select Shared Resources, and then select a resource type (for example Cluster Templates) to view a summary of all resources of that type.
  4. Find the specific resource (for example a specific cluster template) and click on it to navigate to its details page.
  5. Click on Manage Access.
  6. Enter the name of the user in the text box.
  7. In the Update Resource Roles window, select the required resource role.
  8. Click Update Roles.

Use the following commands to assign a resource to a user or a machine user:

cdp iam assign-user-resource-role \
--user-name <value> \
--resource-role-crn <value> \
--resource-crn <value> 
cdp iam assign-machine-user-resource-role \
--machine-user-name <value> \
--resource-role-crn <value> \
--resource-crn <value>

To remove a resource role from a user or a machine user:

cdp iam unassign-user-resource-role \
--user-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
cdp iam unassign-machine-user-resource-role \
--machine-user-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
  • The resource-role-crn parameter requires the CRN of the resource role you want to assign to the user. You can use the cdp iam list-resource-roles command to list resource roles with role CRNs.
  • The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions. You can obtain it from the details of the resource.

To get a list of the resource roles assigned to a user or a machine user:

cdp iam list-user-assigned-resource-role \
--user-name <value>
cdp iam list-machine-user-assigned-resource-role \
--machine-user-name <value>