To perform tasks using CDP and its services, you must be a CDP user and roles and resources need to be assigned to this user.
CDP allows users within your organization to log in to CDP through the authentication system in your organization without registering with Cloudera or creating a Cloudera account. During the initial process of configuring the environment, the account administrator must set up identity federation and thus automatically add users.
When a CDP user who is not an account administrator logs in to CDP for the first time, the user has limited privileges. A CDP administrator must assign the appropriate roles to the user after the initial user login.
The CDP account administrator can revoke permissions for a CDP user account. When you revoke permissions for a user, ensure that you remove all the roles that grant the permissions that you want to revoke.
To revoke all permissions granted to a user, complete the following steps:
- Remove all roles assigned to the user.
- Remove all environments assigned to the user.
- Delete any access key created for the user.
A user who has a valid account in CDP but is not assigned any role can perform a limited number of tasks. A user who logs in to the CDP console without an assigned role or environment can perform only the following tasks:
- Download the CDP client.
- View the CDP documentation.
- Create a support case.