To perform tasks using CDP and its services, you must be a CDP user and roles and resources need to be assigned to this user.
CDP allows users within your organization to log in to CDP through the authentication system in your organization without registering with Cloudera or creating a Cloudera account. During the initial process of configuring the environment, the account administrator must set up identity federation and thus automatically add users.
When a CDP user who is not an account administrator logs in to CDP for the first time, the user has limited privileges. A CDP administrator must assign the appropriate roles to the user after the initial user login.
The CDP account administrator can delete the user accounts. Deleting a user removes all access keys and SSH keys associated with the user, and unassigns all roles and resource roles assigned to the user. The user is also removed from all groups that they belong to.
A user who has a valid account in CDP but is not assigned any role can perform a limited number of tasks. A user who logs in to the CDP console without an assigned role or environment can perform only the following tasks:
- Download the CDP client.
- View the CDP documentation.