Deleting users and machine users
CDP administrators have the ability to delete users and machine users in CDP through both the CDP user interface and the CDP CLI.
If a CDP user or machine user is deleted from an integrated identity provider system (for example, if a user leaves the company), the user is not automatically deleted in CDP. CDP administrators have the ability to delete a user in CDP through both the user interface and the CLI.
Required role: PowerUser
Steps
-
From CDP user interface, navigate to the Management Console > User Management.
-
Search for the user or machine user that you want to delete and click the (context menu) at the end of the user entry row.
-
Perform one of the following:
- Click Delete User (for a user) or Delete Machine User (for a machine user) and then OK on the confirmation screen.
- Alternatively, you can click on the user or machine user name to enter the user's detail page. From there, click Actions > Delete User (for a user) or Delete Machine User (for a machine user).
In the CDP CLI, the command to delete a user is delete-user
and the command to delete a machine user is
delete-machine-user
.
delete-user
command as shown in the following
example:cdp iam delete-user --user-id <value>
The delete-user
command requires a user-id value, which can be
either the user ID or the CRN (Cloudera resource name) of the given user. You can obtain
the user ID from the web interface from the user’s details, or from the CDP CLI from the
output of the cdp iam list-users
command.
delete-machine-user
command as shown in the following
example:cdp iam delete-machine-user --machine-user-name <value>
The delete-machine-user
command requires a
machine-user-name
value, which can be either the user ID or the CRN
(Cloudera resource name) of the given machine user. You can obtain the user ID from the
web interface from the machine user’s details, or from the CDP CLI from the output of
the cdp iam list-machine-users
command.
cdp iam delete-user --help
cdp iam delete-machine-user --help
What to do next
Deleting a user or machine user removes all access keys and SSH keys associated with the user, and unassigns all roles and resource roles assigned to the user. The user is also removed from all groups that they belong to. Once the deletion process is completed and synced, the user will not be able to use any access keys to access CDP.
You must trigger user sync to ensure that the deleted user loses access to all environments. See Performing user sync. Only once the user sync is complete, the deleted user loses access to CDP.
It takes around 2 minutes to fully delete a user or machine user in CDP. During this time you will not be able to recreate the user (that is, for 2 minutes you will not be able to create a user in the same Identity Provider with the same NameID), but you can proceed to trigger user sync right away.