Deleting users and machine users

CDP administrators have the ability to delete users and machine users in CDP through both the CDP user interface and the CDP CLI.

If a CDP user or machine user is deleted from an integrated identity provider system (for example, if a user leaves the company), the user is not automatically deleted in CDP. CDP administrators have the ability to delete a user in CDP through both the user interface and the CLI.

Steps - CDP web interface

  1. From CDP user interface, navigate to the Management Console > User Management.

  2. Search for the user or machine user that you want to delete and click the (context menu) at the end of the user entry row.

  3. Perform one of the following:
    • Click Delete User (for a user) or Delete Machine User (for a machine user) and then OK on the confirmation screen.
    • Alternatively, you can click on the user or machine user name to enter the user's detail page. From there, click Actions > Delete User (for a user) or Delete Machine User (for a machine user).

Steps - CDP CLI

In the CDP CLI, the command to delete a user is delete-user and the command to delete a machine user is delete-machine-user.

Run the delete-user command as shown in the following example:
cdp iam delete-user --user-id <value>

The delete-user command requires a user-id value, which can be either the user ID or the CRN (Cloudera resource name) of the given user. You can obtain the user ID from the web interface from the user’s details, or from the CDP CLI from the output of the cdp iam list-users command.

Run the delete-machine-user command as shown in the following example:
cdp iam delete-machine-user --machine-user-name <value>

The delete-machine-user command requires a machine-user-name value, which can be either the user ID or the CRN (Cloudera resource name) of the given machine user. You can obtain the user ID from the web interface from the machine user’s details, or from the CDP CLI from the output of the cdp iam list-machine-users command.

For a detailed description of the command properties, call the CDP help for the command:
cdp iam delete-user --help
cdp iam delete-machine-user --help

What to do next

Deleting a user or machine user removes all access keys and SSH keys associated with the user, and unassigns all roles and resource roles assigned to the user. The user is also removed from all groups that they belong to. Once the deletion process is completed and synced, the user will not be able to use any access keys to access CDP.

You must trigger user sync to ensure that the deleted user loses access to all environments. See Performing user sync. Only once the user sync is complete, the deleted user loses access to CDP.

It takes around 2 minutes to fully delete a user or machine user in CDP. During this time you will not be able to recreate the user (that is, for 2 minutes you will not be able to create a user in the same Identity Provider with the same NameID), but you can proceed to trigger user sync right away.