Removing account roles from a group

When you unassign a role to a group, the role is also unassigned to all user and machine user accounts in the group.

Required role: PowerUser

Steps

  1. Sign in to the Cloudera console.

  2. From the Cloudera home page, click Cloudera Management Console.

  3. In the User Management section of the side navigation panel, click Groups.

    The Groups page displays the list of all Cloudera groups.

  4. Click the name of the group to which you want to assign a role.

    The group details page displays information about the group.

  5. Click the Roles tab.

  6. From the context menu to the right of a role, click Unassign role.

  7. Click OK to confirm that you want to remove the role permissions from the group.

To remove a role from a group:

cdp iam unassign-group-role \
--group-name <value> \
--role <value> 

The role parameter requires the CRN of the Cloudera role.

To get a list of the roles assigned to a group:

cdp iam list-group-assigned-roles \
--group-name <value>

What to do next

You need to perform user sync for the change to take effect. See Performing user sync.