Cloudera Docs

Removing account roles from a group

When you unassign a role to a group, the role is also unassigned to all user and machine user accounts in the group.

Required role: PowerUser

Steps

  1. Sign in to the CDP console.

  2. From the CDP home page, click Management Console.

  3. In the User Management section of the side navigation panel, click Groups.

    The Groups page displays the list of all CDP groups.

  4. Click the name of the group to which you want to assign a role.

    The group details page displays information about the group.

  5. Click the Roles tab.

  6. From the context menu to the right of a role, click Unassign role.

  7. Click OK to confirm that you want to remove the role permissions from the group.

To remove a role from a group:

cdp iam unassign-group-role \
--group-name <value> \
--role <value>

The role parameter requires the CRN of the CDP role.

To get a list of the roles assigned to a group:

cdp iam list-group-assigned-roles \
--group-name <value>

What to do next

You need to perform user sync for the change to take effect. See Performing user sync.