Performing user sync

When making any kind of user or group-related changes, you need to perform user sync in order for the changes to be synced to FreeIPA.

All user and group related changes with one exception of generating API access keys require user sync. For example all of the following require user sync:

Creating machine users
Deleting users and machine users
Assigning Cloudera roles or environment-level resource roles to users
Creating a group, assigning group membership, and deleting a group
Setting workload password
Managing user SSH keys

During user sync:

All control plane actors (users and machine users) with the environments/accessEnvironment right are synced to the FreeIPA.
All groups are synced to the FreeIPA.
All users with PowerUser role are synchronized to all environments.

Syncing users to all environments🔗

Required role: PowerUser

Steps

Cloudera UI
CDP CLI

From the Cloudera web interface, you can perform user sync from the Cloudera Management Console > User Management.
Click Actions > Synchronize Users.
Click Synchronize Users.
Status shown will be Running, then Completed.

What to do next

Depending on how many users you have in Cloudera, it may take a few minutes for the user sync to complete. The sync operation times out after 30 minutes.

Syncing users to a selected environment🔗

Required role: EnvironmentAdmin and DataSteward can perform user sync for a single environment. PowerUser can perform user sync for all environments.