Managing groups in Cloudera A PowerUser can create and manage Cloudera groups on the Cloudera web interface or via CDP CLI. Reserved group namesThere are certain group names that are reserved and therefore cannot be used in CDP. This applies to groups synchronized from your identity provider as well as groups created directly from Cloudera. Understanding Cloudera groupsA Cloudera group is a collection of user accounts that have the same roles and resource roles. A group can include Cloudera user accounts and machine user accounts. A group cannot include other groups. All users in a group inherit the roles and resource roles assigned to the group.Synchronizing group membershipCloudera can synchronize the user's group membership provided by your enterprise IdP with the user's group membership in Cloudera.Creating a groupCreate Cloudera groups based on the tasks performed by Cloudera users in your organization.Adding or removing a user from a groupYou can add or remove a Cloudera user or a machine user account from a group. Assigning account roles to groupsWhen you assign a role to a group, the role is also assigned to all user and machine user accounts in the group.Assigning resource roles to groupsWhen you assign a resource role to a group, the resource role is also assigned to all user and machine user accounts in the group.Assigning a group membership administratorAs a Cloudera administrator, you can create a Cloudera group and manage the users, roles, and resources assigned to the group. You can also assign other users and groups the IamGroupAdmin role to allow them to manage the users in the group.Updating a groupIn some cases, you can enable or disable SyncMembership for a group.Removing account roles from a groupWhen you unassign a role to a group, the role is also unassigned to all user and machine user accounts in the group.Deleting a groupYou can delete a group from Cloudera.
