Homepage/Cloudera Management Console

Search Documentation

▶︎Cloudera
1. Reference Architectures
▼Cloudera Public Cloud
▶︎Cloudera Private Cloud
▶︎Cloudera Manager
1. Cloudera Manager
▶︎Applications
▶︎Legacy
▶︎

Getting Started
Patterns
Preview Features
Data Catalog
Data Engineering
DataFlow
Data Hub
Data Warehouse
Data Warehouse Runtime
Cloudera AI
Management Console
Operational Database
Replication Manager
DataFlow for Data Hub
Runtime

«

Filter topics

Cloudera Management Console
▶︎Top Tasks
1. ▶︎Verify your credential prerequisites
2. ▶︎Register your first environment
▶︎Release Notes
▶︎Cloudera Management Console Overview
▼How To
▶︎Troubleshooting

2019
2020
2021
2022
2023
2024
Access paths to Cloudera
Accessing a Data Lake cluster via SSH
Accessing a FreeIPA cluster via SSH
Accessing Cloudera Manager logs
Accessing Data Lake services
Account roles
Add root SSH key to an environment
Add security groups
Add security groups
Add subnets to an environment
Add subnets to an environment
Adding a CDH cluster
Adding a Cloudera Base on premises cluster
Adding a customer managed encryption key for GCP
Adding a customer managed encryption key to a Cloudera environment running on AWS
Adding a customer managed encryption key to a Cloudera environment running on Azure
Adding an HDP cluster
Adding disks
Adding more Compute Clusters
Adding more Compute clusters
Adding or removing a user
Administering a Data Lake
API request event
April 18, 2024
April 19, 2022
April 19, 2023
April 20, 2021
April 27, 2020
April 27, 2021
April 29, 2021
April 3, 2024
April 6, 2020
April 9, 2020
Assign classic cluster role
Assign classic cluster role
Assign Cloudera Data Hub role
Assign Cloudera Data Hub role
Assign environment role
Assign environment role
Assign shared resource role
Assign shared resource role
Assigning a group admin
Assigning account roles to groups
Assigning account roles to users
Assigning resource roles to groups
Assigning resource roles to users
Auditing
Auditing Cloudera Control Plane activity
August 12, 2021
August 22, 2019
August 23, 2023
August 24, 2020
August 30, 2023
August 31, 2021
August 9, 2021
AWS credential overview
AWS Credentials
AWS Environments
AWS Fine-grained Access Control
AWS requirements for RAZ-enabled AWS environment
AWS setup for audit archiving
Azure credential overview
Azure Credentials
Azure Environments
Azure Fine-grained Access Control
Azure Load Balancers in Data Lakes and Cloudera Data Hub clusters
Azure prerequisites for Flexible Server
Azure setup for audit archiving
Backing up versions and objects
Backup and restore for the Data Lake
Before you begin
Change environment's credential
Change environment's credential
Change environment's credential
Change environment's credential
Change environment's credential
Change environment's credential
Checking Cloudera logs
Checking that Atlas is up-to-date
Checking the status of a Data Lake backup
Classic Clusters
Cleaning up a failed environment
Cleaning up a failed environment
Cloudera account administrator
Cloudera accounts
Cloudera Control Plane auditing data model
Cloudera Data Warehouse and private networking
Cloudera machine user
Cloudera Management Console
Cloudera Management Console
Cloudera Management Console Overview
Cloudera Replication Manager and Cloudera Data Catalog use case
Cloudera Replication Manager use case
Cloudera service event
Cloudera service event sources and names
Cloudera user
Cloudera workload user
Cluster Connectivity Manager
Cluster templates available in RAZ-enabled AWS environment
Cluster templates available in RAZ-enabled Azure environment
Collecting Data Lake diagnostics via Cloudera Manager
Configure AAD in Cloudera
Configure GCP audit event archiving using the CLI
Configure lifecycle management for logs on AWS
Configure log lifecycle management
Configure SCIM with Azure AD
Configuring a CMK for data encryption in Azure Database for PostgreSQL Flexible Server
Configuring a private VPC in AWS
Configuring a VNet with private IPs in Azure
Configuring a VPC with private IPs in GCP
Configuring additional Data Mart options for RAZ-enabled Azure environment
Configuring and running Data Lake backups
Configuring and running Data Lake restore
Configuring audit archiving for Azure using the CLI
Configuring audit event archiving through the UI
Configuring audit event archiving through the UI
Configuring audit event archiving through the UI
Configuring identity providers in Cloudera
Configuring workload password policies
Connection to Private Subnets
Core concepts
Create AWS credential
Create Azure credential
Create GCP credential
Creating a Cloudera credential for audit archiving on Azure using the CLI
Creating a Cloudera Data Hub cluster with custom path for RAZ-enabled AWS environment
Creating a container in Azure
Creating a custom image and image catalog with the CDP CLI
Creating a group
Creating a machine user in Cloudera
Creating a storage account in Azure
Creating an AWS credential for audit event archiving using the CLI
Creating an AWS environment with a medium duty data lake using the CLI
Creating an environment configured with FreeIPA
Creating and managing distribution lists
Creating Compute Restricted IAM policy
Creating custom role to use in RAZ-enabled Azure environment
Creating IAM roles and instance profile for EKS
Creating Ranger policy to use in RAZ-enabled AWS environment
Creating Ranger RAZ managed identity for RAZ-enabled Azure environment
Credential creation errors on AWS
Credential creation errors on Azure
Credit Consumption and Usage Insights
Credit consumption and usage insights
Cross-account access IAM role
Cross-version support for Data Lake backup and restore
Custom Images and Catalogs
Custom images and image catalogs
Data Lake repair
Data Lake resizing
Data Lake rolling upgrade limitations and issues
Data Lake rolling upgrades
Data Lake scale
Data Lake status options
Data Lake storage
Data Lake upgrade
Data Lake upgrade support matrix
Data Lakes
Data Protection
Database upgrade known limitations and troubleshooting
December 1, 2023
December 10, 2024
December 17, 2021
December 17, 2024
December 19, 2019
December 20, 2023
December 21, 2020
December 9, 2024
Defining anonymization rules
Defining anonymization rules
Defining custom tags
Defining custom tags
Defining custom tags
Delete a credential
Delete a credential
Delete a credential
Delete an environment
Delete an environment
Delete an environment
Delete an unregistered classic cluster
Deleting a group
Deleting disks
Deleting users and machine users
Deploying Cloudera in multiple AWS availability zones
Deploying Cloudera in multiple Azure availability zones
Disabling the Cloudera SSO login
Enabling a private endpoint for Azure Postgres
Enabling admin and user access
Enabling admin and user access
Enabling admin and user access
Enabling admin and user access to classic clusters
Enabling Cluster Connectivity Manager in the Cloudera Management Console
Enabling default Compute Cluster for existing environments
Enabling default Compute Cluster for existing environments
Enabling default Compute Cluster for new environments
Enabling default Compute Cluster for new environments
Enabling environment telemetry
Enabling environment telemetry
Enabling Flexible Server during Azure environment creation
Enabling Flexible Server during Cloudera Data Hub cluster creation
Enabling Flexible Server with Private Link on an existing environment
Enabling Single Server
Ensuring data recovery and preventing data loss in AWS
Environment status options
Environment status options
Environment status options
Example role assignment scenario
Example: Recipe with parameters
February 14, 2022
February 18, 2022
February 21, 2025
February 25, 2021
February 25, 2022
February 28, 2020
February 6, 2024
FreeIPA instance status options
GCP credential overview
GCP Credentials
GCP Environments
GCP setup for audit archiving
General networking and authentication errors
Generate IdP metadata
Generating an API access key
Generating workload usernames based on email
Group membership admin roles
Identity Management
Image catalog updates
Importing or uploading users
Installing Postgres 11 packages manually
Installing Postgres 14 packages manually
Interactive login event
Interfaces
Introduction to AWS environments
Introduction to Azure environments
Introduction to Data Lakes
Introduction to Google Cloud environments
Introduction to RAZ on AWS environments
Introduction to RAZ on Azure environments
January 11, 2023
January 15, 2025
January 19, 2021
January 24, 2024
January 30, 2025
January 31, 2022
January 5, 2024
January 6, 2021
July 1, 2022
July 12, 2021
July 12, 2022
July 19, 2023
July 20, 2023
July 28, 2022
July 31, 2020
July 8, 2021
June 12, 2024
June 13, 2023
June 16, 2022
June 21, 2021
June 24, 2021
June 27, 2022
June 28, 2023
June 29, 2022
June 3, 2022
June 30, 2020
June 4, 2021
June 7, 2022
Known issues and troubleshooting related to IdP setup in Cloudera
Known issues for Cloudera Management Console
Log4j vulnerabilities
Logging in as workload user
Managing a classic cluster
Managing a RAZ-enabled AWS environment
Managing a RAZ-enabled Azure environment
Managing classic clusters
Managing Compute Clusters
Managing Compute Clusters
Managing FreeIPA
Managing groups in Cloudera
Managing public and private certificates
Managing recipes from CLI
Managing recipes from CLI
Managing SSH keys
Managing user access
Managing users and machine users
Manually renewing public certificates for Data Lake and Cloudera Data Hub clusters
March 12, 2024
March 14, 2024
March 19, 2021
March 21, 2022
March 24, 2024
March 25, 2021
March 29, 2022
March 29, 2023
March 3, 2025
March 30, 2021
March 7, 2022
May 10, 2022
May 12, 2022
May 15, 2024
May 17, 2022
May 26, 2022
May 30, 2020
Modify a credential
Modify a credential
Modifying disks
Monitoring a Data Lake
Monitoring activities and data
Monitoring an environment
Monitoring an environment
Monitoring an environment
Non-transparent proxy
Notifications
November 1, 2023
November 14, 2019
November 17, 2021
November 20, 2020
November 22, 2021
November 23, 2022
November 3, 2022
November 9, 2021
Obtain CLI commands
Obtain CLI commands
Obtain CLI commands
Obtain CLI commands
Obtain Cloudera tenant ID
October 18, 2023
October 20, 2022
October 26, 2021
October 27, 2020
October 29, 2024
October 30, 2023
October 5, 2023
October 9, 2023
October 9, 2024
Older releases
Onboarding users
Outbound Internet Access and Proxy
Outbound internet access and proxy
Outbound network access destinations for Cluster Connectivity Manager v2
Performing manual Data Lake repair
Performing user sync
Post-requisites after upgrading databases
Prepare to register RAZ-enabled Azure environment
Prerequisites for adding classic clusters
Prerequisites for the provisioning credential
Problem deleting resources when using AWS Firewall Manager
Provisioning Cloudera AI workbench for RAZ-enabled AWS environment
Public Endpoint Access Gateway
Pull-based audit archiving
Ranger policies for RAZ-enabled Azure environment
Ranger policy options for RAZ-enabled AWS environment
Receiving notifications
Recipe and cluster template parameters
Recipes
Recipes
Recovering after a failed resizing operation
Recovering from failed upgrades
Refreshing Cloudera AI governance pods
Register a GCP environment from the CDP CLI
Register a GCP environment from the Cloudera UI
Register an AWS environment from the CDP CLI
Register an AWS environment from the Cloudera UI
Register an Azure environment from the CDP CLI
Register an Azure environment from the Cloudera UI
Register environment (CLI)
Register environment (CLI)
Register environment (CLI)
Register environment (UI)
Register environment (UI)
Register environment (UI)
Register your first environment
Registering a RAZ-enabled AWS environment
Registering a RAZ-enabled Azure environment
Registering a recipe
Registering a recipe
Release Notes
Removing account roles from a group
Renewing private/host certificates on Data Lake and Cloudera Data Hub clusters
Repairing FreeIPA
Reserved group names
Resizing FreeIPA
Resizing post-requisites
Resizing the Data Lake through the CDP CLI
Resizing the Data Lake through the Cloudera UI
Resource roles
Restarting instances
Restarting instances
Restoring to a RAZ Data Lake
Restoring versions and objects
Restricting access for Cloudera services
Restricting access for Cloudera services
Resume the cluster registration
Retrieve keytabs for workload users
Retrieving audit events
Retry a Data Lake
Rotating database certificates
Rotating database certificates when SSL enforcement is disabled
Rotating database certificates when SSL enforcement is enabled
September 1, 2022
September 20, 2023
September 21, 2021
September 23, 2019
September 24, 2020
September 26, 2024
September 27, 2022
September 28, 2021
September 3, 2024
September 6, 2023
September 9, 2021
Service account for the provisioning credential
Set up IdP as service provider
Set up IdP in Cloudera
Setting a default identity provider in Cloudera
Setting the workload password
Setting up an AWS policy and role to configure archiving using the CLI
Setting up audit archiving in AWS using the CLI
Setting up Compute Cluster IAM permissions
Setting up email announcements
Setting up Slack for resource notifications [Technical Preview]
Showing Data Lake restore status
Showing FreeIPA instance status
Specifying a group when user belongs to multiple groups
Stop and restart an environment
Stop and restart an environment
Stop and restart an environment
Subscribing to resource notifications
Suspending and resuming Compute Clusters
Suspending and resuming Compute Clusters
Switching image catalogs
Synchronizing group membership
Synchronizing group membership
Top Tasks
Troubleshooting
Troubleshooting classic clusters
Troubleshooting Cluster Connectivity Manager v1
Troubleshooting Cluster Connectivity Manager v2
Troubleshooting Data Lake backup operations
Troubleshooting Data Lake restore operations
Troubleshooting Flexible Server
Troubleshooting for RAZ-enabled AWS environment
Troubleshooting for RAZ-enabled AWS environment
Troubleshooting for RAZ-enabled Azure environment
Understanding Cloudera groups
Understanding Cloudera roles
Understanding Cloudera user accounts
Understanding Data Lake details
Understanding environment UI options
Understanding environment UI options
Understanding environment UI options
Update a recipe
Updating a FreeIPA recipe
Updating a group
Updating an identity provider
Updating instance metadata to IMDSv2
Upgrade Ranger and HMS schema after Data Lake restore
Upgrading a classic cluster from Cluster Connectivity Manager v1 to Cluster Connectivity Manager v2
Upgrading a Data Lake
Upgrading a Data Lake manually via CLI
Upgrading Azure Single Server to Flexible Server
Upgrading Data Lake or Cloudera Data Hub database
Upgrading databases using the CDP CLI
Upgrading databases using the Cloudera UI
Upgrading FreeIPA
Upgrading from Cluster Connectivity Manager v1 to Cluster Connectivity Manager v2
User and group limits
User Management
Using a non-transparent proxy
Using Azure Database for PostgreSQL Flexible Server
Using Compute Clusters
Using Compute Clusters
Using the CDP CLI to register RAZ-enabled AWS environment
Using the CDP CLI to register RAZ-enabled Azure environment
Using the Cloudera UI to register RAZ-enabled AWS environment
Using the Cloudera UI to register RAZ-enabled Azure environment
Verify your credential prerequisites
Vertically scaling disks
Vertically scaling FreeIPA instances
Vertically scaling instance types
Vertically scaling instances and disks
Viewing available credentials
What archiving looks like
What's new
Working with AWS credentials
Working with AWS environments
Working with Azure credentials
Working with Azure environments
Working with GCP credentials
Working with GCP environments
Writing recipes
Writing recipes

«

Filter topics

Managing groups in Cloudera

Managing user access
▶︎Onboarding users
▶︎Understanding Cloudera user accounts
▶︎Understanding Cloudera roles
User and group limits
▶︎Managing users and machine users
▼Managing groups in Cloudera
Performing user sync
Access paths to Cloudera
Setting a default identity provider in Cloudera
Logging in as workload user
Setting the workload password
Managing SSH keys
Generating an API access key
Retrieve keytabs for workload users

»

User Management

Managing groups in Cloudera

A PowerUser can create and manage Cloudera groups on the Cloudera web interface or via CDP CLI.

Reserved group names
There are certain group names that are reserved and therefore cannot be used in Cloudera. This applies to groups synchronized from your identity provider as well as groups created directly from Cloudera.
Understanding Cloudera groups
A Cloudera group is a collection of user accounts that have the same roles and resource roles. A group can include Cloudera user accounts and machine user accounts. A group cannot include other groups. All users in a group inherit the roles and resource roles assigned to the group.
Synchronizing group membership
Cloudera can synchronize the user's group membership provided by your enterprise IdP with the user's group membership in Cloudera.
Creating a group
Create Cloudera groups based on the tasks performed by Cloudera users in your organization.
Adding or removing a user from a group
You can add or remove a Cloudera user or a machine user account from a group.
Assigning account roles to groups
When you assign a role to a group, the role is also assigned to all user and machine user accounts in the group.
Assigning resource roles to groups
When you assign a resource role to a group, the resource role is also assigned to all user and machine user accounts in the group.
Assigning a group membership administrator
As a Cloudera administrator, you can create a Cloudera group and manage the users, roles, and resources assigned to the group. You can also assign other users and groups the IamGroupAdmin role to allow them to manage the users in the group.
Updating a group
In some cases, you can enable or disable SyncMembership for a group.
Removing account roles from a group
When you unassign a role to a group, the role is also unassigned to all user and machine user accounts in the group.
Deleting a group
You can delete a group from Cloudera.

© 2019–2024 by Cloudera, Inc. All rights reserved.

This site uses cookies and related technologies, as described in our privacy policy, for purposes that may include site operation, analytics, enhanced user experience, or advertising. You may choose to consent to our use of these technologies, or