Understanding the Cloudera Observability On-Premises access roles
Describes the Cloudera Observability On-Premises access roles.
- System Admin
- Cluster Admin
- Cluster User
System Admin access role
An authentic Cloudera Observability On-Premises user who is assigned the System Admin access role has full access rights and system administrator privileges across all clusters within the Cloudera Observability On-Premises environment. Where they can view, edit, and create cost centers, view, edit, and create auto actions, and view all the jobs and queries in all the Workload clusters. These users have the least restrictive access permissions.
Resource | Actions |
---|---|
Access Management page | View and manage all the Cloudera Observability On-Premises cluster policies and user access from the Access Management page |
Cluster |
|
Workloads |
|
Queries | View all the queries in all the clusters of the Cloudera Observability On-Premises environment |
Jobs | View all the jobs in all the clusters of the Cloudera Observability On-Premises environment |
Chargeback |
|
Auto Actions |
|
Cluster Admin access role
An authentic Cloudera Observability On-Premises user who is assigned the Cluster Admin access role has full access rights and cluster administrator privileges across an assigned cluster within the Cloudera Observability On-Premises environment. Where they can view all the jobs and queries in the assigned Workload cluster.
Resource | Actions |
---|---|
Cluster |
|
Workloads |
|
Queries | View all the queries in the assigned cluster |
Jobs | View all the jobs in the assigned cluster |
Cluster User access role
An authentic Cloudera Observability On-Premises user who is assigned the Cluster User access role has limited access rights across an assigned cluster within the Cloudera Observability On-Premises environment. Where they can view only those jobs and queries they created and executed in the assigned Workload cluster.
Resource | Actions |
---|---|
Cluster | View their assigned cluster on the Clusters page. |
Workloads | View their assigned workloads on the Workloads page |
Queries | View their queries in the assigned cluster |
Jobs | View their jobs in the assigned cluster |
The Cluster User access role type has the most restricted access permissions, where the user may only view their own jobs and queries.
This access role further restricts the Cluster User to one cluster per policy. For users who are responsible for jobs and queries in more than one cluster they must also be assigned access rights to those clusters. You can either add them to the Cluster Policy for that cluster or include the pool that contains those workloads in the Cluster Policy in which they are assigned.
Also, for users who require access to jobs and queries executed by other users, you can create a Custom Policy as part of the Cluster Policy. This policy includes the user names of the users who execute those jobs and queries and/or the pool names in which they are executed.
- The cluster policy that defines user A’s Cluster User role type does not permit the user to view workloads within a pool or view other user workloads. In this case, user A is restricted to only view their own jobs and queries within their policy’s assigned cluster.
- The cluster policy that defines user B’s Cluster User role type contains a Custom Policy that permits the user to view workloads within a pool and view other user workloads. In this case, user B can view the jobs and queries executed by other users and the jobs and queries executed in the pool.