Hierarchical authorization

Hierarchical authorization in Cloudera Observability enables access control policy inheritance across all clusters associated with the Base cluster. Because policies inherit from the Base cluster to environments like Cloudera Data Engineering and Cloudera Data Warehouse, you do not need to set up access control policies on every individual data services cluster.

With Cloudera Data Services on premises 1.5.5 SP2 integration, Cloudera Observability now supports Cloudera Data Engineering and Cloudera Data Warehouse clusters. You can view these clusters in the environment hierarchy, which uses a tree structure to show the relationship between Base cluster and Data Services cluster.

The hierarchical authorization parameter simplifies access management. When you enable this parameter in Cloudera Manager, access policies assigned at a parent level are automatically inherited by all child environments. If you disable this parameter, you must explicitly create separate access policies for every child cluster in the hierarchy.

Policy inheritance

When you enable the Hierarchical authorization parameter, child environments inherit the authorization policies assigned to a parent environment. When creating a policy, select the highest-level environment where access begins.

If the Hierarchical authorization parameter is disabled, policies are not inherited. You must create access control policies for each environment or cluster that the user needs to access.