Assigning access roles in Cloudera Observability
Steps for assigning resource access roles in Cloudera Observability that restrict access to your workload clusters, jobs, and queries.
-
Verify that you are logged in to the Cloudera Observability web UI.
-
In a supported browser, log into the Cloudera Data Platform
(CDP).
The CDP Cloud web interface landing page opens.
-
From the Your Enterprise Data Cloud landing
page, select the Observability tile.
The Cloudera Observability landing page opens.
-
In a supported browser, log into the Cloudera Data Platform
(CDP).
-
From the Cloudera Observability
Environments page, locate the environment that contains the
workload to which you will assign a Cloudera Observability user resource access
role.
-
From the environment's Actions list, select
Manage Access.
The Manage Access page opens.
-
In the search field, enter and then select the name of the user to which you
will assign a Cloudera Observability user resource access role.
The Update Resource Roles for nameofuser dialog box opens, which lists the user resource access role options that you can assign to the user for Cloudera Observability.
-
Select the check box next to the resource role you require for the user.
In this example, the ObservabilityLimitedClusterUser role check box is selected, which gives the user limited access to the environment, but provides access and visibility to their workloads.
-
Click Update Roles.
A Success message appears confirming that the resource roles for the user are updated and the name of the user is populated in the Name column of the Manage Access table.
-
In the breadcrumb row, click the name of the environment.
The Environment Summary page opens.
-
Depending on the environment selected, verify that the Cluster
Summary page is displayed for the environment's cluster or
Virtual Warehouse.
To display the Cluster Summary page for a Data Hub, Virtual Cluster, and Virtual Warehouse environment type, do one of the following:
- From the Environment panel, expand the service's category and depending on the service, locate and select the Data Hub's cluster, Virtual Cluster, or Virtual Warehouse.
- In the Data Services table, drill-down through the service links to locate and select the Data Hub's cluster, Virtual Cluster, or Virtual Warehouse.
-
In the Cluster Summary page, select the
Workloads tab.
The Workloads page opens.
-
In the Workloads page, locate the workload that is to be
assigned to the user of the user resource access role, in this case the
ObservabilityLimitedClusterUser, and then from its
Actions list, select Manage
Access.
The Manager Access page opens.
-
In the search field, enter and then select the name of the user with the
assigned user resource access role.
The Update Resource Roles for nameofuser dialog box opens, which displays the workload role option that is associated with the user resource access role.
-
Select the check box next to the resource role, in this case the
ObservabilityWorkloadUser role, which gives the user limited access to the
workload, but provides access and visibility to their workloads.
-
Click Update Roles.
A Success message appears confirming that the resource roles for the user are updated.
The user is now limited to viewing only those workload jobs and queries associated with the workload cluster that they were assigned.
- Optional:
To verify which Cloudera Observability user resource and workload roles are
assigned to a user, do the following:
-
In the Manage Access page, locate and click the name of the user whose
roles you require for verification.
To access the Manage Access page, do the following:
- From the cluster's or Virtual Warehouse's Workloads page, locate the workload that is assigned to the user whose user resource and workload roles require verification.
- From its Actions list, select
Manage Access.
The Manage Access page opens.
The user's profile page opens. -
Scroll down and select the Resources tab.
The resources, the resource type, and the roles that are assigned to the user are displayed.
-
In the Manage Access page, locate and click the name of the user whose
roles you require for verification.