Assigning access roles in Cloudera Observability

Steps for assigning resource access roles in Cloudera Observability that restrict access to your workload clusters, jobs, and queries.

Describes how to assign resource access roles to a Cloudera Observability user. The Cloudera Observability Manage Access feature enables you to assign a user to a Cloudera Observability access role that is associated with one or multiple workload clusters, jobs, and queries.

Verify that you are logged in to the Cloudera Observability web UI.
1. In a supported browser, log into the Cloudera Data Platform (CDP).
  The CDP Cloud web interface landing page opens.
2. From the Your Enterprise Data Cloud landing page, select the Observability tile.
  The Cloudera Observability landing page opens.
From the Cloudera Observability Environments page, locate the environment that contains the workload to which you will assign a Cloudera Observability user resource access role.

tip
You can reduce the number of environments by selecting your environment's type from the Environments list.
From the environment's Actions list, select Manage Access.
The Manage Access page opens.
In the search field, enter and then select the name of the user to which you will assign a Cloudera Observability user resource access role.
The Update Resource Roles for nameofuser dialog box opens, which lists the user resource access role options that you can assign to the user for Cloudera Observability.
Select the check box next to the resource role you require for the user.
In this example, the ObservabilityLimitedClusterUser role check box is selected, which gives the user limited access to the environment, but provides access and visibility to their workloads.
Click Update Roles.
A Success message appears confirming that the resource roles for the user are updated and the name of the user is populated in the Name column of the Manage Access table.
In the breadcrumb row, click the name of the environment.
The Environment Summary page opens.
tip
You can navigate between pages in the Cloudera Observability web UI using the breadcrumb row.
Depending on the environment selected, verify that the Cluster Summary page is displayed for the environment's cluster or Virtual Warehouse.
To display the Cluster Summary page for a Data Hub, Virtual Cluster, and Virtual Warehouse environment type, do one of the following:
- From the Environment panel, expand the service's category and depending on the service, locate and select the Data Hub's cluster, Virtual Cluster, or Virtual Warehouse.
- In the Data Services table, drill-down through the service links to locate and select the Data Hub's cluster, Virtual Cluster, or Virtual Warehouse.
tip
The page's title is displayed in the browser tab.
In the Cluster Summary page, select the Workloads tab.
The Workloads page opens.
In the Workloads page, locate the workload that is to be assigned to the user of the user resource access role, in this case the ObservabilityLimitedClusterUser, and then from its Actions list, select Manage Access.
The Manager Access page opens.
In the search field, enter and then select the name of the user with the assigned user resource access role.
The Update Resource Roles for nameofuser dialog box opens, which displays the workload role option that is associated with the user resource access role.
Select the check box next to the resource role, in this case the ObservabilityWorkloadUser role, which gives the user limited access to the workload, but provides access and visibility to their workloads.
Click Update Roles.
A Success message appears confirming that the resource roles for the user are updated.
The user is now limited to viewing only those workload jobs and queries associated with the workload cluster that they were assigned.
Optional: To verify which Cloudera Observability user resource and workload roles are assigned to a user, do the following:
1. In the Manage Access page, locate and click the name of the user whose roles you require for verification.
  To access the Manage Access page, do the following:
  1. From the cluster's or Virtual Warehouse's Workloads page, locate the workload that is assigned to the user whose user resource and workload roles require verification.
  2. From its Actions list, select Manage Access.
    The Manage Access page opens.
  The user's profile page opens.
2. Scroll down and select the Resources tab.
  The resources, the resource type, and the roles that are assigned to the user are displayed.