Cloudera Docs

Assigning access roles in Cloudera Observability

Steps for assigning resource access roles in Cloudera Observability that restrict access to your workload clusters, jobs, and queries.

Describes how to assign resource access roles to a Cloudera Observability user. The Cloudera Observability Manage Access feature enables you to assign a user to a Cloudera Observability access role that is associated with one or multiple workload clusters, jobs, and queries.
  1. Verify that you are logged in to the Cloudera Observability web UI.
    1. In a supported browser, log into the Cloudera Data Platform (CDP).
      The CDP Public Cloud web interface landing page opens.
    2. From the Your Enterprise Data Cloud landing page, select the Observability tile.
      The Cloudera Observability landing page opens.
  2. In the Clusters page, locate the cluster that contains the workload to which you will assign a Cloudera Observability user resource access role.


  3. From the cluster's Actions list, select Manage Access.
    The Manage Access page opens.
  4. In the search field, enter and then select the name of the user to which you will assign a Cloudera Observability user resource access role.
    The name of the user populates in the Name field of the Manage Access table.
  5. In the row of the user, click Update Roles.
    The Update Resource Roles for nameofuser dialog box opens, which lists the user resource access role options that you can assign to the user.
  6. Select the check box next to the resource role you require for the user.
    In this example, the ObservabilityLimitedClusterUser role check box is selected, which gives the user limited access to the environment, but provides access and visibility to their workloads.


  7. Click Update Roles.
    A Success message appears confirming that the resource roles for the user are updated.
  8. In the breadcrumb row, click the name of the cluster.
    This opens the cluster's Summary page.
  9. In the Navigation panel, select Workloads.
    The Workloads page opens.
  10. In the Workloads page, locate the workload that is to be assigned to the user of the user resource access role, in this case the ObservabilityLimitedClusterUser, and then from its Actions list, select Manage Access.
    The Workloads Manage Access page opens.


  11. In the search field, enter and then select the name of the user with the assigned user resource access role.
    The Update Resource Roles for nameofuser dialog box opens, which displays the workload role option that is associated with the user resource access role.
  12. Select the check box next to the resource role, in this case the ObservabilityWorkloadUser role, which gives the user limited access to the workload, but provides access and visibility to their workloads.


  13. Click Update Roles.
    A Success message appears confirming that the resource roles for the user are updated.

    When the user opens Cloudera Observability they will only be able to view the workload jobs and queries associated to the workload cluster that they were assigned.

  14. (Optional) To verify what Cloudera Observability user resource and workload roles are assigned to a user, do the following:
    1. In the Manage Access page, locate and click the name of the user whose roles you require for verification.
      The user's profile page opens.
    2. Scroll down and select the Resources tab.
      The resources, the resource type, and the roles that are assigned to the user are displayed.