Cloudera Observability access roles
Describes the Cloudera Observability access roles and the actions that a user can perform in the Cloudera Observability web UI for each access role type.
The following tables list the Cloudera Observability access roles:
Account admin access role type
A user assigned the ObservabilityAccountAdmin access role type has complete access to the Cloudera Observability workload clusters, where they can view, edit, and create cost centers, view, edit, and create auto actions, and view, edit, and create workloads in all the Workload clusters. These users have the least restrictive access permissions.
| Resource | Actions |
|---|---|
| Cluster |
|
| Workloads |
|
| Queries | View all queries in a cluster |
| Jobs | View all jobs in a cluster |
| Chargeback |
|
| Auto Actions |
|
| Cluster Report Emails | Enable cluster report emails |
| Cloudera Support Access | N/A |
Cluster Admin access role type
The ObservabilityClusterAdmin access role type has full access to Cloudera Observability and can view, edit, and create workloads in the Workload cluster.
| Resource | Actions |
|---|---|
| Cluster |
|
| Workloads |
|
| Queries | View all queries in the cluster |
| Jobs | View all jobs in the cluster |
| Chargeback | N/A |
| Auto Actions | N/A |
| Cluster Report Emails | Enable cluster report emails |
| Cloudera Support Access | Enable and Disable Cloudera Support access to the cluster's diagnostic data |
Cluster access role type
A user assigned the ObservabilityClusterUser access role type can view items within Cloudera Observability, including all workloads, but cannot edit workloads.
| Resource | Actions |
|---|---|
| Cluster | View the cluster on the Clusters page |
| Workloads | View all workloads in the cluster |
| Queries | View all queries in the cluster |
| Jobs | View all jobs in the cluster |
| Chargeback | N/A |
| Auto Actions | N/A |
| Cluster Report Emails | Enable cluster report emails |
| Cloudera Support Access | N/A |
Workload access role type
A user assigned the ObservabilityWorkloadUser access role type can only view their assigned workloads in the cluster and the jobs and queries within that workload. These users have the most restrictive access permissions.
| Resource | Actions |
|---|---|
| Cluster | Disabled For a Workload user to be able to view the cluster that contains their assigned workloads they must also be assigned the Limited Environment access type. Cloudera recommends assigning the Limited Environment access type to Workload Users because this enables the user to access and view the environment that contains their workloads. |
| Workloads | View their assigned workloads on the Workloads page |
| Queries | View all queries within an assigned workload |
| Jobs | View their jobs within the assigned workload |
| Chargeback | N/A |
| Auto Actions | N/A |
| Cluster Report Emails | Disabled |
| Cloudera Support Access | N/A |
Limited environment access role type
A user assigned the ObservabilityLimitedClusterUser access role type can only view the cluster that contains their workloads. Without this access privilege, Workload users are unable to access or view the environment that contains their workloads.
| Resource | Action |
|---|---|
| Cluster | View the cluster on the Clusters page |
| Workloads | N/A |
| Queries | N/A |
| Jobs | N/A |
| Chargeback | N/A |
| Auto Actions | N/A |
| Cluster Report Emails | N/A |
| Cloudera Support Access | N/A |
