Cloudera Observability access roles

Describes the Cloudera Observability access roles and the actions that a user can perform in the Cloudera Observability web UI for each access role type.

The following tables list the Cloudera Observability access roles:

Account admin access role type

A user assigned the ObservabilityAccountAdmin access role type has complete access to the Cloudera Observability workload clusters, where they can view, edit, and create cost centers, view, edit, and create auto actions, and view, edit, and create workloads in all the Workload clusters. These users have the least restrictive access permissions.

Table 1. Actions that can be performed by the Account Admin
Resource Actions
Cluster
  • View all workload clusters on the Clusters page
  • Rename a workload cluster
  • Delete a workload cluster
Workloads
  • Create workloads
  • View all workloads in a cluster
  • Update all workloads in a cluster
  • Delete all workloads in a cluster
Queries View all queries in a cluster
Jobs View all jobs in a cluster
Chargeback
  • Create cost centers
  • Update cost centers
  • List cost centers
  • Delete cost centers
  • View all Chargeback related dashboards
Auto Actions
  • Create auto actions
  • View auto actions
  • Update auto actions
  • Disable auto actions
  • Delete auto actions
  • Enable an auto action email
Cluster Report Emails Enable cluster report emails
Cloudera Support Access N/A

Cluster Admin access role type

The ObservabilityClusterAdmin access role type has full access to Cloudera Observability and can view, edit, and create workloads in the Workload cluster.

Table 2. Actions that can be performed by the Cluster Admin
Resource Actions
Cluster
  • View the workload cluster on the Clusters page
  • Rename the workload cluster
  • Delete the workload cluster
Workloads
  • Create workloads
  • View all workloads in the cluster
  • Update all workloads in the cluster
  • Delete all workloads in the cluster
Queries View all queries in the cluster
Jobs View all jobs in the cluster
Chargeback N/A
Auto Actions N/A
Cluster Report Emails Enable cluster report emails
Cloudera Support Access Enable and Disable Cloudera Support access to the cluster's diagnostic data

Cluster access role type

A user assigned the ObservabilityClusterUser access role type can view items within Cloudera Observability, including all workloads, but cannot edit workloads.

Table 3. Actions that can be performed by the Cluster User
Resource Actions
Cluster View the cluster on the Clusters page
Workloads View all workloads in the cluster
Queries View all queries in the cluster
Jobs View all jobs in the cluster
Chargeback N/A
Auto Actions N/A
Cluster Report Emails Enable cluster report emails
Cloudera Support Access N/A

Workload access role type

A user assigned the ObservabilityWorkloadUser access role type can only view their assigned workloads in the cluster and the jobs and queries within that workload. These users have the most restrictive access permissions.

Table 4. Actions that can be performed by the Workload user
Resource Actions
Cluster Disabled

For a Workload user to be able to view the cluster that contains their assigned workloads they must also be assigned the Limited Environment access type. Cloudera recommends assigning the Limited Environment access type to Workload Users because this enables the user to access and view the environment that contains their workloads.

Workloads View their assigned workloads on the Workloads page
Queries View all queries within an assigned workload
Jobs View their jobs within the assigned workload
Chargeback N/A
Auto Actions N/A
Cluster Report Emails Disabled
Cloudera Support Access N/A

Limited environment access role type

A user assigned the ObservabilityLimitedClusterUser access role type can only view the cluster that contains their workloads. Without this access privilege, Workload users are unable to access or view the environment that contains their workloads.

Table 5. Actions that can be performed by the Limited Environment user
Resource Action
Cluster View the cluster on the Clusters page
Workloads N/A
Queries N/A
Jobs N/A
Chargeback N/A
Auto Actions N/A
Cluster Report Emails N/A
Cloudera Support Access N/A