User management in COD
You can assign roles to the users to ensure that they are given the required permissions when accessing and using Cloudera Operational Database (COD). To provide access to COD resources, you must add users and groups, and assign roles and resources to them using the CDP Management Console.
A CDP PowerUser must assign roles to users who require access to the operational databases that are associated with specific environments. After you grant these roles to users and groups, they acquire a Sign-On (SSO) access to the operational database that is associated with an environment. For more information about configuring user roles, see Managing user access and authorization.
The following CDP resource roles are associated with the COD service:
-
ODAdmin- This role enables users or groups to grant a CDP user or a group the ability to create, start, stop, and drop a database.
-
ODUser- This role enables users or groups to view and use operational databases that are associated with specific environments.
ODAdmin
Grants permission to create, drop, and administer the COD for a CDP environment.
| Action | Right | Resource |
| HBase Admin user interface access | opdb/adminDatabase | Environment |
| Create a database | opdb/createDatabase | Environment |
| Describe a database | opdb/describeDatabase | Environment |
| List all databases | opdb/listDatabases | Environment |
| Fetch database metrics | opdb/fetchDatabaseMetrics | Environment |
| Drop a database | opdb/dropDatabase | Environment |
| Start a database | opdb/startDatabase | Environment |
| Stop a database | opdb/stopDatabase | Environment |
| Environment read | environments/read | Environment |
| Nodes ssh and Knox access | environments/accessEnvironment | Environment |
| Get keytab | environments/getKeytab | Environment |
| Set workload password | environments/setPassword | Environment |
ODUser
Grants permission to list and use COD for a CDP environment.
| Action | Right | Resource |
| Describe a database | opdb/describeDatabase | Environment |
| List all databases in an environment | opdb/listDatabases | Environment |
| Fetch database metrics | opdb/fetchDatabaseMetrics | Environment |
| Environment read | environments/read | Environment |
| Nodes SSH and Knox access | environments/accessEnvironment | Environment |
| Set workload password | environments/setPassword | Environment |
