User management in Cloudera Operational Database
You can assign roles to the users to ensure that they are given the required permissions when accessing and using Cloudera Operational Database. To provide access to Cloudera Operational Database resources, you must add users and groups, and assign roles and resources to them using the Cloudera Management Console.
A Cloudera PowerUser must assign roles to users who require access to the operational databases that are associated with specific environments. After you grant these roles to users and groups, they acquire a Sign-On (SSO) access to the operational database that is associated with an environment. For more information about configuring user roles, see Managing user access and authorization.
The following Cloudera resource roles are associated with the Cloudera Operational Database service:
-
ODAdmin- This role enables users or groups to grant a Cloudera user or a group the ability to create, start, stop, and drop a database.
-
ODUser- This role enables users or groups to view and use operational databases that are associated with specific environments.
ODAdmin
Grants permission to create, drop, and administer the Cloudera Operational Database for a Cloudera environment.
| Action | Right | Resource |
| HBase Admin user interface access | opdb/adminDatabase | Environment |
| Create a database | opdb/createDatabase | Environment |
| Describe a database | opdb/describeDatabase | Environment |
| List all databases | opdb/listDatabases | Environment |
| Fetch database metrics | opdb/fetchDatabaseMetrics | Environment |
| Drop a database | opdb/dropDatabase | Environment |
| Start a database | opdb/startDatabase | Environment |
| Stop a database | opdb/stopDatabase | Environment |
| Environment read | environments/read | Environment |
| Nodes ssh and Knox access | environments/accessEnvironment | Environment |
| Get keytab | environments/getKeytab | Environment |
| Set workload password | environments/setPassword | Environment |
ODUser
Grants permission to list and use Cloudera Operational Database for a Cloudera environment.
| Action | Right | Resource |
| Describe a database | opdb/describeDatabase | Environment |
| List all databases in an environment | opdb/listDatabases | Environment |
| Fetch database metrics | opdb/fetchDatabaseMetrics | Environment |
| Environment read | environments/read | Environment |
| Nodes SSH and Knox access | environments/accessEnvironment | Environment |
| Set workload password | environments/setPassword | Environment |
