User management in COD

Users are assigned roles to ensure that they are given the required persmissions when accessing and using Cloudera Operational Database (COD). To provide access to COD resources, you must add users and groups and assign roles and resources to them using the CDP Management Console.

A CDP PowerUser must assign roles to users who require access to the operational databases that are associated with specific environments. After granting these roles to users and groups, they then have Single Sign-On (SSO) access to the operational database that is associated with an environment. For more information about configuring user roles, see Managing user access and authorization.

The following CDP resource roles are associated with the COD service:

  • ODAdmin- This role enables users or groups to grant a CDP user or a group the ability to create, start, stop, and drop a database.

  • ODUser- This role enables users or groups to view and use operational databases that are associated with specific environments.

ODAdmin

Grants permission to create, drop and, administer the Cloudera Operational Databases for a CDP environment.

Action Right Resource
HBase Admin user interface access opdb/adminDatabase Environment
Create a database opdb/createDatabase Environment
Describe a database opdb/describeDatabase Environment
List all databases opdb/listDatabases Environment
Fetch database metrics opdb/fetchDatabaseMetrics Environment
Drop a database opdb/dropDatabase Environment
Start a database opdb/startDatabase Environment
Stop a database opdb/stopDatabase Environment
Environment read environments/read Environment
Nodes ssh and Knox access? environments/accessEnvironment Environment
Get keytab environments/getKeytab Environment
Set workload password environments/setPassword Environment

ODUser

Grants permission to list and use Cloudera Operational Databases for a CDP environment.

Action Right Resource
Describe a database opdb/describeDatabase Environment
List all databases in an environment opdb/listDatabases Environment
Fetch database metrics opdb/fetchDatabaseMetrics Environment
Environment read environments/read Environment
Nodes SSH and Knox access environments/accessEnvironment Environment
Set workload password environments/setPassword Environment