Cloudera Enterprise 5.15.x | Other versions

Administering Navigator User Roles

Cloudera Navigator user roles can be assigned to groups that are managed by an external LDAP-compliant identity/authentication system (Active Directory, OpenLDAP) using the Role Management tab of the Cloudera Navigator console. The Role Management feature only becomes available in the Cloudera Navigator console after the external system has been successfully configured for use by Cloudera Navigator. See Authentication for Cloudera Navigator for configuration details.

Fastpath:

To assign Cloudera Navigator user roles to newly created LDAP groups, go to Administration > Role Management. Click Search for groups and enter the name of the new group in the search field.
To edit user roles configured for existing LDAP groups, go to Administration > Role Management and click Groups with Navigator roles. Select the group you want to modify.

Assigning User Roles to Groups

Cloudera Navigator user roles determine the Cloudera Navigator features and functions available to the logged in account holders. Data stewards, auditors, and other business users log in to the Cloudera Navigator console and have available only those menu selections and options appropriate for the user role (or roles) granted to group of which they are a member. The groups are defined in an external LDAP service that has been configured for use by Cloudera Navigator. See Authentication for Cloudera Navigator for details.

For example, a user belonging to a group granted only the Policy Editor role is limited to the Search, Analytics (metadata), and Policies tabs of the Cloudera Navigator console and to the features and functions available from those menus. See User Roles and Privileges Reference for details about each Cloudera Navigator user role. Assigning or editing user roles requires logging in to the Cloudera Navigator console with an account having one of the following roles:

Cloudera Manager Full Administrator or Navigator Administrator, or Cloudera Navigator User Administrator.

To assign Cloudera Navigator user roles to a group:

Log in to Cloudera Navigator console.
Click the Administration menu.
Click the Role Management tab.
Select Search for groups to search among all groups in the external directory.
The Groups with Navigator roles choice shows groups that have already been assigned one or more Cloudera Navigator user roles.
Enter the name of the specific group in the search field.
Select the group from among those returned in the list.
The details list any existing roles associated with this group. For example:

Figure 1. Group to Role Mapping
Click Manage Role Assignment in the upper right corner.
Select each user role you want to assign to the group.
Click Save.

Changes to user role assignments take effect the next time users in the group log in to Cloudera Navigator.

Displaying Roles for Current User Account Login

From the Cloudera Navigator console, you can verify the user roles associated with your current login by selecting My Roles from the account drop-down menu.

Page generated May 18, 2018.