Cloudera Manager User Accounts

Minimum Required Role: User Administrator (also provided by Full Administrator)

Access to Cloudera Manager features is controlled by user accounts. A user account identifies how a user is authenticated and determines what privileges are granted to the user.

When you are logged in to the Cloudera Manager Admin Console, the username you are logged in as is located at the far right of the top navigation bar—for example, if you are logged in as admin you will see .

A user with the User Administrator or Full Administrator role manages user accounts through the Administration > Users page. View active user sessions on the User Sessions tab.

User Authentication

Cloudera Manager provides several mechanisms for authenticating users. You can configure Cloudera Manager to authenticate users against the Cloudera Manager database or against an external authentication service. The external authentication service can be an LDAP server (Active Directory or an OpenLDAP compatible directory), or you can specify another external service. Cloudera Manager also supports using the Security Assertion Markup Language (SAML) to enable single sign-on.

If you are using LDAP or another external service, you can configure Cloudera Manager so that it can use both methods of authentication (internal database and external service), and you can determine the order in which it performs these searches. If you select an external authentication mechanism, Full Administrator users can always authenticate against the Cloudera Manager database. This prevents locking everyone out if the authentication settings are misconfigured, such as with a bad LDAP URL.

With external authentication, you can restrict login access to members of specific groups, and can specify groups whose members are automatically given Full Administrator access to Cloudera Manager.

Users accounts in the Cloudera Manager database page show Cloudera Manager in the User Type column. User accounts in an LDAP directory or other external authentication mechanism show External in the User Type column.

User Roles

User accounts include the user's role, which determines the Cloudera Manager features visible to the user and the actions the user can perform. All tasks in the Cloudera Manager documentation indicate which role is required to perform the task. For more information about user roles, see Cloudera Manager User Roles.

Determining the Role of the Currently Logged in User

  1. Click the logged-in username at the far right of the top navigation bar.
  2. Select My Profile. The role displays. For example:

Changing the Logged-In Internal User Password

  1. Click the logged-in username at the far right of the top navigation bar and select Change Password.
  2. Enter the current password and a new password twice, and then click OK.

Adding an Internal User Account

  1. Select Administration > Users.
  2. Click the Add User button.
  3. Enter a username and password.
  4. In the Role drop-down menu, select a role for the new user.
  5. Click Add.

Assigning User Roles

  1. Select Administration > Users.
  2. Check the checkbox next to one or more usernames.
  3. Select Actions for Selected > Assign User Roles.
  4. In the drop-down menu, select the role.
  5. Click the Assign Role button.

Changing an Internal User Account Password

  1. Select Administration > Users.
  2. Click the Change Password button next to a username with User Type Cloudera Manager.
  3. Type the new password and repeat it to confirm.
  4. Click the Update button to make the change.

Deleting Internal User Accounts

  1. Select Administration > Users.
  2. Check the checkbox next to one or more usernames with User Type Cloudera Manager.
  3. Select Actions for Selected > Delete.
  4. Click the OK button. (There is no confirmation of the action.)

Viewing User Sessions

  1. Select Administration > Users.
  2. Click the tab User Sessions.