Reply
Explorer
Posts: 14
Registered: ‎12-19-2017

How to block user access to Cloudera Manager?

Hi. 


Me and my team have been struggling with the setup of CM and the External Authentication.

 

We would like to block the access to users who don't belong to a certain group our pattern. 

 

We want to completely block the access in the login menu. I don't want them to even enter the CM backoffice.

 

Is this possible to do? We have been testing with LDAP parameters with no sucess. It seems that if the user is authenticated in the AD it will enter CM no matter what...

 

Any ideas? Sugestions?

Cloudera Employee
Posts: 578
Registered: ‎01-20-2014

Re: How to block user access to Cloudera Manager?

Hi @JoaoBarreto,

 

You could configure external authentication in CM. In this you can set up a script to reject anyone who is not in certain groups or any other scheme you like. Does this help?

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_external_auth.html#cmug_topic_...

 

Regards
Gautam

Regards,
Gautam Gopalakrishnan
Explorer
Posts: 14
Registered: ‎12-19-2017

Re: How to block user access to Cloudera Manager?

[ Edited ]

Hi @GautamG!

 

Thank you for your answer!

 

If I understood correctly what you are saying is that, Cloudera Manager won't block any correct logins, even if you have a LDAP user/group filter? 

 

In order to block a login (in the login screen, if user/password is validated by the AD) we need to create a script with the information you gave me?

 

Thank you for your time Gautam!

Cloudera Employee
Posts: 578
Registered: ‎01-20-2014

Re: How to block user access to Cloudera Manager?

From what I know, setting up those groups will allow you to log on with that privilege. Others will just be read-only users. With external authentication, you can return a negative number, even if user+password is valid. This prevents them from logging on.

Regards,
Gautam Gopalakrishnan
Explorer
Posts: 14
Registered: ‎12-19-2017

Re: How to block user access to Cloudera Manager?

@GautamG thank you for the explanation!

 

Have a nice day!

 

Announcements