Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

What Roles to view both Environment and Data Lake Pages in Cloudera CDP Public Cloud

avatar
Explorer

Hi folks,

 

I'm new to CDP and I'm trying to figure out what roles I require to be able to view Data Hub Clusters as well as the associated Environment and Data Lake pages in CDP Public Cloud?

 

I've been granted the following Account/Resource Roles:

"IamViewer"

"EnvironmentUser"

 

This allows me to see specific DataHub Clusters but when I click the links for either Environments or Data Lakes there's no information appearing.

 

The EnvironmentUser Role has the following Policy attached:

 

[
  {
    "crn": "crn:altus:iam:us-west-1:altus:policy:EnvironmentUserPolicy",
    "policyStatements": [
      {
        "rights": [
          "datahub/read",
          "datahub/write",
          "datalake/read",
          "environments/read"
        ],
        "resources": [
          "*"
        ]
      }
    ]
  }
]

Given the Policy has environments/read & datalake/read what am I missing here?

 

Thanks.

1 ACCEPTED SOLUTION

avatar

@wallacei  There are roles attached to the main control plane and roles attached to specific environment.  Work with you environmentAdmin to make sure you have all the correct roles at the control plane level and then deeper at the environment level if necessary.


Below is the EnvironmentAdmin

 

[
  {
    "crn": "crn:altus:iam:us-west-1:altus:policy:EnvironmentAdminPolicy",
    "policyStatements": [
      {
        "rights": [
          "environments/getFreeipaOperationStatus",
          "environments/repairFreeIPA",
          "environments/upgradeFreeIPA",
          "environments/createDatahub",
          "datahub/read",
          "datahub/write",
          "datalake/read",
          "datalake/write",
          "environments/read",
          "environments/write"
        ],
        "resources": [
          "*"
        ]
      }
    ]
  }
]

 You may need more specific roles to access additional services around the environment.

View solution in original post

1 REPLY 1

avatar

@wallacei  There are roles attached to the main control plane and roles attached to specific environment.  Work with you environmentAdmin to make sure you have all the correct roles at the control plane level and then deeper at the environment level if necessary.


Below is the EnvironmentAdmin

 

[
  {
    "crn": "crn:altus:iam:us-west-1:altus:policy:EnvironmentAdminPolicy",
    "policyStatements": [
      {
        "rights": [
          "environments/getFreeipaOperationStatus",
          "environments/repairFreeIPA",
          "environments/upgradeFreeIPA",
          "environments/createDatahub",
          "datahub/read",
          "datahub/write",
          "datalake/read",
          "datalake/write",
          "environments/read",
          "environments/write"
        ],
        "resources": [
          "*"
        ]
      }
    ]
  }
]

 You may need more specific roles to access additional services around the environment.