September 21, 2021
This release of the Management Console service introduces the following changes:
New authorization model
CDP introduces a new authorization model. The following table summarizes new, changed, and deprecated roles. The roles that are not mentioned in this table are unchanged.
Account roles
Roles | Description | |
---|---|---|
New account role |
|
This is a new account-level role. |
Deprecated account roles |
|
These roles have been deprecated in June 2020 and have been removed from the official documentation. |
Resource roles
Roles | Description | |
---|---|---|
New environment resource roles |
|
These roles can be assigned on the scope of a specific environment. |
New Data Hub resource role |
|
This role can be assigned on the scope of a specific Data Hub. |
New shared resource role |
|
This role can be assigned on the scope of a specific shared resource (cluster template, credential, image catalog, proxy, or recipe). |
New resource role applicable to environments, Data Hubs, shared resources, and classic clusters |
|
Grants all permissions required to manage the resource in CDP including the ability to delete it, but does not grant any cluster-level access. The user creating the resource automatically gets the Owner role on that resource. |
Steps for assigning roles
- The steps for assigning account roles and managing access to environments are unchanged.
- The steps for managing access to Data Hubs, shared resources (cluster templates, credentials, image catalogs, and recipes), and classic clusters are similar to the steps for managing access to environments: You can use the Manage access option from the resource details page.
Updated documentation
- For updated information about all built-in roles in CDP, refer to Understanding account-level roles and resource roles.
- For updated instructions for how to manage access to resources, refer to Assigning a resource role to a user and Assigning a resource role to a group.
- Other new and updated documentation:
Dots are now supported in group names
The list of supported characters in group names was extended to include dots. See updated
documentation:
Improved AWS cloud storage setup documentation
AWS cloud storage setup documentation has been improved to include exact steps for creating the required S3 bucket, IAM policies, and IAM roles. See Minimal setup for cloud storage and Onboarding CDP users and groups for cloud storage .