Updated on 2024-04-11 GMT+08:00

User Account List

User Classification

The MRS cluster provides the following three types of users. The system administrator needs to periodically change the passwords. It is not recommended to use the default passwords.

This section describes information about default users in MRS clusters.

User Type

Description

System users

  • User created on FusionInsight Manager for O&M and service scenarios. There are two types of users:
    • Human-machine user: used in scenarios such as FusionInsight Manager O&M and operations on a component client. When creating a user of this type, you need to set password and confirm password by referring to Creating a User.
    • Machine-machine user: used for system application development.
  • User who runs OMS processes

Internal system users

Internal user to perform Kerberos authentication, process communications, save user group information, and associate user permissions. It is recommended that internal system users not be used in O&M scenarios. Operations can be performed as user admin or another user created by the system administrator based on service requirements.

Database users

  • User who manages OMS database and accesses data
  • User who runs service components (Hue, Hive, HetuEngine, Loader, Oozie, Ranger, and DBService) in the database.

System Users

  • User root of the OS is required, the password of user root on all nodes must be the same.
  • User Idap of the OS is required. Do not delete this account. Otherwise, the cluster may not work properly. The OS administrator maintains the password management policies.

User Type

Username

Initial Password

Description

Password Change Method

System administrator

admin

User-defined password

FusionInsight Manager administrator.

NOTE:

By default, user admin does not have the management permission on other components. For example, when accessing the native UI of a component, the user fails to access the complete component information due to insufficient management permission on the component.

For details, see Changing the Password for User admin.

Node OS user

ommdba

Random password

User that creates the system database. This user is an OS user generated on the management node and does not require a unified password. This account cannot be used for remote login.

For details, see Changing the Password for an OS User.

omm

Random password

Internal running user of the system. This user is an OS user generated on all nodes and does not require a unified password.

Internal System Users

User Type

Default User

Initial Password

Description

Password Change Method

Kerberos administrator

kadmin/admin

Admin@123

Used to add, delete, modify, and query user accounts on Kerberos.

For details, see Changing the Password for the Kerberos Administrator.

OMS Kerberos administrator

kadmin/admin

Admin@123

Used to add, delete, modify, and query user accounts on OMS Kerberos.

For details, see Changing the Password for the OMS Kerberos Administrator.

LDAP administrator

cn=root,dc=hadoop,dc=com

  • Versions earlier than MRS 3.1.2: LdapChangeMe@123
  • MRS 3.1.2 or later: randomly generated by the system

Used to add, delete, modify, and query the user account information on LDAP.

OMS LDAP administrator

cn=root,dc=hadoop,dc=com

  • Versions earlier than MRS 3.1.2: LdapChangeMe@123
  • MRS 3.1.2 or later: randomly generated by the system

Used to add, delete, modify, and query the user account information on OMS LDAP.

LDAP user

cn=pg_search_dn,ou=Users,dc=hadoop,dc=com

Randomly generated by the system

Used to query information about users and user groups on LDAP.

OMS LDAP user

cn=pg_search_dn,ou=Users,dc=hadoop,dc=com

Randomly generated by the system

Used to query information about users and user groups on OMS LDAP.

LDAP administrator account

cn=krbkdc,ou=Users,dc=hadoop,dc=com

  • Versions earlier than MRS 3.1.2: LdapChangeMe@123
  • MRS 3.1.2 or later: randomly generated by the system

Used to query Kerberos component authentication account information.

cn=krbadmin,ou=Users,dc=hadoop,dc=com

  • Versions earlier than MRS 3.1.2: LdapChangeMe@123
  • MRS 3.1.2 or later: randomly generated by the system

Used to add, delete, modify, and query Kerberos component authentication account information.

Component running user

hdfs

Hdfs@123

This user is the HDFS system administrator and has the following permissions:

  1. File system operation permissions:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
    • Views and sets disk quotas for users.
  2. HDFS management operation permissions:
    • Views the web UI status.
    • Views and sets the active and standby HDFS status.
    • Enters and exits the HDFS in security mode.
    • Checks the HDFS file system.
  3. Logs in to the FTP service page.

For details, see Changing the Password for a Component Running User.

hbase

Hbase@123

This user is the HBase and HBase1 to HBase4 system administrator and has the following permissions:

  • Cluster management permission: Performs Enable and Disable operations on tables to trigger MajorCompact and ACL operations.
  • Grants and revokes permissions, and shuts down the cluster.
  • Table management permission: Creates, modifies, and deletes tables.
  • Data management permission: Reads data in tables, column families, and columns.
  • Logs in to the HMaster web UI.
  • Logs in to the FTP service page.

cdl

CDCUser123!

System administrator of the CDL

Currently, CDL does not involve user permissions.

iotdb

Iotdb@123

This user is the IoTDB system administrator and has the following user permissions:

  1. IoTDB administrator permissions:
    • Creates or deletes a storage group.
    • Uses TTL.
  2. IoTDB data operation permissions:
    • Creates, modifies, and deletes a time sequence.
    • Writes, reads, and deletes data in a time sequence.
  3. Views user or role permission information.
  4. Grants or revokes permissions to or from a user or role.
    NOTE:

    In a normal cluster, the IoTDB service retains the features of open-source versions. The default username is root, and the default password is root (for MRS 3.3.0 or later, the default password is Iotdb@123). This user is an administrator and has all permissions, which cannot be assigned, revoked, or deleted.

mapred

Mapred@123

This user is the MapReduce system administrator and has the following permissions:

  • Submits, stops, and views the MapReduce tasks.
  • Modifies the Yarn configuration parameters.
  • Logs in to the FTP service page.
  • Logs in to the Yarn web UI.

zookeeper

ZooKeeper@123

This user is the ZooKeeper system administrator and has the following permissions:

  • Adds, deletes, modifies, and queries all nodes in ZooKeeper.
  • Modifies and queries quotas of all nodes in ZooKeeper.

rangeradmin

Rangeradmin@123

This user has the Ranger system management permissions and user permissions:

  • Ranger web UI management permission
  • Management permission of each component that uses Ranger authentication

rangerauditor

Rangerauditor@123

Default audit user of the Ranger system.

hive

Hive@123

This user is the Hive system administrator and has the following permissions:

  1. Hive administrator permissions:
    • Creates, deletes, and modifies a database.
    • Creates, queries, modifies, and deletes a table.
    • Queries, inserts, and uploads data.
  2. HDFS file operation permissions:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops the MapReduce tasks.
  4. Ranger policy management permission

kafka

Kafka@123

This user is the Kafka system administrator and has the following permissions:

  • Creates, deletes, produces, and consumes the topic; modifies the topic configuration.
  • Controls the cluster metadata, modifies the configuration, migrates the replica, elects the leader, and manages ACL.
  • Submits, queries, and deletes the consumer group offset.
  • Queries the delegation token.
  • Queries and submits the transaction.

storm

Admin@123

Storm system administrator

User permission: Submits Storm tasks.

rangerusersync

Randomly generated by the system

Synchronizes users and internal users of user groups.

rangertagsync

Randomly generated by the system

Internal user for synchronizing tags.

oms/manager

Randomly generated by the system

Controller and NodeAgent authentication user. The user has the permission on the supergroup group.

backup/manager

Randomly generated by the system

User for running backup and restoration tasks. The user has the permission on the supergroup, wheel, and ficommon groups. After cross-system mutual trust is configured, the user has the permission to access data in the HDFS, HBase, Hive, and ZooKeeper systems.

hdfs/hadoop.<System domain name>

Randomly generated by the system

This user is used to start the HDFS and has the following permissions:

  1. File system operation permissions:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
    • Views and sets disk quotas for users.
  2. HDFS management operation permissions:
    • Views the web UI status.
    • Views and sets the active and standby HDFS status.
    • Enters and exits the HDFS in security mode.
    • Checks the HDFS file system.
  3. Logs in to the FTP service page.

hetuserver/hadoop.<System domain name>

Randomly generated by the system

This user is used to start HetuEngine and has the following permissions:

  • Accesses KrbServer and HDFS files in the cluster from HetuEngine.
  • Used for communication between HetuEngine internal nodes.

mapred/hadoop.<System domain name>

Randomly generated by the system

This user is used to start the MapReduce and has the following permissions:

  • Submits, stops, and views the MapReduce tasks.
  • Modifies the Yarn configuration parameters.
  • Logs in to the FTP service page.
  • Logs in to the Yarn web UI.

mr_zk/hadoop.<System domain name>

Randomly generated by the system

Used for MapReduce to access ZooKeeper.

hbase/hadoop.<System domain name>

Randomly generated by the system

User for the authentication between internal components during the HBase system startup.

hbase/zkclient.<System domain name>

Randomly generated by the system

User for HBase to perform ZooKeeper authentication in a security mode cluster.

thrift/hadoop.<System domain name>

Randomly generated by the system

ThriftServer system startup user.

thrift/<hostname>

Randomly generated by the system

User for the ThriftServer system to access HBase. This user has the read, write, execution, creation, and administration permission on all NameSpaces and tables of HBase. <hostname> indicates the name of the host where the ThriftServer node is installed in the cluster.

hive/hadoop.<System domain name>

Randomly generated by the system

User for the authentication between internal components during the Hive system startup. The user permissions are as follows:

  1. Hive administrator permissions:
    • Creates, deletes, and modifies a database.
    • Creates, queries, modifies, and deletes a table.
    • Queries, inserts, and uploads data.
  2. HDFS file operation permissions:
    • Views, modifies, and creates files.
    • Views and creates directories.
    • Views and modifies the groups where files belong.
  3. Submits and stops the MapReduce tasks.

loader/hadoop.<System domain name>

Randomly generated by the system

User for Loader system startup and Kerberos authentication

HTTP/<hostname>

Randomly generated by the system

Used to connect to the HTTP interface of each component. <hostname> indicates the host name of a node in the cluster.

hue

Randomly generated by the system

User for Hue system startup, Kerberos authentication, and HDFS and Hive access

flume

Randomly generated by the system

User for Flume system startup and HDFS and Kafka access. The user has read and write permission of the HDFS directory /flume.

flume_server

Randomly generated by the system

User for Flume system startup and HDFS and Kafka access. The user has read and write permission of the HDFS directory /flume.

spark2x/hadoop.<System domain name>

Randomly generated by the system

This user is the Spark2x system administrator and has the following user permissions:

1. Starts the Spark2x service.

2. Submits Spark2x tasks.

spark_zk/hadoop.<System domain name>

Randomly generated by the system

Used for Spark2x to access ZooKeeper.

zookeeper/hadoop.<System domain name>

Randomly generated by the system

ZooKeeper system startup user.

zkcli/hadoop.<System domain name>

Randomly generated by the system

ZooKeeper server login user.

oozie

Randomly generated by the system

User for Oozie system startup and Kerberos authentication.

kafka/hadoop.<System domain name>

Randomly generated by the system

Used for security authentication of Kafka.

storm/hadoop.<System domain name>

Randomly generated by the system

Storm system startup user.

storm_zk/hadoop.<System domain name>

Randomly generated by the system

Used for the Worker process to access ZooKeeper.

flink/hadoop.<System domain name>

Randomly generated by the system

Internal user of the Flink service.

check_ker_M

Randomly generated by the system

User who performs a system internal test about whether the Kerberos service is normal.

cdl/hadoop.<System domain name>

Randomly generated by the system

Internal user of the CDL service.

clickhouse/hadoop.<System domain name>

Randomly generated by the system

Used for security authentication of ClickHouse. This user is an internal user and can be used only in the cluster.

default

None

ClickHouse internal user, which is an administrator user that can be used only in non-security mode.

rangeradmin/hadoop.<System domain name>

Randomly generated by the system

Ranger system startup user, which is used for authentication between internal components.

tez

Randomly generated by the system

User for TezUI system startup, Kerberos authentication, and access to Yarn

K/M

Randomly generated by the system

Kerberos internal functional user. It cannot be deleted, and its password cannot be changed. This internal account can only be used on nodes where Kerberos service is installed.

None

kadmin/changepw

Randomly generated by the system

kadmin/history

Randomly generated by the system

krbtgt<System domain name>

Randomly generated by the system

LDAP user

admin

None

FusionInsight Manager administrator.

The primary group is compcommon, which does not have the group permission but has the permission of the Manager_administrator role.

The LDAP user cannot log in to the system, and the password cannot be changed.

backup

The primary group is compcommon.

backup/manager

The primary group is compcommon.

oms

The primary group is compcommon.

oms/manager

The primary group is compcommon.

clientregister

The primary group is compcommon.

zookeeper

The primary group is hadoop.

zookeeper/hadoop.<System domain name>

The primary group is hadoop.

zkcli

The primary group is hadoop.

zkcli/hadoop.<System domain name>

The primary group is hadoop.

flume

The primary group is hadoop.

flume_server

The primary group is hadoop.

hdfs

The primary group is hadoop.

hdfs/hadoop.<System domain name>

The primary group is hadoop.

mapred

The primary group is hadoop.

mapred/hadoop.<System domain name>

The primary group is hadoop.

mr_zk

The primary group is hadoop.

mr_zk/hadoop.<System domain name>

The primary group is hadoop.

hue

The primary group is supergroup.

hive

The primary group is hive.

hive/hadoop.<System domain name>

The primary group is hive.

hbase

The primary group is hadoop.

hbase/hadoop.<System domain name>

The primary group is hadoop.

thrift

The primary group is hadoop.

thrift/hadoop.<System domain name>

The primary group is hadoop.

oozie

The primary group is hadoop.

hbase/zkclient.<System domain name>

The primary group is hadoop.

loader

The primary group is hadoop.

loader/hadoop.<System domain name>

The primary group is hadoop.

spark2x

The primary group is hadoop.

spark2x/hadoop.<System domain name>

The primary group is hadoop.

spark_zk

The primary group is hadoop.

kafka

The primary group is kafkaadmin.

kafka/hadoop.<System domain name>

The primary group is kafkaadmin.

storm

The primary group is stormadmin.

storm/hadoop.<System domain name>

The primary group is stormadmin.

storm_zk

The primary group is storm.

storm_zk/hadoop.<System domain name>

The primary group is storm.

kms/hadoop

The primary group is kmsadmin.

knox

The primary group is compcommon.

executor

The primary group is compcommon.

rangeradmin

The primary group is supergroup.

rangeradmin/hadoop.<System domain name>

The primary group is supergroup.

rangerusersync

The primary group is supergroup.

rangertagsync

The primary group is supergroup.

rangerauditor

The primary group is compcommon.

Log in to FusionInsight Manager, choose System > Permission > Domain and Mutual Trust, and check the value of Local Domain. In the preceding table, all letters in the system domain name contained in the username of the system internal user are lowercase letters.

For example, if Local Domain is set to 9427068F-6EFA-4833-B43E-60CB641E5B6C.COM, the username of default HDFS startup user is hdfs/hadoop.9427068f-6efa-4833-b43e-60cb641e5b6c.com.

Database Users

The system database users include OMS database users and DBService database users.

Database Type

Default User

Initial Password

Description

Password Change Method

OMS database

ommdba

  • Versions earlier than MRS 3.2.0: dbChangeMe@123456
  • MRS 3.2.0 or later: random password

OMS database administrator who performs maintenance operations, such as creating, starting, and stopping.

For details, see Changing the Password of the OMS Database Administrator.

omm

  • Versions earlier than MRS 3.2.0: ChangeMe@123456
  • MRS 3.2.0 or later: random password

User for accessing OMS database data

For details, see Changing the Password for the Data Access User of the OMS Database.

DBService database

omm

  • Versions earlier than MRS 3.2.0: dbserverAdmin@123
  • MRS 3.2.0 or later: random password

Administrator of the GaussDB database in the DBService component

compdbuser

Random password

MRS 3.1.2 or later: Administrator of the GaussDB database in the DBService component. It is used in service O&M scenarios. If the password of this account has expired, you need to reset the password upon your first login.

For details, see Changing the Password for User compdbuser of the DBService Database.

hetu

Random password

User for HetuEngine to connect to the DBService database hetumeta.

This user exists only in MRS 3.1.2 or later.

hive

  • Versions earlier than MRS 3.1.2: HiveUser@
  • MRS 3.1.2 or later: random password

User for Hive to connect to the DBService database hivemeta.

hue

  • Versions earlier than MRS 3.1.2: HueUser@123
  • MRS 3.1.2 or later: random password

User for Hue to connect to the DBService database hue.

sqoop

  • Versions earlier than MRS 3.1.2: SqoopUser@
  • MRS 3.1.2 or later: random password

User for Loader to connect to the DBService database sqoop.

oozie

  • Versions earlier than MRS 3.1.2: OozieUser@
  • MRS 3.1.2 or later: random password

User for Oozie to connect to the DBService database oozie.

rangeradmin

  • Versions earlier than MRS 3.1.2: Admin12!
  • MRS 3.1.2 or later: random password

User for Ranger to connect to the DBService database.

kafkaui

Random password

User for Kafka UI to connect to the DBService database.

This user exists only in MRS 3.1.2 or later.

flink

Random password

User for Flink to connect to the DBService database.

This user exists only in MRS 3.1.2 or later.

cdl

Random password

User for CDL to connect to the DBService database cdl.

This user exists only in MRS 3.2.0 or later.