Default Permissions of the MRS Cluster
Roles
|
Default Role |
Description |
|---|---|
|
Manager_administrator |
Manager administrator who has all permissions for Manager. Manager administrators can create first-level tenants, create and modify user groups, and specify user permissions. |
|
Manager_operator |
Manager operator who has all the permissions on the Homepage, Cluster, Hosts, and O&M tabs. |
|
Manager_auditor |
Manager auditor who has all permissions on the Audit tab page. Manager auditors can view and manage Manager system audit logs. |
|
Manager_viewer |
Manager viewer, who has permissions to view the Homepage, Cluster, Hosts, Alarms and Events in the O&M alarm module, Tenant Resources (available in MRS 3.5.0 and later), and System pages, and download clients. (Only MRS 3.2.0 or later supports client download.) |
|
Manager_tenant |
Manager tenant administrator. This role can create and manage sub-tenants for the non-leaf tenants to which the current user belongs. It has the permission to view alarms and events on O&M > Alarm page.
NOTE:
MRS 3.5.0 and later clusters: Assigning this role to a user with both Manager_viewer and Manager_tenant roles overrides the tenant management permission of the Manager_tenant role. The user can then only view tenant resources. |
|
System_administrator |
System administrator, this role has Manager system administrator rights and all services administrator rights. |
|
default |
This role is the default role created for the default tenant. It has the management permissions on the YARN component and the default queue. The default role of the default tenant that is not the first cluster to be installed is c<cluster ID>_default. |
|
Manager_administrator_180 |
FusionInsight Manager system administrator group. Internal system user group, which is used only between components. |
|
Manager_auditor_181 |
FusionInsight Manager system auditor group. Internal system user group, which is used only between components. |
|
Manager_operator_182 |
FusionInsight Manager system operator group. Internal system user group, which is used only between components. |
|
Manager_viewer_183 |
FusionInsight Manager system viewer group. Internal system user group, which is used only between components. |
|
System_administrator_186 |
System administrator group. Internal system user group, which is used only between components. |
|
Manager_tenant_187 |
Tenant system user group. Internal system user group, which is used only between components. |
|
default_1000 |
User group created for tenants. Internal system user group, which is used only between components. |
User Groups
|
Type |
Default User Group |
Description |
|---|---|---|
|
Default cluster user groups |
hadoop |
Users added to this user group have the permission to submit tasks to all YARN queues. |
|
hadoopmanager |
Users added to this user group can have the O&M manager rights of HDFS and YARN. The O&M manager of HDFS can access the NameNode web UI and perform active-standby switchover. The O&M manager of YARN can access the ResourceManager web UI, operate NodeManager nodes, refresh queues, and set node labels, but cannot submit tasks. |
|
|
hetuadmin |
HetuEngine administrator group. Users in this group have the permission to perform operations on HSConsole. |
|
|
hive |
Common user group. Hive users must belong to this user group. |
|
|
iotdbgroup |
Users added to this user group have the administrator rights of the IoTDB component. |
|
|
kafka |
Common Kafka user group. A user in this group can access a topic only when a user in the kafkaadmin group grants the read and write permission of the topic to the user. |
|
|
kafkaadmin |
Kafka administrator group. Users added to this group have the permissions to create, delete, authorize, as well as read from and write data to all topics. |
|
|
kafkasuperuser |
Topic read/write user group of Kafka. Users added to this group have permissions to read data from and write data to all topics. |
|
|
cdladmin |
CDL administrator group. Only users in this group can access CDL APIs. |
|
|
cdl |
Common user group of CDL. Users in this group can create and query CDL jobs. |
|
|
storm |
Storm common user group. Users added to this group have the permissions to submit topologies and manage their own topologies. |
|
|
stormadmin |
Storm administrator user group. Users added to this group have the permissions to submit topologies and manage their own topologies. |
|
|
supergroup |
Users added to this user group have the administrator rights of HBase, HDFS, and YARN and can use Hive. |
|
|
yarnviewgroup |
Read-only user group of YARN tasks. Users in this user group can have the view permission on YARN and MapReduce tasks. |
|
|
check_sec_ldap |
User group for testing whether the active LDAP works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. This is an internal system user group used only between components. |
|
|
compcommon |
System internal group for accessing cluster system resources. All system users and system running users are added to this user group by default. |
|
|
Default OS user groups |
wheel |
Primary group of the internal system running user omm. |
|
ficommon |
System common group that corresponds to compcommon for accessing cluster common resource files stored in the OS. |
Users
For details, see MRS Cluster User Accounts.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
