Help Center/ MapReduce Service/ User Guide/ MRS Cluster O&M/ MRS Cluster Security Configuration/ Cluster Mutual Trust Management/ Configuring User Permissions for Mutually Trusted MRS Clusters
Updated on 2024-09-23 GMT+08:00
View PDF
Share

Configuring User Permissions for Mutually Trusted MRS Clusters

Once cross-Manager cluster mutual trust is configured, grant user access permissions on FusionInsight Managers to enable them to perform service operations in the mutually trusted Managers.

Prerequisites

The mutual trust relationship has been configured between two clusters (clusters A and B). The clients of the clusters have been updated.

Configuring User Permissions for Mutually Trusted Clusters (MRS 3.x or Later)

  1. Log in to the local FusionInsight Manager.
  2. Choose System > Permission > User to check whether the target user exists.

    • If yes, go to 3.
    • If no, go to 4.

  3. Click on the left of the target user, and check whether the permissions assigned to the user group of the user and the roles meet service requirements. If not, create a role and bind the role to the user, or modify the user group or role permissions of the user.
  4. Create a user required by the service operations and associate the required user group or role. For details, see Creating a User (MRS 3.x and Later).
  5. Log in to the other FusionInsight Manager and repeat 2 to 4 to create a user with the same name and set permissions.

Configuring User Permissions for Mutually Trusted Clusters (MRS 2.x or Earlier)

  1. Log in to MRS Manager of cluster A and choose System > Manage User. Check whether cluster A has accounts that are the same as those of cluster B.

    • If yes, go to 2.
    • If no, go to 3.

  2. Click on the left side of the username to view detailed user information. Verify if the user's group and role meet the service requirements.

    For example, user admin of cluster A has the permission to access and create files in the /tmp directory of cluster A. Then go to 4.

  3. Create the accounts in cluster A and bind the accounts to the user group and roles required by the services. Then go to 4.
  4. Choose Service > HDFS > Instance. Query the OM IP Address of NameNode (Active).
  5. Log in to the client of cluster B.

    For example, if you updated the client on the Master2 node, you must log in to the Master2 node to use the client.

  6. Run the following command to access the /tmp directory of cluster A.

    hdfs dfs -ls hdfs://192.168.6.159:9820/tmp

    In the preceding command, 192.168.6.159 is the IP address of the active NameNode of cluster A; 9820 is the default port for communication between the client and the NameNode.

  7. Run the following command to create a file in the /tmp directory of cluster A:

    hdfs dfs -touchz hdfs://192.168.6.159:9820/tmp/mrstest.txt

    If you can find the mrstest.txt file in the /tmp directory of cluster A, the cross-cluster mutual trust is successfully configured.