Help Center> MapReduce Service> User Guide (ME-Abu Dhabi Region)> FusionInsight Manager Operation Guide (Applicable to 3.x)> System Configuration> Configuring Permission> Managing Roles
Updated on 2022-02-22 GMT+08:00
View PDF

Managing Roles

Scenarios

FusionInsight Manager supports 5000 roles (including built-in roles, excluding roles created by tenants) at the maximum. Based on different service requirements, you need to create and manage different roles on FusionInsight Manager and perform authorization management for FusionInsight Manager and components using roles.

Prerequisites

  • You have learned service requirements.
  • Log in to FusionInsight Manager.

Adding a Role

  1. Choose System > Permission > Role.
  2. On the displayed page, click Create Role and fill in Role Name and Description.

    A role name consists of letters, digits, and underlines (_). A role name can contain 3 to 50 characters. It cannot be the same as the role name in the system.

  3. In the Configure Resource Permission list, select the cluster whose rights are to be added and select service rights for the role.

    When setting rights for a component, enter a resource name in the Search text box in the upper right corner and click the search icon to view the search result.

    The search scope covers only directories with current permissions. You cannot search subdirectories. Search by keywords supports fuzzy match and is case-insensitive.

    • For components (except HDFS and Yarn) for which Ranger authorization has been enabled, the rights of non-default roles on Manager do not take effect. You need to configure Ranger policies to assign rights to user groups.
    • If the policy conditions of HDFS and Yarn resource requests in Ranger are not covered, the component ACL rules still take effect.
    • A maximum of 1000 permissions can be configured for a component at a time.

  4. Click OK.

Modifying the Role Information

Locate the row that contains the role to be modified and click Modify.

Exporting Role Information

Click Export All to export all roles information at a time. You can export the information to a TXT or CSV file.

The role information contains the following fields: Role name, description, and the information about whether the role is the default role.

Deleting a Role

Locate the row that contains the role to be deleted, and click Delete. To delete multiple roles in batches, select the roles to be deleted and click Delete above the role list. Roles cannot be deleted when bound by users. To delete a user group, delete all users in the user group by modifying the user group, and then delete the user group.

Task Example (Creating a Manager Role)

  1. Choose System > Permission > Role.
  2. On the displayed page, click Create Role and fill in Role Name and Description.
  3. In the Configure Resource Permission list, click Manager. Set the role permission as follows:

    Manager permissions:

    • Cluster:
      • view: view permission for Cluster page, view permission for Alarm and Event page under O&M > Alarm.
      • management: management permission for Cluster and O&M page.
    • User:
      • view: view permission for Permission page under System.
      • management: management permission for Permission page under System.
    • Audit:

      management: management permission for Audit page.

    • Tenant:

      management: management permission for Tenant page, view permission for Alarm and Event page under O&M > Alarm.

    • System:

      management: management permission for System page except the Permission page, view permission for Alarm and Event page under O&M > Alarm.

  4. Click OK.
Parent topic: Configuring Permission