Help Center/ MapReduce Service/ User Guide (ME-Abu Dhabi Region)/ Troubleshooting/ Accessing OBS/ When Using the MRS Multi-user Access to OBS Function, a User Does Not Have the Permission to Access the /tmp Directory
Updated on 2022-12-08 GMT+08:00

When Using the MRS Multi-user Access to OBS Function, a User Does Not Have the Permission to Access the /tmp Directory

Issue

When the MRS multi-user access to OBS function is used to execute jobs such as Spark, Hive, and Presto jobs, an error message is displayed, indicating that the user does not have the permission to access the /tmp directory.

Symptom

When the MRS multi-user access to OBS function is used to execute jobs such as Spark, Hive, and Presto jobs, an error message is displayed, indicating that the user does not have the permission to access the /tmp directory.

Cause Analysis

A temporary directory exists during job execution. The user who submits the job does not have permission on the temporary directory.

Procedure

  1. On the Dashboard tab page of the cluster, query and record the name of the agency bound to the cluster.
  2. Log in to the IAM console.
  3. Choose Permissions. On the displayed page, click Create Custom Policy.

    • Policy Name: Enter a policy name.
    • Scope: Select Global services.
    • Policy View: Select Visual editor.
    • Policy Content:
      1. Allow: Select Allow.
      2. Select service: Select Object Storage Service (OBS).
      3. Select action: Select WriteOnly, ReadOnly, and ListOnly.
      4. Specific resources:
        1. Set object to Specify resource path, click Add resource path, and enter obs_bucket_name/tmp/ and obs_bucket_name/tmp/* in Path. The /tmp directory is used as an example. If you need to add permissions for other directories, perform the following steps to add the directories and resource paths of all objects in the directories.
        2. Set bucket to Specify resource path, click Add resource path, and enter obs_bucket_name in Path.

        Replace obs_bucket-name with the actual OBS bucket name. If the bucket type is Parallel File System, you need to add the obs_bucket_name/tmp/ path. If the bucket type is Object Storage, you do not need to add the path.

      5. (Optional) Request condition, which does not need to be added currently.
    Figure 1 Custom policy

  4. Click OK.
  5. Select Agency and click Assign Permissions in the Operation column of the agency queried in 1.
  6. Query and select the created policy in 3.
  7. Click OK.