Help Center> DataArts Studio> User Guide (Kuala Lumpur Region)> User Guide> Management Center> Creating Data Connections
Updated on 2023-06-14 GMT+08:00
View PDF

Creating Data Connections

You can create data connections by configuring data sources. Based on the data connections of the Management Center, DataArts Studio performs data development, governance, services, and operations on the data lake base.

Constraints

  • RDS data connections depend on OBS. If OBS is unavailable in the same region as DataArts Studio, RDS data connections are not supported.
  • If changes occur in the connected data lake (for example, the MRS cluster capacity is expanded), you need to edit and save the connection.

Prerequisites

  • You have created a data lake to connect, for example, a database or cloud service supported by DataArts Studio.
    • Before creating a DWS data connection, ensure that you have created a cluster in DWS and have the permissions required to view Key Management Service (KMS) keys.
    • Before creating an MRS HBase, MRS Hive, MRS Kafka, MRS Presto, or MRS Spark connection, ensure that you have created an MRS cluster and selected required components.
    • Before creating an RDS data connection, ensure that you have created an RDS DB instance. Currently, DataArts Studio supports only MySQL and PostgreSQL databases in RDS.
  • The data lake to connect communicates with the DataArts Studio instance properly.
    • If the data lake is an on-premises database, a public network or a dedicated connection is required. Ensure that the host where the data source is located can access the public network and the port has been enabled in the firewall rule.
    • If the data lake is a cloud service (such as DWS and MRS), the following requirements must be met for network interconnection:
      • If the CDM cluster in the DataArts Studio instance and the cloud service are in different regions, a public network or a dedicated connection is required.
      • If the CDM cluster in the DataArts Studio instance and the cloud service are in the same region, VPC, subnet, and security group, they can communicate with each other by default. If they are in the same VPC but in different subnets or security groups, you must configure routing rules and security group rules. For details about how to configure routing rules, see Adding Routes in Virtual Private Cloud (VPC) Usage Guide. For details about how to configure security group rules, see Security Group > Adding a Security Group Rule in Virtual Private Cloud (VPC) Usage Guide.
      • The cloud service instance and the DataArts Studio workspace belong to the same enterprise project. If they do not, you can modify the enterprise project of the workspace.

Creating a Data Connection

  1. On the DataArts Studio console, locate a workspace and click Management Center.
    Figure 1 Management Center
  1. In the navigation pane, choose Manage Data Connections.
    Figure 2 Manage Data Connections
  1. On the Data Connection Management page, click Create Data Connection. Select a data connection type and set the relevant parameters. See Table 1.
    Figure 3 Create Data Connection
    Table 1 Data connections

    Data Connection Type

    Link

    MRS Hive

    Table 2

    MRS HBase

    Table 3

    MRS Kafka

    Table 4

    DWS

    Table 7

    ORACLE

    Table 8

    MRS Spark

    Table 5

    RDS

    See Table 6.

    You can also create RDS connections to relational databases, such as MySQL, PostgreSQL, and Dameng databases.

    Host Connection

    See Table 9.
  2. Click Test to test connectivity of the data connection. If the test passes, the data connection is created.
  3. After the test is successful, click OK. The system will create the data connection for you.

Data Connection Parameter Description

Table 2 MRS Hive data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

Cluster Name

Yes

The name of the MRS Hive cluster. Select an MRS cluster that Hive belongs to. If the MRS cluster is not displayed in the drop-down list, check whether the network connection between the MRS cluster and the DataArts Studio instance is normal.

Ensure that the MRS cluster and the DataArts Studio instance can communicate with each other. The following requirements must be met for network interconnection:
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in different regions, a public network or a dedicated connection is required. If the Internet is used for communication, ensure that an EIP has been bound to the CDM cluster, and the MRS cluster can access the Internet and the port has been enabled in the firewall rule.
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in the same region, VPC, subnet, and security group, they can communicate with each other by default. If they are in the same VPC but in different subnets or security groups, you must configure routing rules and security group rules. For details about how to configure routing rules, see Custom Route in Region Type I > Adding Routes in Virtual Private Cloud (VPC) Usage Guide. For details about how to configure security group rules, see Security Group > Adding a Security Group Rule in Virtual Private Cloud (VPC) Usage Guide.
  • The MRS cluster and the DataArts Studio workspace belong to the same enterprise project. If they do not, you can modify the enterprise project of the workspace.

Connection Type

Yes
Connection type. Proxy connection is recommended.
  • Proxy connection: An agent (CDM cluster) is used to access MRS clusters. This method supports all versions of MRS clusters.
  • MRS API connection: MRS APIs are used to access MRS clusters. This method supports only MRS clusters of the 2.X or a later version.

    When you select MRS API connection, pay attention to the following restrictions:

    1. Tables and fields cannot be viewed.
    2. When the SQL editor is used to run SQL statements, the execution results can be displayed only in logs.
    3. This method is not supported by data governance functions such as DataArts Architecture, DataArts Quality, and DataArts Catalog.

Username

No

The username of the MRS cluster. This parameter is mandatory when Connection Type is set to Proxy connection. If a new MRS user is used for connection, you need to log in to Manager and change the initial password.

You cannot create a data connection for an MRS security cluster as user admin. User admin is the management page user by default and cannot be used as the authentication user of a security cluster. You can create an MRS user by referring to Creating a Kerberos Authentication User for an MRS Security Cluster. When creating an MRS data connection, set Username and Password to the new MRS username and password.
NOTE:
  • For clusters of MRS 3.1.0 or later, the user must at least have permissions of the Manager_viewer role to create data connections in Management Center. To perform database, table, and data operations on components, the user must also have user group permissions of the components.
  • For clusters earlier than MRS 3.1.0, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
  • A user with only the Manager_tenant or Manager_auditor permission cannot create connections.

Password

No

The password for accessing the MRS cluster. This parameter is mandatory when Connection Type is set to Proxy connection.

KMS Key

No

The name of the KMS key. This parameter is mandatory when Connection Type is set to Proxy connection.

Agent

No

This parameter is mandatory when Connection Type is set to Proxy connection.

MRS is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an MRS data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with the MRS cluster. To ensure network connectivity, the CDM cluster must be in the same region, AZ, VPC, and subnet as the MRS cluster. The security group rule must also allow the CDM cluster communicate with the MRS cluster.
Table 3 MRS HBase data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

Cluster Name

Yes

The name of the MRS HBase cluster. Select an MRS cluster that HBase belongs to. If the MRS cluster is not displayed in the drop-down list, check whether the network connection between the MRS cluster and the DataArts Studio instance is normal.

Ensure that the MRS cluster and the DataArts Studio instance can communicate with each other. The following requirements must be met for network interconnection:
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in different regions, a public network or a dedicated connection is required. If the Internet is used for communication, ensure that an EIP has been bound to the CDM cluster, and the MRS cluster can access the Internet and the port has been enabled in the firewall rule.
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in the same region, VPC, subnet, and security group, they can communicate with each other by default. If they are in the same VPC but in different subnets or security groups, you must configure routing rules and security group rules. For details about how to configure routing rules, see Custom Route in Region Type I > Adding Routes in Virtual Private Cloud (VPC) Usage Guide. For details about how to configure security group rules, see Security Group > Adding a Security Group Rule in Virtual Private Cloud (VPC) Usage Guide.
  • The MRS cluster and the DataArts Studio workspace belong to the same enterprise project. If they do not, you can modify the enterprise project of the workspace.

Username

Yes

Username of the MRS cluster

You cannot create a data connection for an MRS security cluster as user admin. User admin is the management page user by default and cannot be used as the authentication user of a security cluster. You can create an MRS user by referring to Creating a Kerberos Authentication User for an MRS Security Cluster. When creating an MRS data connection, set Username and Password to the new MRS username and password.
NOTE:
  • For clusters of MRS 3.1.0 or later, the user must at least have permissions of the Manager_viewer role to create data connections in Management Center. To perform database, table, and data operations on components, the user must also have user group permissions of the components.
  • For clusters earlier than MRS 3.1.0, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
  • A user with only the Manager_tenant or Manager_auditor permission cannot create connections.

Password

Yes

Password for accessing the MRS cluster.

KMS Key

Yes

Name of the KMS key.

Agent

Yes

MRS is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an MRS data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with the MRS cluster. To ensure network connectivity, the CDM cluster must be in the same region, AZ, VPC, and subnet as the MRS cluster. The security group rule must also allow the CDM cluster communicate with the MRS cluster.
Table 4 MRS Kafka data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

Cluster Name

Yes

The name of the MRS Kafka cluster. Select an MRS cluster that Kafka belongs to. If the MRS cluster is not displayed in the drop-down list, check whether the network connection between the MRS cluster and the DataArts Studio instance is normal.

Ensure that the MRS cluster and the DataArts Studio instance can communicate with each other. The following requirements must be met for network interconnection:
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in different regions, a public network or a dedicated connection is required. If the Internet is used for communication, ensure that an EIP has been bound to the CDM cluster, and the MRS cluster can access the Internet and the port has been enabled in the firewall rule.
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in the same region, VPC, subnet, and security group, they can communicate with each other by default. If they are in the same VPC but in different subnets or security groups, you must configure routing rules and security group rules. For details about how to configure routing rules, see Custom Route in Region Type I > Adding Routes in Virtual Private Cloud (VPC) Usage Guide. For details about how to configure security group rules, see Security Group > Adding a Security Group Rule in Virtual Private Cloud (VPC) Usage Guide.
  • The MRS cluster and the DataArts Studio workspace belong to the same enterprise project. If they do not, you can modify the enterprise project of the workspace.

Username

Yes

Username of the MRS cluster

You cannot create a data connection for an MRS security cluster as user admin. User admin is the management page user by default and cannot be used as the authentication user of a security cluster. You can create an MRS user by referring to Creating a Kerberos Authentication User for an MRS Security Cluster. When creating an MRS data connection, set Username and Password to the new MRS username and password.
NOTE:
  • For clusters of MRS 3.1.0 or later, the user must at least have permissions of the Manager_viewer role to create data connections in Management Center. To perform database, table, and data operations on components, the user must also have user group permissions of the components.
  • For clusters earlier than MRS 3.1.0, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
  • A user with only the Manager_tenant or Manager_auditor permission cannot create connections.

Password

Yes

Password for accessing the MRS cluster.

KMS Key

Yes

Name of the KMS key.

Agent

Yes

MRS is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an MRS data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with the MRS cluster. To ensure network connectivity, the CDM cluster must be in the same region, AZ, VPC, and subnet as the MRS cluster. The security group rule must also allow the CDM cluster communicate with the MRS cluster.
Table 5 MRS Spark data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

Cluster Name

Yes

The name of the MRS Spark cluster. Select an MRS cluster that Spark belongs to. If the MRS cluster is not displayed in the drop-down list, check whether the network connection between the MRS cluster and the DataArts Studio instance is normal.

Ensure that the MRS cluster and the DataArts Studio instance can communicate with each other. The following requirements must be met for network interconnection:
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in different regions, a public network or a dedicated connection is required. If the Internet is used for communication, ensure that an EIP has been bound to the CDM cluster, and the MRS cluster can access the Internet and the port has been enabled in the firewall rule.
  • If the CDM cluster in the DataArts Studio instance and the MRS cluster are in the same region, VPC, subnet, and security group, they can communicate with each other by default. If they are in the same VPC but in different subnets or security groups, you must configure routing rules and security group rules. For details about how to configure routing rules, see Custom Route in Region Type I > Adding Routes in Virtual Private Cloud (VPC) Usage Guide. For details about how to configure security group rules, see Security Group > Adding a Security Group Rule in Virtual Private Cloud (VPC) Usage Guide.
  • The MRS cluster and the DataArts Studio workspace belong to the same enterprise project. If they do not, you can modify the enterprise project of the workspace.

Connection Type

Yes
Connection type. Proxy connection is recommended.
  • Proxy connection: An agent (CDM cluster) is used to access MRS clusters. This method supports all versions of MRS clusters.
  • MRS API connection: MRS APIs are used to access MRS clusters. This method supports only MRS clusters of the 2.X or a later version.

    When you select MRS API connection, pay attention to the following restrictions:

    1. Tables and fields cannot be viewed.
    2. When the SQL editor is used to run SQL statements, the execution results can be displayed only in logs.
    3. This method is not supported by data governance functions such as DataArts Architecture, DataArts Quality, and DataArts Catalog.

Username

No

The username of the MRS cluster. This parameter is mandatory when Connection Type is set to Proxy connection. If a new MRS user is used for connection, you need to log in to Manager and change the initial password.

You cannot create a data connection for an MRS security cluster as user admin. User admin is the management page user by default and cannot be used as the authentication user of a security cluster. You can create an MRS user by referring to Creating a Kerberos Authentication User for an MRS Security Cluster. When creating an MRS data connection, set Username and Password to the new MRS username and password.
NOTE:
  • For clusters of MRS 3.1.0 or later, the user must at least have permissions of the Manager_viewer role to create data connections in Management Center. To perform database, table, and data operations on components, the user must also have user group permissions of the components.
  • For clusters earlier than MRS 3.1.0, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
  • A user with only the Manager_tenant or Manager_auditor permission cannot create connections.

Password

No

The password for accessing the MRS cluster. This parameter is mandatory when Connection Type is set to Proxy connection.

KMS Key

No

The name of the KMS key. This parameter is mandatory when Connection Type is set to Proxy connection.

Agent

No

This parameter is mandatory when Connection Type is set to Proxy connection.

MRS is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an MRS data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with the MRS cluster. To ensure network connectivity, the CDM cluster must be in the same region, AZ, VPC, and subnet as the MRS cluster. The security group rule must also allow the CDM cluster communicate with the MRS cluster.

Table 6 RDS data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

IP Address

Yes

The address for accessing RDS.

If the data source is RDS, you can obtain the address from the RDS console.

  1. Log in to the management console using the created account.
  2. In the Service List, choose Relational Database Service. In the left navigation pane, choose Instances.
  3. Click the name of an instance. The basic information page of the instance is displayed.

You can obtain the IP address on the Connection Information tab.

Port

Yes

The port for accessing RDS.

If the data source is RDS, you can obtain the port from the RDS console.

  1. Log in to the management console using the account.
  2. In the Service List, choose Relational Database Service. In the left navigation pane, choose Instances.
  3. Click the name of an instance. The basic information page of the instance is displayed.

You can obtain the database port on the Connection Information tab.

Driver Name

Yes

The name of the driver. The following values are available:

  • com.mysql.jdbc.Driver
  • org.postgresql.Driver

Driver File Path

Yes

Path of the driver file in the OBS bucket. You need to download the .jar driver file from the corresponding official website and upload it to the OBS bucket.

NOTE:

To update the driver, you must restart the CDM cluster in DataArts Migration and then edit the data connection to upload the driver.

Username

Yes

The username of the database. The username is required for creating a cluster.

Password

Yes

The password for accessing the database. The password is required for creating a cluster.

KMS Key

Yes

The name of the KMS key.

To obtain the key:

  1. Log in to the management console using the account.
  2. Click Key Management Service and select Key Management Service from the list on the left.

You can obtain the key name from the key list.

Agent

Yes

RDS is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an RDS data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with RDS. To ensure network connectivity, the CDM cluster must be in the same region, AZ, VPC, and subnet as RDS. The security group rule must also allow the CDM cluster to communicate with RDS.
Table 7 DWS data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

Manual

Yes

You can turn off or turn on to disable or enable the Manual function.

  • When Manual is disabled, you do not need to enter the IP address and port.
  • When Manual is enabled, you must enter the IP address and port.

IP Address

No

The IP address for accessing the cluster database through the internal network. This parameter is mandatory when Manual is enabled. The private network address is automatically generated when you create a cluster.

Port

No

The database port specified during DWS cluster creation. This parameter is mandatory when Manual is enabled. Ensure that you have enabled this port in the security group rule so that the DataArts Studio instance can connect to the database in the DWS cluster through this port.

SSL Connection

Yes

DWS supports SSL encryption and certificate authentication for communication between the client and server. You can use SSL Connection to set the communication mode. If SSL Connection is enabled, only SSL encryption can be used. If SSL Connection is disabled, both modes can be used. SSL Connection is disabled by default.

Cluster Name

Yes

The name of the selected DWS cluster.

Username

Yes

The database username, which is specified when the DWS cluster is created.

Password

Yes

The password for accessing the database, which is specified when the DWS cluster is created.

KMS Key

Yes

The name of the KMS key.

Connection Type

Yes
Connection type. Proxy connection is recommended.
  • Proxy connection: An agent (CDM cluster) is used to access DWS clusters.
  • Direct connection: You can access DWS clusters directly.

Agent

No

This parameter is mandatory when Connection Type is set to Proxy connection.

Data Warehouse Service (DWS) is not a fully managed service and thus cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating a DWS data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with the DWS cluster. To ensure network connectivity, the CDM cluster must be in the same region, AZ, VPC, and subnet as the DWS cluster. The security group rule must also allow the CDM cluster communicate with the DWS cluster.
Table 8 Oracle data connection

Parameter

Mandatory

Description

Data Connection Name

Yes

The name of the data connection to create. Data connection names can contain 1 to 50 characters. They can include only letters, numbers, underscores (_), and hyphens (-).

Tag

No

The attribute of the data connection to create. Tags make management easier.

NOTE:

The name of the tag. Only letters, numbers, and underscores (_) are allowed. Tag names cannot start with underscores (_). Enter up to 100 characters.

ip

Yes

The IP address of the database to connect. Both public and private IP addresses are supported.

Port

Yes

The port of the database to connect.

Username

Yes

The username of the account for accessing the database. This account must have the permissions required to read and write data tables and metadata.

NOTE:

If you have the CONNECT permission (read-only permission) and are trying to create a connection, a message is displayed indicating that the table or schema does not exist. In this case, perform the following operations to grant permissions:

  1. Log in to the Oracle node as user root.
  2. Run the following command to switch to user oracle:

    su oracle

  3. Run the following command to log in to the database:

    sqlplus /nolog

  4. Run the following command to log in as user sys:

    connect sys as sysdba;

    Enter the password of user sys. .

  5. Run the following SQL statement to grant permissions:

    GRANT SELECT ON GV_$INSTANCE to xxx;

    In the preceding command, xxx indicates the name of the user to which the permissions will be granted.

Password

Yes

The user password.

sid

Yes

The unique identifier of the Oracle database.

KMS Key

Yes

The name of the KMS key.

To obtain the key:

  1. Log in to the management console using the created account.
  2. Click Key Management Service and select Key Management Service from the list on the left.

You can obtain the key name from the key list.

Agent

Yes

Oracle is not a fully managed service and cannot be directly connected to DataArts Studio. A CDM cluster can provide an agent for DataArts Studio to communicate with non-fully-managed services. Therefore, you need to select a CDM cluster when creating an Oracle data connection. If no CDM cluster is available, create one through the DataArts Migration incremental package.

As a network proxy, the CDM cluster must be able to communicate with Oracle.
Table 9 Host Connection

Parameter

Mandatory

Description

Data Connection Name

Yes

Name of the host connection. The value can contain only letters, digits, hyphens (-), and underscores (_).

Host Address

Yes

IP address of the host

For details, see section "Viewing Details About an ECS" in Elastic Cloud Server User Guide.

Agent

Yes

Agents provided by the CDM cluster.

Port

Yes

SSH port number of the host

Username

Yes

Username of the host

Login Mode

Yes

Mode for logging in to the host

  • Key pair
  • Password

Key Pair

Yes

If you select Key pair for Login Mode, you need to obtain the private key file, upload it to OBS, and select the OBS path. This parameter is available only when Login Mode is set to Key pair.

NOTE:

The uploaded private key file must be in PEM format, and the uploaded private key file and the public key configured on the host must be in the same key pair.

Key Pair Password

No

If no password is set for the key pair, you do not need to set this parameter.

Password

Yes

Password for logging in to the host.

Host Connection Description

No

Description of the host connection

Creating a Kerberos Authentication User for an MRS Security Cluster

You cannot create a data connection for an MRS security cluster as user admin. User admin is the management page user by default and cannot be used as the authentication user of a security cluster. To create an MRS user, perform the following steps:

For clusters of MRS 3.x:

  1. Log in to MRS Manager as user admin.
  2. Choose System > Permission > User. On the page displayed, click Create to add a dedicated user as the Kerberos authentication user. Select the user group superGroup for the user, and assign all roles to the user.
    • For clusters of MRS 3.1.0 or later, the user must at least have permissions of the Manager_viewer role to create data connections in Management Center. To perform database, table, and data operations on components, the user must also have user group permissions of the components.
    • For clusters earlier than MRS 3.1.0, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
    • A user with only the Manager_tenant or Manager_auditor permission cannot create connections.
  3. Log in to Manager as the new user and change the initial password. Otherwise, the connection fails to be created.
  4. Synchronize IAM users.
    1. Log in to the MRS management console.
    2. Choose Clusters > Active Clusters, select a running cluster, and click its name to go to its details page.
    3. In the Basic Information area of the Dashboard page, click Synchronize on the right side of IAM User Sync to synchronize IAM users.
      • When the policy of the user group to which the IAM user belongs changes from MRS ReadOnlyAccess to MRS CommonOperations, MRS FullAccess, or MRS Administrator, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD (System Security Services Daemon) cache of cluster nodes needs time to be updated. Then, submit a job. Otherwise, the job may fail to be submitted.
      • When the policy of the user group to which the IAM user belongs changes from MRS CommonOperations, MRS FullAccess, or MRS Administrator to MRS ReadOnlyAccess, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD cache of cluster nodes needs time to be updated.

For clusters of MRS 2.x or earlier:

  1. Log in to MRS Manager as user admin.
  2. Choose System > Manage User. On the page displayed, add a dedicated user as the Kerberos authentication user. Select the user group superGroup for the user, and assign all roles to the user.
    • For clusters of MRS 2.x or earlier, the user must have permissions of the Manager_administrator or System_administrator role to create data connections in Management Center.
    • A user with only the Manager_tenant or Manager_auditor permission cannot create connections.
  3. Log in to MRS Manager as the new user and change the initial password. Otherwise, the connection fails to be created.
  4. Synchronize IAM users.
    1. Log in to the MRS management console.
    2. Choose Clusters > Active Clusters, select a running cluster, and click its name to go to its details page.
    3. In the Basic Information area of the Dashboard page, click Synchronize on the right side of IAM User Sync to synchronize IAM users.
      • When the policy of the user group to which the IAM user belongs changes from MRS ReadOnlyAccess to MRS CommonOperations, MRS FullAccess, or MRS Administrator, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD (System Security Services Daemon) cache of cluster nodes needs time to be updated. Then, submit a job. Otherwise, the job may fail to be submitted.
      • When the policy of the user group to which the IAM user belongs changes from MRS CommonOperations, MRS FullAccess, or MRS Administrator to MRS ReadOnlyAccess, wait for 5 minutes until the new policy takes effect after the synchronization is complete because the SSSD cache of cluster nodes needs time to be updated.

Editing a Data Connection

  1. Log in to Management Center and click Data Connection Management.
  2. In the data connection list, locate the data connection you want to edit and click Edit in the Operation column.
  3. In the Edit Data Connection dialog box, modify connection parameters as required. For parameter details, see Data Connection Parameter Description.
  4. Click Test to test whether the data connection is valid. If the connection is normal, click Yes.

    If the test connection is invalid, the data connection cannot be created. Modify the connection parameters as prompted and try again.

Deleting a Data Connection

If a data connection is deleted, the data table information of the data connection will also be deleted. Exercise caution when performing this operation. If the data connection you want to delete has been referenced, it cannot be deleted.

  1. Log in to Management Center and click Data Connection Management.
  2. In the data connection list, locate the data connection you want to delete and click Delete in the Operation column.
  3. In the dialog box displayed, confirm the data connection information, and click Yes.
Parent topic: Management Center