Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Default Permission Information

Updated on 2024-11-29 GMT+08:00

Role

Default Role

Description

Manager_administrator

Manager administrator who has all permissions for Manager.

Manager administrators can create first-level tenants, create and modify user groups, and specify user permissions.

Manager_operator

Manager operator who has all the permissions on the Homepage, Cluster, Hosts, and O&M tab pages.

Manager_auditor

Manager auditor who has all permissions on the Audit tab page.

Manager auditors can view and manage Manager system audit logs.

Manager_viewer

Manager viewer who has the permission to view information about Homepage, Cluster, Hosts, Alarm, Events, and System > Permission, and download clients.

Manager_tenant

Manager tenant administrator.

This role can create and manage sub-tenants for the non-leaf tenants to which the current user belongs. It has the permission to view alarms and events on O&M > Alarm.

System_administrator

System administrator, this role has Manager system administrator rights and all services administrator rights.

default

This role is the default role created for the default tenant. It has the management permissions on the Yarn component and the default queue. The default role of the default tenant that is not the first cluster to be installed is c<cluster ID>_default.

Manager_administrator_180

FusionInsight Manager system administrator group. Internal system user group, which is used only between components.

Manager_auditor_181

FusionInsight Manager system auditor group. Internal system user group, which is used only between components.

Manager_operator_182

FusionInsight Manager system operator group. Internal system user group, which is used only between components.

Manager_viewer_183

FusionInsight Manager system viewer group. Internal system user group, which is used only between components.

System_administrator_186

System administrator group. Internal system user group, which is used only between components.

Manager_tenant_187

Tenant system user group. Internal system user group, which is used only between components.

default_1000

This group is created for tenant. Internal system user group, which is used only between components.

User group

Type

Default User Group

Description

Default cluster user groups

cdl

Common user group of CDL. Users in this group can create and query CDL jobs.

cdladmin

CDL administrator group. Only users in this group can access CDL APIs.

Elasticsearch

Users added to this user group can use Elasticsearch.

graphbaseadmin

GraphBase administrator group. Users added to this user group will have the administrator rights of GraphBase and GraphServer.

graphbasedeveloper

GraphBase developer group. Users added to this user group will have the developer rights of GraphBase and GraphServer.

graphbaseoperator

GraphBase operator group. Users in this group have the permission to query data on the GraphServer web UI.

hadoop

Users added to this group are granted the permission to submit all Yarn queue tasks.

hadoopmanager

Users added to this user group can have the O&M manager rights of HDFS and Yarn. The O&M manager of HDFS can access the NameNode WebUI and perform active to standby switchover manually. The O&M manager of Yarn can access the ResourceManager WebUI, operate NodeManager nodes, refresh queues, and set node labels, but cannot submit tasks.

hetuadmin

HetuEngine administrator group. Users in this group have the permission to perform operations on HSConsole.

hetuuser

User group to which the users need to be added to obtain the SQL execution permission

hive/hive1/hive2/hive3/hive4

Common user group. Hive/Hive1/Hive2/Hive3/Hive4 users must be in this user group.

iotdbgroup

Users added to this user group have the administrator rights of the IoTDB component.

kafka

Kafka common user group. A user in this group can access a topic only when a user in the kafkaadmin group grants the read and write permission of the topic to the user.

kafkaadmin

Kafka administrator group. Users in this group have the rights to create, delete, authorize, read, and write all topics.

kafkasuperuser

Topic read/write user group of Kafka. Users added to this group have the read and write permissions on all topics.

kafkaui

Kafka UI user group. Users in this group have the permission to view Kafka UI.

kmsadmin

After a user is added to the user group, the read permission on all keys in the KMS can be obtained.

lakesearchgroup

Users added to this user group have the administrator rights of the LakeSearch component.

msadmin

Users added to this user group have the administrator rights of Metastore.

rkmsadmin

User group for RangerKMS permission management. If the key management permission is required, add the user to this group.

solr

Users added to this user group can use Solr.

supergroup

Users added to this user group can have the administrator rights of HBase, HDFS, Solr, Redis, and Yarn and can use Hive.

yarnviewgroup

Indicates the read-only user group of the Yarn task. Users in this user group can have the view permission on Yarn and MapReduce tasks.

check_sec_ldap

Perform internal test on the active LDAP to see whether it works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. Internal system user group, which is used only between components.

compcommon

System internal group for accessing cluster system resources. All system users and system running users are added to this user group by default.

OS user groups

wheel

Primary group of the FusionInsight internal running user omm.

ficommon

System common group that corresponds to compcommon for accessing cluster common resource files stored in the OS.

NOTE:

If the current cluster is not the cluster that is installed for the first time in FusionInsight Manager, the default user group name of all components except Manager in the cluster is c<cluster ID>_ default user group name, for example, c2_hadoop.

Service-related User Security Parameters

  • FTP-Server
    • The ftp-group parameter specifies the user group to which common users who are allowed to connect to the FTP server belong. If the users are not added to the corresponding user group, they cannot connect to the FTP server. The default value is hadoop.
    • The ftp-admin-group parameter specifies the user group to which the administrator of the FTP server belongs. If the administrator is not added to the corresponding user group, the administrator cannot operate directories and files of other users. The default value is supergroup.
  • HDFS

    The dfs.permissions.superusergroup parameter specifies the administrator group with the highest permission on the HDFS. The default value is supergroup.

  • Spark and Corresponding Multi-Instances

    The spark.admin.acls parameter indicates the Spark administrator list. Members in the list have the permission to manage all Spark tasks. If a user is not added to the list, the user cannot manage all Spark tasks. The default value is admin.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback