Help Center > > User Guide> FusionInsight Manager Operation Guide> Security Management> Security Overview> Definitions

Definitions

Updated at: Mar 25, 2021 GMT+08:00

Role

Default Role

Description

Manager_administrator

Manager administrator who has all permissions for Manager.

Manager administrators can create first-level tenants, create and modify user groups, and specify user permissions.

Manager_operator

Manager operator who has all the permissions on the Homepage, Cluster, Hosts, and O&M tab pages.

Manager_auditor

Manager auditor who has all permissions on the Audit tab page.

Manager auditors can view and manage Manager system audit logs.

Manager_viewer

Manager viewer who has the permission to view information about Homepage, Cluster, Hosts, Alarm, Event, and System > Permission.

Manager_tenant

Manager tenant administrator.

Manager tenant administrators can create and manage sub-tenants for the non-leaf tenant to which the current user belongs and view permission for Alarm and Event page under O&M > Alarm.

System_administrator

System administrator, this role has Manager system administrator rights and all services administrator rights.

default

The default role created for the default tenant. It has the management permissions on the Yarn component and the default queue. The default role of the default tenant that is not the first cluster to be installed is c<cluster ID>_default.

Manager_administrator_180

FusionInsight Manager System administrator group. Internal system user group, which is used only between components.

Manager_auditor_181

FusionInsight Manager system auditor group. Internal system user group, which is used only between components.

Manager_operator_182

FusionInsight Manager system operator group. Internal system user group, which is used only between components.

Manager_viewer_183

FusionInsight Manager system viewer group. Internal system user group, which is used only between components.

System_administrator_186

MRS System administrator group. Internal system user group, which is used only between components.

Manager_tenant_187

Tenant system user group. Internal system user group, which is used only between components.

default_1000

This group is created for tenant. Internal system user group, which is used only between components.

User group

Type

Default User Group

Description

OS User Group

hadoop

Users added to this group are granted the permission to submit all Yarn queue tasks.

hadoopmanager

Users added to this user group can have the O&M manager rights of HDFS and Yarn. The O&M manager of HDFS can access the NameNode WebUI and perform active to standby switchover manually. The O&M manager of Yarn can access the ResourceManager WebUI, operate NodeManager nodes, refresh queues, and set node labels, but cannot submit tasks.

hive

Common user group. Hive users must belong to this user group.

hive1

Common user group. Hive1 users must belong to this user group.

hive2

Common user group. Hive2 users must belong to this user group.

hive3

Common user group. Hive3 users must belong to this user group.

hive4

Common user group. Hive4 users must belong to this user group.

kafka

Kafka common user group. A user in this group can access a topic only when a user in the kafkaadmin group grants the read and write permission of the topic to the user.

kafkaadmin

Kafka administrator group. Users in this group have the rights to create, delete, authorize, read, and write all topics.

kafkasuperuser

Topic read/write user group of Kafka. Users added to this group have the read and write permissions on all topics.

storm

Users who are added to the storm user group can submit topologies and manage their own topologies.

stormadmin

Users who are added to the stormadmin user group can have the storm administrator rights and can submit topologies and manage all topologies.

supergroup

Users added to this user group can have the administrator rights of HBase, HDFS and Yarn and can use Hive.

yarnviewgroup

Indicates the read-only user group of the Yarn task. Users in this user group can have the view permission on Yarn and Mapreduce tasks.

check_sec_ldap

Perform internal test on the active LDAP to see whether it works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. Internal system user group, which is used only between components.

compcommon

MRS internal group for accessing cluster system resources. All system users and system running users are added to this user group by default.

OS User Group

wheel

Primary group of the FusionInsight internal running user omm.

ficommon

MRS common group that corresponds to compcommon for accessing cluster common resource files stored in the OS.

If the current cluster is not the cluster that is installed for the first time in FusionInsight Manager, the default user group name of all components except Manager in the cluster is c<cluster ID>_ default user group name, for example, c2_hadoop.

User

For the details, see User Information Overview.

Service-related User Security Parameters

  • HDFS

    The dfs.permissions.superusergroup parameter specifies the administrator group with the highest permission on the HDFS. The default value is supergroup.

  • Spark2x and Corresponding Multi-Instances

    The spark.admin.acls parameter specifies the administrator list of the Spark2x. Members in the list are authorized to manage all Spark tasks. Users not added in the list cannot manage all Spark tasks. The default value is admin.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel