MRS Cluster User Accounts

This section describes information about default users in MRS clusters.

Account List (MRS 3.x and Later Versions)

User types

The MRS cluster provides the following three types of users. The system administrator needs to periodically change the passwords. It is not recommended to use the default passwords.

User Type	Description
System users	User created on FusionInsight Manager for O&M and service scenarios. There are two types of users: Human-machine user: used in scenarios such as FusionInsight Manager O&M and operations on a component client. When creating a user of this type, you need to set password and confirm password by referring to Creating an MRS Cluster User. Machine-machine user: used for system application development. User who runs OMS processes
Internal system users	Internal user to perform Kerberos authentication, process communications, save user group information, and associate user permissions. It is recommended that internal system users not be used in O&M scenarios. Operations can be performed as user admin or another user created by the system administrator based on service requirements.
Database users	User who manages OMS database and accesses data User who runs service components (Hue, Hive, HetuEngine, Loader, Oozie, Ranger, JobGateway, and DBService) in the database.

System user

User root of the OS is required, the password of user root on all nodes must be the same.
User Idap of the OS is required. Do not delete this account. Otherwise, the cluster may not work properly. The OS administrator maintains the password management policies.

User Type	Username	Initial Password	Description	Password Change Method
System administrator	admin	User-defined password	FusionInsight Manager administrator. NOTE: By default, user admin does not have the management permission on other components. For example, when accessing the native UI of a component, the user fails to access the complete component information due to insufficient management permission on the component.	For details, see Changing or Resetting the Password for User admin of an MRS Cluster.
Node OS user	ommdba	Random password	User that creates the system database. This user is an OS user generated on the management node and does not require a unified password. This account cannot be used for remote login.	For details, see Changing the Passwords for OS Users of an MRS Cluster Node.
Node OS user	omm	Random password	Internal running user of the system. This user is an OS user generated on all nodes and does not require a unified password.

Internal system user

User Type	Default User	Initial Password	Description	Password Change Method
Kerberos administrator	kadmin/admin	Admin@123	Used to add, delete, modify, and query user accounts on Kerberos.	For details, see Changing the Password for the Kerberos Administrator of an MRS Cluster.
OMS Kerberos administrator	kadmin/admin	Admin@123	Used to add, delete, modify, and query user accounts on OMS Kerberos.	For details, see Changing the Password of the OMS Kerberos Administrator.
LDAP administrator	cn=root,dc=hadoop,dc=com	Versions earlier than MRS 3.1.2: LdapChangeMe@123 MRS 3.1.2 or later: randomly generated by the system	Used to add, delete, modify, and query the user account information on LDAP.	For versions earlier than MRS 3.1.2, see Changing the Password for a Regular LDAP User of an MRS Cluster. For MRS 3.1.2 or later, see Modifying the OMS Service Configuration.
OMS LDAP administrator	cn=root,dc=hadoop,dc=com	Versions earlier than MRS 3.1.2: LdapChangeMe@123 MRS 3.1.2 or later: randomly generated by the system	Used to add, delete, modify, and query the user account information on OMS LDAP.
LDAP user	cn=pg_search_dn,ou=Users,dc=hadoop,dc=com	Randomly generated by the system	Used to query information about users and user groups on LDAP.
OMS LDAP user	cn=pg_search_dn,ou=Users,dc=hadoop,dc=com	Randomly generated by the system	Used to query information about users and user groups on OMS LDAP.
LDAP administrator account	cn=krbkdc,ou=Users,dc=hadoop,dc=com	Versions earlier than MRS 3.1.2: LdapChangeMe@123 MRS 3.1.2 or later: randomly generated by the system	Used to query Kerberos component authentication account information.	For versions earlier than MRS 3.1.2, see Changing the LDAP Administrator Password for an MRS Cluster. For MRS 3.1.2 or later, see Modifying the OMS Service Configuration.
LDAP administrator account	cn=krbadmin,ou=Users,dc=hadoop,dc=com	Versions earlier than MRS 3.1.2: LdapChangeMe@123 MRS 3.1.2 or later: randomly generated by the system	Used to add, delete, modify, and query Kerberos component authentication account information.
Component running user	hdfs	Hdfs@123	This user is the HDFS system administrator and has the following permissions: File system operation permissions: Views, modifies, and creates files. Views and creates directories. Views and modifies the groups where files belong. Views and sets disk quotas for users. HDFS management operation permissions: Views the web UI status. Views and sets the active and standby HDFS status. Enters and exits the HDFS in security mode. Checks the HDFS file system. Logs in to the FTP service page.	For details, see Changing the Passwords for MRS Cluster Component Running Users.
	hbase	Hbase@123	This user is the HBase and HBase1 to HBase4 system administrator and has the following permissions: Cluster management permission: Performs Enable and Disable operations on tables to trigger MajorCompact and ACL operations. Grants and revokes permissions, and shuts down the cluster. Table management permission: Creates, modifies, and deletes tables. Data management permission: Reads data in tables, column families, and columns. Logs in to the HMaster web UI. Logs in to the FTP service page.
	cdl	CDCUser123!	System administrator of the CDL Currently, CDL does not involve user permissions.
	iotdb	Iotdb@123	This user is the IoTDB system administrator and has the following user permissions: IoTDB administrator permissions: Creates or deletes a storage group. Uses TTL. IoTDB data operation permissions: Creates, modifies, and deletes a time sequence. Writes, reads, and deletes data in a time sequence. Views user or role permission information. Grants or revokes permissions to or from a user or role. NOTE: In a normal cluster, the IoTDB service retains the features of open-source versions. The default username is root, and the default password is root. This user is an administrator and has all permissions, which cannot be assigned, revoked, or deleted.
	mapred	Mapred@123	This user is the MapReduce system administrator and has the following permissions: Submits, stops, and views the MapReduce tasks. Modifies the Yarn configuration parameters. Logs in to the FTP service page. Logs in to the Yarn web UI.
	zookeeper	ZooKeeper@123	This user is the ZooKeeper system administrator and has the following permissions: Adds, deletes, modifies, and queries all nodes in ZooKeeper. Modifies and queries quotas of all nodes in ZooKeeper.
	rangeradmin	Rangeradmin@123	This user has the Ranger system management permissions and user permissions: Ranger web UI management permission Management permission of each component that uses Ranger authentication
	rangerauditor	Rangerauditor@123	Default audit user of the Ranger system.
	hive	Hive@123	This user is the Hive system administrator and has the following permissions: Hive administrator permissions: Creates, deletes, and modifies a database. Creates, queries, modifies, and deletes a table. Queries, inserts, and uploads data. HDFS file operation permissions: Views, modifies, and creates files. Views and creates directories. Views and modifies the groups where files belong. Submits and stops the MapReduce tasks. Ranger policy management permission
	kafka	Kafka@123	This user is the Kafka system administrator and has the following permissions: Creates, deletes, produces, and consumes the topic; modifies the topic configuration. Controls the cluster metadata, modifies the configuration, migrates the replica, elects the leader, and manages ACL. Submits, queries, and deletes the consumer group offset. Queries the delegation token. Queries and submits the transaction.
	storm	Admin@123	Storm system administrator User permission: Submits Storm tasks.
	rangerusersync	Randomly generated by the system	Synchronizes users and internal users of user groups.
	rangertagsync	Randomly generated by the system	Internal user for synchronizing tags.
	rangerobs/hadoop.<System domain name>	Randomly generated by the system	System administrator used by Guardian to access Ranger
	jobserver	Randomly generated by the system	JobGateway system administrator, who has the following permissions: HDFS file operation permissions: Views, modifies, and creates files. Views and creates directories. Views and modifies the groups where files belong. Manager administrator permission
	HTTP/_HOST	Randomly generated by the system	Internal user of the JobGateway service, which is used for Kerberos authentication of the HTTP service
	oms/manager	Randomly generated by the system	Controller and NodeAgent authentication user. The user has the permission on the supergroup group.
	backup/manager	Randomly generated by the system	User for running backup and restoration tasks. The user has the permission on the supergroup, wheel, and ficommon groups. After cross-system mutual trust is configured, the user has the permission to access data in the HDFS, HBase, Hive, and ZooKeeper systems.
	hdfs/hadoop.<System domain name>	Randomly generated by the system	This user is used to start the HDFS and has the following permissions: File system operation permissions: Views, modifies, and creates files. Views and creates directories. Views and modifies the groups where files belong. Views and sets disk quotas for users. HDFS management operation permissions: Views the web UI status. Views and sets the active and standby HDFS status. Enters and exits the HDFS in security mode. Checks the HDFS file system. Logs in to the FTP service page.
	hetuserver/hadoop.<System domain name>	Randomly generated by the system	This user is used to start HetuEngine and has the following permissions: Accesses KrbServer and HDFS files in the cluster from HetuEngine. Used for communication between HetuEngine internal nodes.
	mapred/hadoop.<System domain name>	Randomly generated by the system	This user is used to start the MapReduce and has the following permissions: Submits, stops, and views the MapReduce tasks. Modifies the Yarn configuration parameters. Logs in to the FTP service page. Logs in to the Yarn web UI.
	mr_zk/hadoop.<System domain name>	Randomly generated by the system	Used for MapReduce to access ZooKeeper.
	hbase/hadoop.<System domain name>	Randomly generated by the system	User for the authentication between internal components during the HBase system startup.
	hbase/zkclient.<System domain name>	Randomly generated by the system	User for HBase to perform ZooKeeper authentication in a security mode cluster.
	thrift/hadoop.<System domain name>	Randomly generated by the system	ThriftServer system startup user.
	thrift/<hostname>	Randomly generated by the system	User for the ThriftServer system to access HBase. This user has the read, write, execution, creation, and administration permission on all NameSpaces and tables of HBase. <hostname> indicates the name of the host where the ThriftServer node is installed in the cluster.
	hive/hadoop.<System domain name>	Randomly generated by the system	User for the authentication between internal components during the Hive system startup. The user permissions are as follows: Hive administrator permissions: Creates, deletes, and modifies a database. Creates, queries, modifies, and deletes a table. Queries, inserts, and uploads data. HDFS file operation permissions: Views, modifies, and creates files. Views and creates directories. Views and modifies the groups where files belong. Submits and stops the MapReduce tasks.
	loader/hadoop.<System domain name>	Randomly generated by the system	User for Loader system startup and Kerberos authentication
	HTTP/<hostname>	Randomly generated by the system	Used to connect to the HTTP interface of each component. <hostname> indicates the host name of a node in the cluster.
	hue	Randomly generated by the system	User for Hue system startup, Kerberos authentication, and HDFS and Hive access
	flume	Randomly generated by the system	User for Flume system startup and HDFS and Kafka access. The user has read and write permission of the HDFS directory /flume.
	flume_server	Randomly generated by the system	User for Flume system startup and HDFS and Kafka access. The user has read and write permission of the HDFS directory /flume.
	spark2x/hadoop.<System domain name>	Randomly generated by the system	This user is the Spark2x system administrator and has the following user permissions: 1. Starts the Spark2x service. 2. Submits Spark2x tasks.
	spark_zk/hadoop.<System domain name>	Randomly generated by the system	Used for Spark2x to access ZooKeeper.
	zookeeper/hadoop.<System domain name>	Randomly generated by the system	ZooKeeper system startup user.
	zkcli/hadoop.<System domain name>	Randomly generated by the system	ZooKeeper server login user.
	oozie	Randomly generated by the system	User for Oozie system startup and Kerberos authentication.
	kafka/hadoop.<System domain name>	Randomly generated by the system	Used for security authentication of Kafka.
	storm/hadoop.<System domain name>	Randomly generated by the system	Storm system startup user.
	storm_zk/hadoop.<System domain name>	Randomly generated by the system	Used for the Worker process to access ZooKeeper.
	flink/hadoop.<System domain name>	Randomly generated by the system	Internal user of the Flink service.
	check_ker_M	Randomly generated by the system	User who performs a system internal test about whether the Kerberos service is normal.
	cdl/hadoop.<System domain name>	Randomly generated by the system	Internal user of the CDL service.
	clickhouse/hadoop.<System domain name>	Randomly generated by the system	Used for security authentication of ClickHouse. This user is an internal user and can be used only in the cluster.
	default	None	ClickHouse internal user, which is an administrator user that can be used only in non-security mode.
	rangeradmin/hadoop.<System domain name>	Randomly generated by the system	Ranger system startup user, which is used for authentication between internal components.
	tez	Randomly generated by the system	User for TezUI system startup, Kerberos authentication, and access to Yarn
	K/M	Randomly generated by the system	Kerberos internal functional user. It cannot be deleted, and its password cannot be changed. This internal account can only be used on nodes where Kerberos service is installed.	None
	kadmin/changepw	Randomly generated by the system
	kadmin/history	Randomly generated by the system
	krbtgt<System domain name>	Randomly generated by the system
LDAP user	admin	None	FusionInsight Manager administrator. The primary group is compcommon, which does not have the group permission but has the permission of the Manager_administrator role.	The LDAP user cannot log in to the system, and the password cannot be changed.
	backup		The primary group is compcommon.
	backup/manager		The primary group is compcommon.
	oms		The primary group is compcommon.
	oms/manager		The primary group is compcommon.
	clientregister		The primary group is compcommon.
	zookeeper		The primary group is hadoop.
	zookeeper/hadoop.<System domain name>		The primary group is hadoop.
	zkcli		The primary group is hadoop.
	zkcli/hadoop.<System domain name>		The primary group is hadoop.
	flume		The primary group is hadoop.
	flume_server		The primary group is hadoop.
	hdfs		The primary group is hadoop.
	hdfs/hadoop.<System domain name>		The primary group is hadoop.
	mapred		The primary group is hadoop.
	mapred/hadoop.<System domain name>		The primary group is hadoop.
	mr_zk		The primary group is hadoop.
	mr_zk/hadoop.<System domain name>		The primary group is hadoop.
	hue		The primary group is supergroup.
	hive		The primary group is hive.
	hive/hadoop.<System domain name>		The primary group is hive.
	hbase		The primary group is hadoop.
	hbase/hadoop.<System domain name>		The primary group is hadoop.
	thrift		The primary group is hadoop.
	thrift/hadoop.<System domain name>		The primary group is hadoop.
	oozie		The primary group is hadoop.
	hbase/zkclient.<System domain name>		The primary group is hadoop.
	loader		The primary group is hadoop.
	loader/hadoop.<System domain name>		The primary group is hadoop.
	spark2x		The primary group is hadoop.
	spark2x/hadoop.<System domain name>		The primary group is hadoop.
	spark_zk		The primary group is hadoop.
	kafka		The primary group is kafkaadmin.
	kafka/hadoop.<System domain name>		The primary group is kafkaadmin.
	storm		The primary group is stormadmin.
	storm/hadoop.<System domain name>		The primary group is stormadmin.
	storm_zk		The primary group is storm.
	storm_zk/hadoop.<System domain name>		The primary group is storm.
	kms/hadoop		The primary group is kmsadmin.
	knox		The primary group is compcommon.
	executor		The primary group is compcommon.
	rangeradmin		The primary group is supergroup.
	rangeradmin/hadoop.<System domain name>		The primary group is supergroup.
	rangerusersync		The primary group is supergroup.
	rangertagsync		The primary group is supergroup.
	rangerauditor		The primary group is compcommon.
	jobserver		The primary group is compcommon.

Log in to FusionInsight Manager, choose System > Permission > Domain and Mutual Trust, and check the value of Local Domain. In the preceding table, all letters in the system domain name contained in the username of the system internal user are lowercase letters.

For example, if Local Domain is set to 9427068F-6EFA-4833-B43E-60CB641E5B6C.COM, the username of default HDFS startup user is hdfs/hadoop.9427068f-6efa-4833-b43e-60cb641e5b6c.com.

Database user

The system database users include OMS database users and DBService database users.

Database Type	Default User	Initial Password	Description	Password Change Method
OMS database	ommdba	Versions earlier than MRS 3.2.0: dbChangeMe@123456 MRS 3.2.0 or later: random password	OMS database administrator who performs maintenance operations, such as creating, starting, and stopping.	For details, see Changing the Password for the OMS Database Administrator.
OMS database	omm	Versions earlier than MRS 3.2.0: ChangeMe@123456 MRS 3.2.0 or later: random password	User for accessing OMS database data	For details, see Changing the Password for an OMS Database Access User.
DBService database	omm	Versions earlier than MRS 3.2.0: dbserverAdmin@123 MRS 3.2.0 or later: random password	Administrator of the GaussDB database in the DBService component	For details, see Resetting the Password for User omm in DBService.
	compdbuser	Random password	(Available in MRS 3.1.2 or later) Administrator of the GaussDB database in the DBService component. It is used in service O&M scenarios. You need to reset the password upon your first login.	For details, see Changing the Password for User compdbuser of the DBService Database.
	hetu	Random password	User for HetuEngine to connect to the DBService database hetumeta. This user exists only in MRS 3.1.2 or later.	For versions earlier than MRS 3.1.2, see Changing the Passwords for Database Users of MRS Cluster Components. For MRS 3.1.2 or later, see Resetting the MRS Component Database User Password.
	hive	Versions earlier than MRS 3.1.2: HiveUser@ MRS 3.1.2 or later: random password	User for Hive to connect to the DBService database hivemeta.
	hue	Versions earlier than MRS 3.1.2: HueUser@123 MRS 3.1.2 or later: random password	User for Hue to connect to the DBService database hue.
	sqoop	Versions earlier than MRS 3.1.2: SqoopUser@ MRS 3.1.2 or later: random password	User for Loader to connect to the DBService database sqoop.
	oozie	Versions earlier than MRS 3.1.2: OozieUser@ MRS 3.1.2 or later: random password	User for Oozie to connect to the DBService database oozie.
	rangeradmin	Versions earlier than MRS 3.1.2: Admin12! MRS 3.1.2 or later: random password	User for Ranger to connect to the DBService database.
	kafkaui	Random password	User for Kafka UI to connect to the DBService database. This user exists only in MRS 3.1.2 or later.
	flink	Random password	User for Flink to connect to the DBService database flinkmeta. This user exists only in MRS 3.1.2 or later.
	cdl	Random password	User for CDL to connect to the DBService database cdl. This user exists only in MRS 3.2.0 or later.
	jobgateway	Random password	User for JobGateway to connect to the DBService database jobmeta. This user can be used in MRS 3.3.0 and later versions only.

Account List (MRS 2.x and Earlier Versions)

User type

The MRS cluster provides the following three types of users. Periodically change the passwords and do not use the default passwords.

User Type	Description
System users	User created on Manager for MRS cluster O&M and service scenarios. There are two types of system users: Human-machine user: used for Manager O&M scenarios and component client operation scenarios. Machine-machine user: used for MRS cluster application development scenarios. User who runs OMS processes
Internal system users	Internal user to perform Kerberos authentication, process communications, save user group information, and associate user permissions. It is recommended that internal system users not be used in O&M scenarios. Operations can be performed as user admin or another user created by the system administrator based on service requirements.
Database users	User who manages OMS database and accesses data User who runs the database of service components (Hive, Loader, and DBService)

System user

User ldap of the OS is required in the MRS cluster. Do not delete this account. Otherwise, the cluster may not work properly. Password management policies are maintained by the operation users.
Reset the passwords when you change the passwords of user ommdba and user omm for the first time. Change the passwords periodically after retrieving them.

User Type	Username	Initial Password	Description
System administrator of the MRS cluster	admin	Specified by the user during the cluster creation.	MRS Manager The user has the following permissions: Common HDFS and ZooKeeper user permissions. Permissions to submit and query MapReduce and YARN tasks, manage YARN queues, and access the YARN web UI. Permissions to submit, query, activate, deactivate, reassign, delete topologies, and operate all topologies of the Storm service. Permissions to create, delete, authorize, reassign, consume, write, and query topics of the Kafka service.
MRS cluster node OS user	omm	Randomly generated by the system	Internal running user of the MRS cluster system. This user is an OS user generated on all nodes and does not require a unified password.
MRS cluster node OS user	root	The password is set by the user.	User for logging in to the node in the MRS cluster. This user is an OS user generated on all nodes.

User Type

Username

Initial Password

Description

System administrator of the MRS cluster

admin

Specified by the user during the cluster creation.

MRS Manager

The user has the following permissions:

Common HDFS and ZooKeeper user permissions.
Permissions to submit and query MapReduce and YARN tasks, manage YARN queues, and access the YARN web UI.
Permissions to submit, query, activate, deactivate, reassign, delete topologies, and operate all topologies of the Storm service.
Permissions to create, delete, authorize, reassign, consume, write, and query topics of the Kafka service.

MRS cluster node OS user

omm

Randomly generated by the system

Internal running user of the MRS cluster system. This user is an OS user generated on all nodes and does not require a unified password.

MRS cluster node OS user

root

The password is set by the user.

User for logging in to the node in the MRS cluster. This user is an OS user generated on all nodes.

Internal system user

Do not delete the following internal system users. Otherwise, the cluster or components may not work properly.
Such user is available only in clusters with Kerberos authentication enabled.

User Type	Default User	Initial Password	Description
Component running user	hdfs	Hdfs@123	This user is the HDFS system administrator and has the following permissions: File system operation permissions: Views, modifies, and creates files. Views and creates directories. Views and modifies the groups where files belong. Views and sets disk quotas for users. HDFS management operation permissions: Views the web UI status. Views and sets the active and standby HDFS status. Enters and exits the HDFS in security mode. Checks the HDFS file system.
	hbase	Hbase@123	This user is the HBase system administrator and has the following permissions: Cluster management permission: Enable and Disable operations on tables to trigger MajorCompact and ACL operations. Grants and revokes permissions, and shuts down the cluster. Table management permission: Creates, modifies, and deletes tables. Data management permission: Reads data in tables, column families, and columns. Accesses the HBase web UI.
	mapred	Mapred@123	This user is the MapReduce system administrator and has the following permissions: Submits, stops, and views the MapReduce tasks. Modifies the Yarn configuration parameters. Accesses the Yarn and MapReduce web UI.
	spark	Spark@123	This user is the Spark system administrator and has the following permissions: Accesses the Spark web UI. Submits Spark tasks.

User group information

Default User Group	Description
supergroup	Primary group of user admin, which has no additional permissions in the cluster with Kerberos authentication disabled.
check_sec_ldap	Used to test whether the active LDAP works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. This is an internal system user group used only between components.
Manager_tenant	Tenant system user group, which is an internal system user group used only between components. It is used only in clusters with Kerberos authentication enabled.
System_administrator	MRS cluster system administrator group, which is an internal system user group used only between components. It is used only in clusters with Kerberos authentication enabled.
Manager_viewer	MRS Manager system viewer group, which is an internal system user group used only between components. It is used only in clusters with Kerberos authentication enabled.
Manager_operator	MRS Manager system operator group, which is an internal system user group used only between components. It is used only in clusters with Kerberos authentication enabled.
Manager_auditor	MRS Manager system auditor group, which is an internal system user group used only between components. It is used only in clusters with Kerberos authentication enabled.
Manager_administrator	MRS Manager system administrator group, which is an internal system user group used only between components. It is used only in clusters with Kerberos authentication enabled.
compcommon	MRS cluster internal group, used to access public resources in the cluster. All system users and system running users are added to this user group by default.
default_1000	User group created for tenants. This is an internal system user group used only between components.
launcher-job	MRS internal group, which is used to submit jobs using V2 APIs.
hadoop	Users added to this user group have the permission to submit tasks to all YARN queues. Such user is available only in clusters with Kerberos authentication enabled.
hbase	Common user group. Users added to this user group will not have any additional permission. Such user is available only in clusters with Kerberos authentication enabled.
hive	Users added to this user group can use Hive. Such user is available only in clusters with Kerberos authentication enabled.
spark	Common user group. Users added to this user group will not have any additional permission. Such user is available only in clusters with Kerberos authentication enabled.
kafka	Kafka common user group. Users added to this group need to be granted with read and write permission by users in the kafkaadmin group before accessing the desired topics. Such user is available only in clusters with Kerberos authentication enabled.
kafkasuperuser	Users added to this group have permissions to read data from and write data to all topics. Such user is available only in clusters with Kerberos authentication enabled.
kafkaadmin	Kafka administrator group. Users added to this group have the permissions to create, delete, authorize, as well as read from and write data to all topics. Such user is available only in clusters with Kerberos authentication enabled.
storm	Storm common user group. Users added to this group have the permissions to submit topologies and manage their own topologies. Such user is available only in clusters with Kerberos authentication enabled.
stormadmin	Storm administrator user group. Users added to this group have the permissions to submit topologies and manage their own topologies. Such user is available only in clusters with Kerberos authentication enabled.
opentsdb	Common user group. Users added to this user group will not have any additional permission. Such user is available only in clusters with Kerberos authentication enabled.
presto	Common user group. Users added to this user group will not have any additional permission. Such user is available only in clusters with Kerberos authentication enabled.
flume	Common user group. Users added to this user group will not have any additional permission. Such user is available only in clusters with Kerberos authentication enabled.
launcher-job	MRS internal group, which is used to submit jobs using V2 APIs. Such user is available only in clusters with Kerberos authentication enabled.

OS User Group	Description
wheel	Primary group of MRS internal running user omm.
ficommon	MRS cluster common group that corresponds to compcommon for accessing public resource files stored in the OS of the cluster.

Database user

MRS cluster system database users include OMS database users and DBService database users.

Do not delete database users. Otherwise, the cluster or components may not work properly.

User Type	Default User	Initial Password	Description
OMS database	ommdba	dbChangeMe@123456	OMS database administrator who performs maintenance operations, such as creating, starting, and stopping.
OMS database	omm	ChangeMe@123456	User for accessing OMS database data
DBService database	omm	dbserverAdmin@123	Administrator of the GaussDB database in the DBService component
	hive	HiveUser@	User for Hive to connect to the DBService database.
	hue	HueUser@123	User for Hue to connect to the DBService database.
	ranger	RangerUser@	User for Ranger to connect to the DBService database. Such user is available only in clusters with Kerberos authentication enabled.
	sqoop	SqoopUser@	User for Loader to connect to the DBService database.