Creating an HDFS Role
Scenario
This section describes how to create a user and bind the user to a role on FusionInsight Manager. The user bound to the role will have the permissions of the role. The HDFS role is granted the rights to read, write, and execute HDFS directories or files.
A user has full permissions on the created HDFS directories or files. That is, the user can directly read data from and write data to as well as authorize others to access the HDFS directories or files.
Notes and Constraints
- An HDFS role can be created only in security mode.
- If Ranger is used for permission control, you need to configure HDFS policies for permission management. For details, see Adding a Ranger Access Permission Policy for HDFS.
Creating an HDFS Role
Some roles are preset in the system by default. You can also create roles as required. If the preset roles meet your requirements, skip this part.
- Log in to FusionInsight Manager, and choose System > Permission > Role.
For details about how to log in to FusionInsight Manager, see Accessing MRS FusionInsight Manager.
- On the displayed page, click Create Role and fill in Role Name and Description.
- Configure resource permissions.
Table 1 Setting a role Task
Operation
Setting the HDFS administrator permission
In the Configure Resource Permission area, choose Name of the desired cluster > HDFS, and select Cluster Admin Operations.
NOTE:The setting takes effect after the HDFS service is restarted.
Setting the permission for users to check and recover HDFS
- In the Configure Resource Permission area, choose Name of the desired cluster > HDFS > File System.
- Locate the save path of specified directories or files on HDFS.
- In the Permission column of the specified directories or files, select Read and Execute.
Setting the permission for users to read directories or files of other users
- In the Configure Resource Permission area, choose Name of the desired cluster > HDFS > File System.
- Locate the save path of specified directories or files on HDFS.
- In the Permission column of the specified directories or files, select Read and Execute.
Setting the permission for users to write data to files of other users
- In the Configure Resource Permission area, choose Name of the desired cluster > HDFS > File System.
- Locate the save path of specified files on HDFS.
- In the Permission column of the specified files, select Write and Execute.
Setting the permission for users to create or delete sub-files or sub-directories in the directory of other users
- In the Configure Resource Permission area, choose Name of the desired cluster > HDFS > File System.
- Locate the path where the specified directory is saved in the HDFS.
- In the Permission column of the specified directories, select Write and Execute.
Setting the permission for users to execute directories or files of other users
- In the Configure Resource Permission area, choose Name of the desired cluster > HDFS > File System.
- Locate the save path of specified directories or files on HDFS.
- In the Permission column of the specified directories or files, select Execute.
Setting the permission for allowing subdirectories to inherit all permissions of their parent directories
- In the Configure Resource Permission area, choose Name of the desired cluster > HDFS > File System.
- Locate the save path of specified directories or files on HDFS.
- In the Permission column of the specified directories or files, select Recursive.
- File System: directories and files in HDFS
- Common HDFS directories are as follows:
- flume: directory for storing Flume data
- hbase: directory for storing HBase data
- mr-history: directory for storing MapReduce task information
- tmp: directory for storing temporary data
- user: directory for storing user data
- Click OK and return to the Role page.
After a role is created, users bound to the role will have the corresponding permissions.
Creating an HDFS User and Binding the User to a Role
This part describes how to create a human-machine user with the HDFS O&M administrator permissions.
- Log in to FusionInsight Manager.
For details about how to log in to FusionInsight Manager, see Accessing MRS FusionInsight Manager.
- Choose System > Permission > User.
- Above the user list, click Create and set the following parameters:
- Username: Enter a user name, for example, hdfsuser.
- User Type: Select Human-Machine.
- Password and Confirm Password: Enter a password.
- User Group: Click Add, select a user group, for example, hadoopmanager, and click OK.
- Primary Group: Select a primary group based on service requirements, for example, hadoopmanager.
- Role: Click Add to bind a role to the user, for example, System_administrator.
If the preset roles do not meet the requirements, create a role by referring to Creating an HDFS Role and bind the role here.
- Click OK.
After a human-machine user is created, you need to change the initial password as prompted after logging in to FusionInsight Manager.
- Check the permissions of the new user. The following uses the HDFS web UI as an example.
- On FusionInsight Manager, click the username, for example, admin, in the upper right corner, choose Log Out, and click OK.
- Log in to FusionInsight Manager as the new user, reset the password as prompted, and log in to Manager again.
- Choose Cluster > Services > HDFS. In the Basic Information area, click NameNode (xxx,Active) to access the HDFS web UI.
- If the user has the HDFS permissions, the access is successful.
Figure 1 Accessing the HDFS web UI successfully
- If the user does not have the HDFS permissions, the access fails.
Figure 2 Accessing the HDFS web UI failed
- If the user has the HDFS permissions, the access is successful.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot