Creating a Role
Scenario
This section describes how to create a role on MRS Manager and authorize and manage Manager and components.
Up to 1,000 roles can be created on MRS Manager.
Prerequisites
You have learned service requirements.
Procedure
- On MRS Manager, choose .
- Click Create Role and fill in Role Name and Description.
Role Name is mandatory and contains 3 to 30 digits, letters, and underscores (_). Description is optional.
- In Permission, set role permission.
- Click Service Name and select a name in View Name.
- Select one or more permissions.
- The Permission parameter is optional.
- If you select View Name to set component permissions, you can enter a resource name in the Search box in the upper right corner and click . The search result is displayed.
- The search scope covers only directories with current permissions. You cannot search subdirectories. Search by keywords supports fuzzy match and is case-insensitive. Results of the next page can be searched.
Table 1 Manager permission description Resource Supporting Permission Management
Permission Setting
Alarm
Authorizes the Manager alarm function. You can select View to view alarms and Management to manage alarms.
Audit
Authorizes the Manager audit log function. You can select View to view audit logs and Management to manage audit logs.
Dashboard
Authorizes the Manager overview function. You can select View to view the cluster overview.
Hosts
Authorizes the node management function. You can select View to view node information and Management to manage nodes.
Services
Authorizes the service management function. You can select View to view service information and Management to manage services.
System_cluster_management
Authorizes the MRS cluster management function. You can select Management to use the MRS patch management function.
System_configuration
Authorizes the MRS cluster configuration function. You can select Management to configure MRS clusters on Manager.
System_task
Authorizes the MRS cluster task function. You can select Management to manage periodic tasks of MRS clusters on Manager.
Tenant
Authorizes the Manager multi-tenant management function. You can select Management to manage multi-tenants.
Table 2 HBase permission description Resource Supporting Permission Management
Permission Setting
SUPER_USER_GROUP
Grants you HBase administrator rights.
Global
HBase resource type, indicating the whole HBase.
Namespace
HBase resource type, indicating namespace, which is used to store HBase tables. It has the following permissions:
- Admin permission to manage the namespace
- Create: permission to create HBase tables in the namespace
- Read: permission to access the namespace
- Write: permission to write data to the namespace
- Execute: permission to execute the coprocessor (Endpoint)
Table
HBase resource type, indicating a data table, which is used to store data. It has the following permissions:
- Admin: permission to manage a data table
- Create: permission to create column families and columns in a data table
- Read: permission to read a data table
- Write: permission to write data to a data table
- Execute: permission to execute the coprocessor (Endpoint)
ColumnFamily
HBase resource type, indicating a column family, which is used to store data. It has the following permissions:
- Create: permission to create columns in a column family
- Read: permission to read a column family
- Write: permission to write data to a column family
Qualifier
HBase resource type, indicating a column, which is used to store data. It has the following permissions:
- Read: permission to read a column
- Write: permission to write data to a column
By default, permissions of an HBase resource type of each level are shared by resource types of sub-levels. However, the Recursive option is not selected by default. For example, if Read and Write permissions are added to the default namespace, they are automatically added to the tables, column families, and columns in the namespace. If a child resource is set after the parent resource, the permission of the child resource is the union of the permissions of the parent resource and the current child resource.
Table 3 HDFS permission description Resource Supporting Permission Management
Permission Setting
Folder
HDFS resource type, indicating an HDFS directory, which is used to store files or subdirectories. It has the following permissions:
- Read: permission to access the HDFS directory
- Write: permission to write data to the HDFS directory
- Execute: permission to perform an operation. It must be selected when you add access or write permission.
Files
HDFS resource type, indicating a file in HDFS. It has the following permissions:
- Read: permission to access the file
- Write: permission to write data to the file
- Execute: permission to perform an operation. It must be selected when you add access or write permission.
Permissions of an HDFS directory of each level are not shared by directory types of sub-levels by default. For example, if Read and Execute permissions are added to the tmp directory, you must select Recursive at the same time to add permissions to subdirectories.
Table 4 Hive permission description Resource Supporting Permission Management
Permission Setting
Hive Admin Privilege
Grants you Hive administrator rights.
Database
Hive resource type, indicating a Hive database, which is used to store Hive tables. It has the following permissions:
- Select: permission to query the Hive database
- Delete: permission to perform the deletion operation in the Hive database
- Insert: permission to perform the insertion operation in the Hive database
- Create: permission to perform the creation operation in the Hive database
Table
Hive resource type, indicating a Hive table, which is used to store data. It has the following permissions:
- Select: permission to query the Hive table
- Delete: permission to perform the deletion operation in the Hive table
- Update: grants users the Update permission of the Hive table
- Insert: permission to perform the insertion operation in the Hive table
- Grant of Select: permission to grant the Select permission to other users using Hive statements
- Grant of Delete: permission to grant the Delete permission to other users using Hive statements
- Grant of Update: permission to grant the Update permission to other users using Hive statements
- Grant of Insert: permission to grant the Insert permission to other users using Hive statements
By default, permissions of a Hive resource type of each level are shared by resource types of sub-levels. However, the Recursive option is not selected by default. For example, if Select and Insert permissions are added to the default database, they are automatically added to the tables and columns in the database. If a child resource is set after the parent resource, the permission of the child resource is the union of the permissions of the parent resource and the current child resource.
Table 5 Yarn permission description Resource Supporting Permission Management
Permission Setting
Cluster Admin Operations
Grants you Yarn administrator rights.
root
Root queue of Yarn. It has the following permissions:
- Submit: permission to submit jobs in the queue
- Admin: permission to manage permissions of the current queue
Parent Queue
Yarn resource type, indicating a parent queue containing sub-queues. A root queue is a type of a parent queue. It has the following permissions:
- Submit: permission to submit jobs in the queue
- Admin: permission to manage permissions of the current queue
Leaf Queue
Yarn resource type, indicating a leaf queue. It has the following permissions:
- Submit: permission to submit jobs in the queue
- Admin: permission to manage permissions of the current queue
By default, permissions of a Yarn resource type of each level are shared by resource types of sub-levels. However, the Recursive option is not selected by default. For example, if the Submit permission is added to the root queue, it is automatically added to the sub-queue. Permissions inherited by sub-queues will not be displayed as selected in the Permission table. If a child resource is set after the parent resource, the permission of the child resource is the union of the permissions of the parent resource and the current child resource.
Table 6 Hue permission description Resource Supporting Permission Management
Permission Setting
Storage Policy Admin
Grants you storage policy administrator rights.
- Click OK. Return to Manage Role.
Related Tasks
Modifying a role
- On MRS Manager, click System.
- In the Permission area, click Manage Role.
- In the row of the role to be modified, click Modify to modify role information.
If you change permissions assigned by the role, it takes 3 minutes to make new configurations take effect.
- Click OK. The modification is complete.
Deleting a role
- On MRS Manager, click System.
- In the Permission area, click Manage Role.
- In the row of the role to be deleted, click Delete.
- Click OK. The role is deleted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot