Default Permission Information
Role
Default Role |
Description |
---|---|
Manager_administrator |
Manager administrator who has all permissions for Manager. Manager administrators can create first-level tenants, create and modify user groups, and specify user permissions. |
Manager_operator |
Manager operator who has all the permissions on the Homepage, Cluster, Hosts, and O&M tab pages. |
Manager_auditor |
Manager auditor who has all permissions on the Audit tab page. Manager auditors can view and manage Manager system audit logs. |
Manager_viewer |
Manager viewer who has the permission to view information about Homepage, Cluster, Hosts, Alarm, Events, and System > Permission, and download clients. |
Manager_tenant |
Manager tenant administrator. This role can create and manage sub-tenants for the non-leaf tenants to which the current user belongs. It has the permission to view alarms and events on O&M > Alarm. |
System_administrator |
System administrator, this role has Manager system administrator rights and all services administrator rights. |
default |
This role is the default role created for the default tenant. It has the management permissions on the Yarn component and the default queue. The default role of the default tenant that is not the first cluster to be installed is c<cluster ID>_default. |
Manager_administrator_180 |
FusionInsight Manager system administrator group. Internal system user group, which is used only between components. |
Manager_auditor_181 |
FusionInsight Manager system auditor group. Internal system user group, which is used only between components. |
Manager_operator_182 |
FusionInsight Manager system operator group. Internal system user group, which is used only between components. |
Manager_viewer_183 |
FusionInsight Manager system viewer group. Internal system user group, which is used only between components. |
System_administrator_186 |
System administrator group. Internal system user group, which is used only between components. |
Manager_tenant_187 |
Tenant system user group. Internal system user group, which is used only between components. |
default_1000 |
This group is created for tenant. Internal system user group, which is used only between components. |
User group
Type |
Default User Group |
Description |
---|---|---|
Default cluster user groups |
cdl |
Common user group of CDL. Users in this group can create and query CDL jobs. |
cdladmin |
CDL administrator group. Only users in this group can access CDL APIs. |
|
Elasticsearch |
Users added to this user group can use Elasticsearch. |
|
graphbaseadmin |
GraphBase administrator group. Users added to this user group will have the administrator rights of GraphBase and GraphServer. |
|
graphbasedeveloper |
GraphBase developer group. Users added to this user group will have the developer rights of GraphBase and GraphServer. |
|
graphbaseoperator |
GraphBase operator group. Users in this group have the permission to query data on the GraphServer web UI. |
|
hadoop |
Users added to this group are granted the permission to submit all Yarn queue tasks. |
|
hadoopmanager |
Users added to this user group can have the O&M manager rights of HDFS and Yarn. The O&M manager of HDFS can access the NameNode WebUI and perform active to standby switchover manually. The O&M manager of Yarn can access the ResourceManager WebUI, operate NodeManager nodes, refresh queues, and set node labels, but cannot submit tasks. |
|
hetuadmin |
HetuEngine administrator group. Users in this group have the permission to perform operations on HSConsole. |
|
hetuuser |
User group to which the users need to be added to obtain the SQL execution permission |
|
hive/hive1/hive2/hive3/hive4 |
Common user group. Hive/Hive1/Hive2/Hive3/Hive4 users must be in this user group. |
|
iotdbgroup |
Users added to this user group have the administrator rights of the IoTDB component. |
|
kafka |
Kafka common user group. A user in this group can access a topic only when a user in the kafkaadmin group grants the read and write permission of the topic to the user. |
|
kafkaadmin |
Kafka administrator group. Users in this group have the rights to create, delete, authorize, read, and write all topics. |
|
kafkasuperuser |
Topic read/write user group of Kafka. Users added to this group have the read and write permissions on all topics. |
|
kafkaui |
Kafka UI user group. Users in this group have the permission to view Kafka UI. |
|
kmsadmin |
After a user is added to the user group, the read permission on all keys in the KMS can be obtained. |
|
lakesearchgroup |
Users added to this user group have the administrator rights of the LakeSearch component. |
|
msadmin |
Users added to this user group have the administrator rights of Metastore. |
|
rkmsadmin |
User group for RangerKMS permission management. If the key management permission is required, add the user to this group. |
|
solr |
Users added to this user group can use Solr. |
|
supergroup |
Users added to this user group can have the administrator rights of HBase, HDFS, Solr, Redis, and Yarn and can use Hive. |
|
yarnviewgroup |
Indicates the read-only user group of the Yarn task. Users in this user group can have the view permission on Yarn and MapReduce tasks. |
|
check_sec_ldap |
Perform internal test on the active LDAP to see whether it works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. Internal system user group, which is used only between components. |
|
compcommon |
System internal group for accessing cluster system resources. All system users and system running users are added to this user group by default. |
|
OS user groups |
wheel |
Primary group of the FusionInsight internal running user omm. |
ficommon |
System common group that corresponds to compcommon for accessing cluster common resource files stored in the OS. |
If the current cluster is not the cluster that is installed for the first time in FusionInsight Manager, the default user group name of all components except Manager in the cluster is c<cluster ID>_ default user group name, for example, c2_hadoop.
Service-related User Security Parameters
- FTP-Server
- The ftp-group parameter specifies the user group to which common users who are allowed to connect to the FTP server belong. If the users are not added to the corresponding user group, they cannot connect to the FTP server. The default value is hadoop.
- The ftp-admin-group parameter specifies the user group to which the administrator of the FTP server belongs. If the administrator is not added to the corresponding user group, the administrator cannot operate directories and files of other users. The default value is supergroup.
- HDFS
The dfs.permissions.superusergroup parameter specifies the administrator group with the highest permission on the HDFS. The default value is supergroup.
- Spark and Corresponding Multi-Instances
The spark.admin.acls parameter indicates the Spark administrator list. Members in the list have the permission to manage all Spark tasks. If a user is not added to the list, the user cannot manage all Spark tasks. The default value is admin.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot