Help Center/ MapReduce Service/ Troubleshooting/ Account Permissions/ A Message Is Displayed Indicating That the User Does Not Have the Permission to Obtain the MRS Cluster Hosts
Updated on 2023-11-30 GMT+08:00

A Message Is Displayed Indicating That the User Does Not Have the Permission to Obtain the MRS Cluster Hosts

Issue

When a user calls the /v1.1/<project_id>/clusters/<cluster_id>/hosts API using the AK/SK to obtain hosts in an MRS cluster, message "User do not have right to access cluster" is displayed.

Cause Analysis

Parameters such as project_id are not filled in the request header. As a result, the project_id of the token parsed by the cloud service is inconsistent with that of the cluster.

Procedure

Before calling interfaces in AK/SK-based authentication mode, collect required information by referring to Table 1. For details about how to sign requests and use SDKs, see API Request Signing Guide.

Before constructing an API request, obtain the following information, including the endpoint and URI of the request URL, AK/SK used for signature and authentication, and project ID used to distinguish tenants.

Table 1 Information to be collected

Endpoint

Endpoint of a cloud service in a region.

For details, see Regions and Endpoints.

Project_Id

Project ID, which needs to be configured in the URI of most APIs to identify different projects.

AK/SK

Access key pair, including the access key ID (AK) and secret access key (SK), used to sign API requests.

URI

API request path and parameters.

For details, see API Overview.

X-Domain-Id

Account ID, which is used for:

  • Obtaining a token for token-based authentication.
  • Calling APIs of global services using AK/SK-based authentication. X-Domain-Id needs to be configured in the request header.

X-Project-Id

Sub-project ID, which is used in multi-project scenarios. The X-Project-Id field is mandatory in the request header for accessing resources in a sub-project through AK/SK-based authentication.

For details about how to obtain the parameters in Table 1, see AK/SK Signing and Authentication Guide.