No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Rights Model

Rights Model

The rights model of FusionInsight is "users-user groups-roles-rights".

Figure 14-1 Rights model
  • Rights

    are defined by components and allow users to access resources of components. Different components have different rights for their resources.


    • HDFS provides read, write, and execute permissions on file resources.
    • HBase provides create and delete permissions on table resources.
  • Role

    is a collection of component rights. Each role can have multiple rights of multiple components. Different roles can have the rights of a resource of one component.

  • User group

    is a collection of users. When a user group is bound to a role, users in this group obtain the rights defined by the role.

    When a user group is bound to multiple roles, users in this group have all the rights of these roles.

    Different user groups can be bound to the same role.

    A user group may not bound to any role. Therefore, the user group does not have any permissions on component resources in principle.


    In some components, the system grants related rights to specific user groups by default.

  • User

    is the visitor of the FusionInsight system. The rights of a user consist of the following two parts:

    • All rights of the user group to which the user belongs to
    • All rights of the role to which the user is bound

    The user must be added to the corresponding user group to obtain required permissions.

    • Because a user can belong to multiple groups, setting a primary group maintains and conforms to the rights mechanism of the Hadoop community. Additionally, the primary group has the same function as other groups in rights control.
    • If the user is not added to a user group, or no role is configured for the user, no information is displayed after the user logs in to FusionInsight Manager.

    A user can be or not be bound to any roles.

    A user can have multiple roles and belong to multiple user groups.

    Different users can be bound to the same role.

    Different users can belong to the same user group.

    FusionInsight adopts the role-based access control (RBAC) mode to perform rights management on the big data system. It integrates the rights management functions of the components to centrally manage rights. Common users are shielded from internal rights management details, and administrators' rights management operations are simplified, improving rights management usability and user experience.

Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 7202

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next