No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Definitions

Definitions

Role

  • Manager administrator: Manager system administrator, this role has all rights of Manager system and tenant resource. This role has Manager administration permissions of the system and can create and modify user groups, and specify user permissions, thereby meeting the system management requirements of different users.
  • Manager_operator: Manager system operator, this role has all rights of Manager system except manage system configuration, manage system cluster management, manage tenant.
  • Manager_auditor: Manager system auditor, this role has rights to view and manager audit information of Manager system.
  • Manager_viewer: Manager system viewer, this role has rights to view dashboard, services, hosts, alarms, audit.
  • System_administrator: System administrator, this role has Manager system administrator rights and all services administrator rights.
  • default: the default role created for the default tenant. It has the management permissions on the Yarn component and the default queue.
  • Manager_tenant: Manager tenant viewer, this role has the permissions to view information on the tenant management page of Manager.

User group

Type

Default User Group

Description

OS User Group

hadoop

Users added to this group are granted the permission to submit all Yarn queue tasks.

hadoopmanager

Users added to this user group can have the O&M manager rights of HDFS and Yarn. The O&M manager of HDFS can access the NameNode WebUI and perform active to standby switchover manually. The O&M manager of Yarn can access the ResourceManager WebUI, operate NodeManager nodes, refresh queues, and set node labels, but cannot submit tasks.

hive

Common user group. Hive users must belong to this user group.

hive1

Common user group. Hive1 users must belong to this user group.

hive2

Common user group. Hive2 users must belong to this user group.

hive3

Common user group. Hive3 users must belong to this user group.

hive4

Common user group. Hive4 users must belong to this user group.

spark

Common user group. No new permissions will be assigned to the users added to the user group.

spark1

Common user group. No new permissions will be assigned to the users added to the user group.

spark2

Common user group. No new permissions will be assigned to the users added to the user group.

spark3

Common user group. No new permissions will be assigned to the users added to the user group..

spark4

Common user group. No new permissions will be assigned to the users added to the user group.

supergroup

Users added to this user group can have the administrator rights of HBase, HDFS, Solr, Redis, and Yarn and can use Hive.

solr

Users added to this user group can use Solr.

kafka

Kafka common user group. A user in this group can access a topic only when a user in the kafkaadmin group grants the read and write permission of the topic to the user.

kafkasuperuser

Kafka super user group. Users in this group have the read and write permission of all topics.

kafkaadmin

Kafka administrator group. Users in this group have the rights to create, delete, authorize, read, and write all topics.

storm

Users that are added to the storm user group can submit topologies and manage their own topologies.

stormadmin

Users that are added to the stormadmin user group can have the storm administrator rights and can submit topologies and manage all topologies.

zookeeper

Common user group. No new permissions will be assigned to the users added to the user group.

graphbaseadmin

GraphBase administrator group. Users added to this user group will have the administrator rights of GraphBase and GraphServer.

graphbasedeveloper

GraphBase developer group. Users added to this user group will have the developer rights of GraphBase and GraphServer.

graphbaseoperator

GraphBase operator group. Users in this group have the permission to query data on the GraphServer interface.

check_sec_ldap

Perform internal test on the active LDAP to see whether it works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. Internal system user group, which is used only between components.

Manager_tenant_187

Tenant system user group. Internal system user group, which is used only between components.

System_administrator_186

FusionInsight HD System administrator group. Internal system user group, which is used only between components.

Manager_viewer_183

FusionInsight Manager system viewer group. Internal system user group, which is used only between components.

Manager_operator_182

FusionInsight Manager system operator group. Internal system user group, which is used only between components.

Manager_auditor_181

FusionInsight Manager system auditor group. Internal system user group, which is used only between components.

Manager_administrator_180

FusionInsight Manager System administrator group. Internal system user group, which is used only between components.

compcommon

FusionInsight HD internal group for accessing cluster system resources. All system users and system running users are added to this user group by default.

default_1000

This group is created for tenant. Internal system user group, which is used only between components.

OS User Group

wheel

Primary group of the FusionInsight internal running user omm.

ficommon

FusionInsight HD common group that corresponds to compcommon for accessing cluster common resource files stored in the OS.

User

For the details, see User Information Overview.

Service-related User Security Parameters

FTP-Server
  • The ftp-group parameter specifies the user group to which common users that are allowed to connect to the FTP server belong. If the users are not added to the corresponding user group, they cannot connect to the FTP server. The default value is hadoop.
  • The ftp-admin-group parameter specifies the user group to which the administrator of the FTP server belongs. If the administrator is not added to the corresponding user group, the administrator cannot operate directories and files of other users. The default value is supergroup.

HDFS

The dfs.permissions.superusergroup parameter specifies the administrator group with the highest permission on the HDFS. The default value is supergroup.

Spark, Spark2x, and Corresponding Multi-Instances

The spark.admin.acls parameter specifies the administrator list of the Spark service. Members in the list are authorized to manage all Spark tasks. Users not added in the list cannot manage all Spark tasks. The default value is admin.

Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 5905

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next