yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/mrs/umn/admin_guide_000240.html
yangtong c285e88a17 MRS UMN 20250806 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: yangtong <yangtong2@huawei.com>
Co-committed-by: yangtong <yangtong2@huawei.com>
2025-09-02 10:43:57 +00:00

210 lines
20 KiB
HTML
Raw Blame History

<a name="admin_guide_000240"></a><a name="admin_guide_000240"></a>
<h1 class="topictitle1">Default Permission Information</h1>
<div id="body1529658735918"><div class="section" id="admin_guide_000240__section185425315610"><h4 class="sectiontitle">Role</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000240__table257362915440" frame="border" border="1" rules="all"><thead align="left"><tr id="admin_guide_000240__row1857314296444"><th align="left" class="cellrowborder" valign="top" width="32.61%" id="mcps1.3.1.2.1.3.1.1"><p id="admin_guide_000240__p20573172954416">Default Role</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="67.39%" id="mcps1.3.1.2.1.3.1.2"><p id="admin_guide_000240__p7573142914416">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000240__row557315299440"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p15573132910443">Manager_administrator</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p893873210338">Manager administrator who has all permissions for Manager.</p>
<p id="admin_guide_000240__p119071735112311">Manager administrators can create first-level tenants, create and modify user groups, and specify user permissions.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1557362974414"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p9573192912440">Manager_operator</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p85731929154411">Manager operator who has all the permissions on the <strong id="admin_guide_000240__b61465336405">Homepage</strong>, <strong id="admin_guide_000240__b914663304018">Cluster</strong>, <strong id="admin_guide_000240__b07802058344">Hosts</strong>, and <strong id="admin_guide_000240__b1014613384015">O&amp;M</strong> tab pages.</p>
</td>
</tr>
<tr id="admin_guide_000240__row857311291446"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p185731929184414">Manager_auditor</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p19757191583414">Manager auditor who has all permissions on the <strong id="admin_guide_000240__b914673394018">Audit</strong> tab page.</p>
<p id="admin_guide_000240__p13573192917446">Manager auditors can view and manage Manager system audit logs.</p>
</td>
</tr>
<tr id="admin_guide_000240__row757372920444"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p557372994415">Manager_viewer</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p24602816422">Manager viewer, who has permission to view <strong id="admin_guide_000240__b882765419407">Homepage, Cluster, Hosts, Alarms and Events, Tenant Resources</strong> (available in MRS 3.5.0 and later)<strong id="admin_guide_000240__b1582705404012">, and System</strong>.</p>
</td>
</tr>
<tr id="admin_guide_000240__row596204317469"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p1748123114618">Manager_tenant</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p101754853410">Manager tenant administrator.</p>
<p id="admin_guide_000240__p20820884242">This role can create and manage sub-tenants for the non-leaf tenants to which the current user belongs. It has the permission to view alarms and events on <strong id="admin_guide_000240__b9728141917292">O&amp;M &gt; Alarm</strong>.</p>
</td>
</tr>
<tr id="admin_guide_000240__row25731029194420"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p557432910449">System_administrator</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p6574152917442">System administrator, this role has Manager system administrator rights and all services administrator rights.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1547102315468"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p94816232468">default</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p1848523184615">This role is the default role created for the <strong id="admin_guide_000240__b35391425259">default</strong> tenant. It has the management permissions on the Yarn component and the default queue. The default role of the default tenant that is not the first cluster to be installed is <strong id="admin_guide_000240__b2251183411304">c</strong><em id="admin_guide_000240__i1035612329301">&lt;</em><em id="admin_guide_000240__i54441835541">cluster ID</em><em id="admin_guide_000240__i1335712329304">&gt;</em><strong id="admin_guide_000240__b116212326411">_default</strong>.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1848323104616"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p95631591474">Manager_administrator_180</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p1956355912715"><span id="admin_guide_000240__text67509419010">MRS</span> Manager System administrator group. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1148182324611"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p135627596710">Manager_auditor_181</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p956211591576"><span id="admin_guide_000240__text1768363711223">MRS</span> Manager system auditor group. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row12481723154616"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p1556211591779">Manager_operator_182</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p3562145910713"><span id="admin_guide_000240__text84593982216">MRS</span> Manager system operator group. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row106621825184612"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p9562759676">Manager_viewer_183</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p135628597710"><span id="admin_guide_000240__text1432114014227">MRS</span> Manager system viewer group. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row766252520465"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p175629596714">System_administrator_186</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p1856205911718">System administrator group. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1266218259468"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p25628596713">Manager_tenant_187</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p4562259975">Tenant system user group. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row866292518461"><td class="cellrowborder" valign="top" width="32.61%" headers="mcps1.3.1.2.1.3.1.1 "><p id="admin_guide_000240__p1456315599720">default_1000</p>
</td>
<td class="cellrowborder" valign="top" width="67.39%" headers="mcps1.3.1.2.1.3.1.2 "><p id="admin_guide_000240__p1056313597715">This group is created for tenant. Internal system user group, which is used only between components.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="admin_guide_000240__section1031812876"><a name="admin_guide_000240__section1031812876"></a><a name="section1031812876"></a><h4 class="sectiontitle">User group</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000240__table260563319210" frame="border" border="1" rules="all"><thead align="left"><tr id="admin_guide_000240__row2605113311213"><th align="left" class="cellrowborder" valign="top" width="7.5200000000000005%" id="mcps1.3.2.2.1.4.1.1"><p id="admin_guide_000240__p1160512331922">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="15.6%" id="mcps1.3.2.2.1.4.1.2"><p id="admin_guide_000240__p36054331424">Default User Group</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.88000000000001%" id="mcps1.3.2.2.1.4.1.3"><p id="admin_guide_000240__p176055331027">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000240__row116061333219"><td class="cellrowborder" rowspan="16" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p14606733624">OS User Group</p>
</td>
<td class="cellrowborder" valign="top" width="15.6%" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p14606833128">hadoop</p>
</td>
<td class="cellrowborder" valign="top" width="76.88000000000001%" headers="mcps1.3.2.2.1.4.1.3 "><p id="admin_guide_000240__p26061033128">Users added to this group are granted the permission to submit all Yarn queue tasks.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1660618331429"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p360614331721">hadoopmanager</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p1160616331229">Users added to this user group can have the O&amp;M manager rights of HDFS and Yarn. The O&amp;M manager of HDFS can access the NameNode WebUI and perform active to standby switchover manually. The O&amp;M manager of Yarn can access the ResourceManager WebUI, operate NodeManager nodes, refresh queues, and set node labels, but cannot submit tasks.</p>
</td>
</tr>
<tr id="admin_guide_000240__row145801412123710"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p2087201473711">hetuadmin</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p687314183710"><span id="admin_guide_000240__text1788191473712">HetuEngine</span> administrator group. Users in this group have the permission to perform operations on HSConsole.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1560653315219"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p196061633529">hive</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p760618331226">Common user group. Hive users must belong to this user group.</p>
</td>
</tr>
<tr id="admin_guide_000240__row2559201043612"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p9678184512361">cdladmin</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p6678194593614">CDL administrator group. Only users in this group can access CDL APIs.</p>
</td>
</tr>
<tr id="admin_guide_000240__row74808132369"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p1337717151364">cdl</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p5377151517366">Common user group of CDL. Users in this group can create and query CDL jobs.</p>
</td>
</tr>
<tr id="admin_guide_000240__row18953311360"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p1139763316365">iotdbgroup</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p1439703323612">Users added to this user group have the administrator rights of the IoTDB component.</p>
</td>
</tr>
<tr id="admin_guide_000240__row66077331522"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p560715331822">kafka</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p1560719332028">Kafka common user group. A user in this group can access a topic only when a user in the kafkaadmin group grants the read and write permission of the topic to the user.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1460753312219"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p15607203314218">kafkaadmin</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p56071033228">Kafka administrator group. Users in this group have the rights to create, delete, authorize, read, and write all topics.</p>
</td>
</tr>
<tr id="admin_guide_000240__row3607133310210"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p1760753318219">kafkasuperuser</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p3607433028">Topic read/write user group of Kafka. Users added to this group have the read and write permissions on all topics.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1060763310216"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p46071331213">storm</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p196071233326">Users who are added to the storm user group can submit topologies and manage their own topologies.</p>
</td>
</tr>
<tr id="admin_guide_000240__row1160733312215"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p1060713314213">stormadmin</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p15607933929">Users who are added to the stormadmin user group can have the storm administrator rights and can submit topologies and manage all topologies.</p>
</td>
</tr>
<tr id="admin_guide_000240__row760714332021"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p1760717331210">supergroup</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p166075336212">Users added to this user group can have the administrator rights of HBase, HDFS and Yarn and can use Hive.</p>
</td>
</tr>
<tr id="admin_guide_000240__row19607173311210"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p116071433129">yarnviewgroup</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p1960773317216">Indicates the read-only user group of the Yarn task. Users in this user group can have the view permission on Yarn and MapReduce tasks.</p>
</td>
</tr>
<tr id="admin_guide_000240__row5607733323"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p156088337213">check_sec_ldap</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p126087334218">Perform internal test on the active LDAP to see whether it works properly. This user group is generated randomly in a test and automatically deleted after the test is complete. Internal system user group, which is used only between components.</p>
</td>
</tr>
<tr id="admin_guide_000240__row66084331215"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p360813331927">compcommon</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p15608193313210">System internal group for accessing cluster system resources. All system users and system running users are added to this user group by default.</p>
</td>
</tr>
<tr id="admin_guide_000240__row46081733821"><td class="cellrowborder" rowspan="2" valign="top" width="7.5200000000000005%" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p8608113316213">OS User Group</p>
</td>
<td class="cellrowborder" valign="top" width="15.6%" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p76086331215">wheel</p>
</td>
<td class="cellrowborder" valign="top" width="76.88000000000001%" headers="mcps1.3.2.2.1.4.1.3 "><p id="admin_guide_000240__p960817331428">Primary group of the <span id="admin_guide_000240__text154104932217">MRS</span> internal running user omm.</p>
</td>
</tr>
<tr id="admin_guide_000240__row16608153319218"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.1 "><p id="admin_guide_000240__p166089336218">ficommon</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.1.4.1.2 "><p id="admin_guide_000240__p17608833124">System common group that corresponds to <strong id="admin_guide_000240__b1255216234">compcommon</strong> for accessing cluster common resource files stored in the OS.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="admin_guide_000240__note19611014989"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="admin_guide_000240__p1611131417816">If the current cluster is not the cluster that is installed for the first time in <span id="admin_guide_000240__text175895132214">MRS</span> Manager, the default user group name of all components except Manager in the cluster is <strong id="admin_guide_000240__b13452205613110">c</strong><em id="admin_guide_000240__i5200859111113">&lt;cluster ID&gt;</em>_ <em id="admin_guide_000240__i168181791219">default user group name</em>, for example, <strong id="admin_guide_000240__b2849218181214">c2_hadoop</strong>.</p>
</div></div>
</div>
<div class="section" id="admin_guide_000240__section183318576"><h4 class="sectiontitle">User</h4><p id="admin_guide_000240__p318115111275">For details, see <span id="admin_guide_000240__text124141028604"></span><a href="admin_guide_000239.html">User Account List</a>.</p>
</div>
<div class="section" id="admin_guide_000240__section18845164685514"><h4 class="sectiontitle">Service-related User Security Parameters</h4><ul id="admin_guide_000240__ul4780748131220"><li id="admin_guide_000240__li107801048151213"><strong id="admin_guide_000240__b178515530268">HDFS</strong><p id="admin_guide_000240__p14411852111217">The <strong id="admin_guide_000240__b885193919346">dfs.permissions.superusergroup</strong> parameter specifies the administrator group with the highest permission on the HDFS. The default value is <strong id="admin_guide_000240__b1585133910344">supergroup</strong>.</p>
</li><li id="admin_guide_000240__li5780548181220"><strong id="admin_guide_000240__b1048105313345">Spark2x and Corresponding Multi-Instances</strong><p id="admin_guide_000240__p1467605315127">The <strong id="admin_guide_000240__b16001465358">spark.admin.acls</strong> parameter specifies the administrator list of the Spark2x. Members in the list are authorized to manage all Spark tasks. Users not added in the list cannot manage all Spark tasks. The default value is <strong id="admin_guide_000240__b18369718272">admin</strong>.</p>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000234.html">Security Overview</a></div>
</div>
</div>
View Git Blame Copy Permalink