Adding Cluster Permissions
Describes how to set cluster permissions for users and groups through the Control System and the CLI.
About this task
The following table lists the actions that a user can perform on a cluster with the corresponding UI columns and codes used in the cluster Access Control List (ACL):
UI |
ACL |
Allowed Action |
---|---|---|
Login |
login |
Log in to the Control System, use the API and command-line interface, read access on cluster and volumes |
Start/Stop Service |
ss |
Start and stop services |
Create Volumes |
cv |
Create volumes |
Create Security Policy |
cp |
Required to create security policies. Users with Administrator (a) access can assign this permission to other administrators. |
Administrator |
a |
Administrative access (can edit and view ACLs, but cannot perform cluster operations) |
Full Control |
fc |
Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs. |
Setting Permissions Using the Control System
About this task
Procedure
- Log in to the Control System and click .
- Under USER PERMISSIONS, select the type and specify the name of the user or group in the Name field.
- Select the checkbox associated with the permissions you want to grant to the user or group.
-
Click Add Another to add permissions for another user or
group.
Each row lets you assign permissions to a single user or group.NOTEA user gets the permissions directly granted to the user as well as permissions granted to any group to which the user belongs.
- Click Save Changes to save the changes.
Setting Permissions Using the CLI or the REST API
About this task
To set permissions using the CLI, run the following command:
/opt/mapr/bin/maprcli acl set
[ -cluster <cluster name> ]
[ -group <group> ]
[ -name <name> ]
-type cluster|volume|securitypolicy
[ -user <user> ]
See acl set
for complete
reference information.
Granting a User Full Control from the Command-Line
About this task
The user who has full control over the cluster can manage all aspects of the cluster operation except assign permissions for other users.
Complete the following steps to give full administrative control to a user:
Procedure
-
Log on to any cluster node as
root
(or usesudo
). -
Execute the following command, replacing
<user>
with the username of the account that gets administrative control:sudo /opt/mapr/bin/maprcli acl edit -type cluster -user <user>:fc
For general information about users and groups in the cluster, see Managing Users and Groups.