Adding Cluster Permissions

Describes how to set cluster permissions for users and groups through the Control System and the CLI.

About this task

The following table lists the actions that a user can perform on a cluster with the corresponding UI columns and codes used in the cluster Access Control List (ACL):

UI	ACL	Allowed Action
Login	login	Log in to the Control System, use the API and command-line interface, read access on cluster and volumes
Start/Stop Service	ss	Start and stop services
Create Volumes	cv	Create volumes
Create Security Policy	cp	Required to create security policies. Users with Administrator (a) access can assign this permission to other administrators.
Administrator	a	Administrative access (can edit and view ACLs, but cannot perform cluster operations)
Full Control	fc	Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs.

Setting Permissions Using the Control System

About this task

Complete the following steps to add cluster permissions in the Control System:

Procedure

Log in to the Control System and click Admin > User Settings > Permissions.
Under USER PERMISSIONS, select the type and specify the name of the user or group in the Name field.
Select the checkbox associated with the permissions you want to grant to the user or group.
Click Add Another to add permissions for another user or group.
Each row lets you assign permissions to a single user or group.
NOTE
A user gets the permissions directly granted to the user as well as permissions granted to any group to which the user belongs.
Click Save Changes to save the changes.

Setting Permissions Using the CLI or the REST API

About this task

To set permissions using the CLI, run the following command:

/opt/mapr/bin/maprcli acl set
    [ -cluster <cluster name> ]
    [ -group <group> ]
    [ -name <name> ]
    -type cluster|volume|securitypolicy
    [ -user <user> ]

See acl set for complete reference information.

Granting a User Full Control from the Command-Line

About this task

The user who has full control over the cluster can manage all aspects of the cluster operation except assign permissions for other users.

Complete the following steps to give full administrative control to a user:

Procedure

Log on to any cluster node as root (or use sudo).
Execute the following command, replacing <user> with the username of the account that gets administrative control: sudo /opt/mapr/bin/maprcli acl edit -type cluster -user <user>:fc

For general information about users and groups in the cluster, see Managing Users and Groups.

HPE Ezmeral Data Fabric – Customer-Managed 7.9.0 Documentation
Abstract	This site contains documentation for the customer-managed platform of the HPE Ezmeral Data Fabric version 7.9.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	November 2024
Edition	7.9.0