Adding Cluster Permissions

Describes how to set cluster permissions for users and groups through the Control System and the CLI.

About this task

The following table lists the actions that a user can perform on a cluster with the corresponding UI columns and codes used in the cluster Access Control List (ACL):

UI

ACL

Allowed Action

Login

login

Log in to the Control System, use the API and command-line interface, read access on cluster and volumes

Start/Stop Service

ss

Start and stop services

Create Volumes

cv

Create volumes

Create Security Policy

cp

Required to create security policies. Users with Administrator (a) access can assign this permission to other administrators.
Administrator

a

Administrative access (can edit and view ACLs, but cannot perform cluster operations)

Full Control

fc

Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs.

Setting Permissions Using the Control System

About this task

Complete the following steps to add cluster permissions in the Control System:

Procedure

  1. Log in to the Control System and click Admin > User Settings > Permissions.
  2. Under USER PERMISSIONS, select the type and specify the name of the user or group in the Name field.
  3. Select the checkbox associated with the permissions you want to grant to the user or group.
  4. Click Add Another to add permissions for another user or group.
    Each row lets you assign permissions to a single user or group.
    NOTE
    A user gets the permissions directly granted to the user as well as permissions granted to any group to which the user belongs.
  5. Click Save Changes to save the changes.

Setting Permissions Using the CLI or the REST API

About this task

To set permissions using the CLI, run the following command:

/opt/mapr/bin/maprcli acl set
    [ -cluster <cluster name> ]
    [ -group <group> ]
    [ -name <name> ]
    -type cluster|volume|securitypolicy
    [ -user <user> ]

See acl set for complete reference information.

Granting a User Full Control from the Command-Line

About this task

The user who has full control over the cluster can manage all aspects of the cluster operation except assign permissions for other users.

Complete the following steps to give full administrative control to a user:

Procedure

  1. Log on to any cluster node as root (or use sudo).
  2. Execute the following command, replacing <user> with the username of the account that gets administrative control: sudo /opt/mapr/bin/maprcli acl edit -type cluster -user <user>:fc

    For general information about users and groups in the cluster, see Managing Users and Groups.