User Permission Requirements by API

Lists user permission requirements by API.

The following tables describe the user permissions required for each API.
Note: An asterisk (*) after the API name indicates that the API is only available via REST interfaces.
Table 1. A
API User Requirement
acl edit ACL permission:
a
on the cluster and volume
acl set ACL permission:
a
on the cluster and volume
acl show ACL permission: login on the cluster
alarm clear ACL permission:
fc 
or
 a 
on the cluster
alarm clearall ACL permission:
fc 
or
 a 
on the cluster
alarm config load ACL permission:
login 
on the cluster
alarm config save ACL permission:
fc 
or
 a 
on the cluster
alarm list ACL permission:
login 
on the cluster
alarm names ACL permission:
login 
on the cluster
alarm raise ACL permission:
fc 
or
 a 
on the cluster
Table 2. B
API User Requirement
blacklist user ACL permission:
a
on the cluster
blacklist listuser ACL permission:
a
on the cluster
Table 3. C
API User Requirement
cluster gateway delete ACL permission:
fc 
or
 a 
on the source cluster
cluster gateway get ACL permission:
fc 
or
 a 
on the source cluster
cluster gateway list ACL permission:
fc 
or
 a 
on the source cluster
cluster gateway local ACL permission:
fc 
or
 a 
on the source cluster
cluster gateway resolve ACL permission:
fc 
or
 a 
on the source cluster
cluster gateway set ACL permission:
fc 
or
 a 
on the source cluster
cluster mapreduce get ACL permission:
login 
on the cluster
cluster mapreduce set ACL permission:
fc 
or
 a 
on the cluster
config load ACL permission:
login 
on the cluster
config save ACL permission:
fc 
or
 a 
on the cluster
Table 4. D
API User Requirement
dashboard info ACL permission:
login 
on the cluster
dailhome ackdail ACL permission:
login 
on the cluster
dailhome enable ACL permission:
fc 
or
 a 
on the cluster
dailhome lastdialed ACL permission:
login 
on the cluster
dialhome metrics ACL permission:
login 
on the cluster
dailhome status ACL permission:
login 
on the cluster
disk add ACL permission:
login
on the cluster
disk list ACL permission:
login
on the cluster
disk listall ACL permission:
fc 
or
 a 
on the cluster
disk remove ACL permission:
fc 
or
 a 
on the cluster
dump balancerinfo ACL permission:
login 
on the cluster
dump balancemetrics ACL permission:
login 
on the cluster
dump cldbnodes ACL permission:
login 
on the cluster
dump containerinfo ACL permission:
login 
on the cluster
dump containers ACL permission:
login 
on the cluster
dump fileserverworkinfo ACL permission:
login 
on the cluster
dump replicationmanagerinfo ACL permission:
login 
on the cluster
dump replicationmanagerqueueinfo ACL permission:
login 
on the cluster
dump rereplicationinfo ACL permission:
login 
on the cluster
dump rolebalancermetrics ACL permission:
login 
on the cluster
dump rolebalancerinfo ACL permission:
login 
on the cluster
dump volumeinfo ACL permission:
login 
on the cluster
dump volumenodes ACL permission:
login 
on the cluster
dump zkinfo ACL permission:
login 
on the cluster
Table 5. E
API User Requirement
entity info ACL permission:
login 
on the cluster
entity list ACL permission:
login 
on the cluster
entity modify ACL permission:
fc 
or
 a 
on the cluster
Table 6. F
API User Requirement
fid dump Only the
root
user or
MAPR_USER
user (user name under which MapR services runs) can run this command.
fid stat Only the
root
user or
MAPR_USER
user (user name under which MapR services runs) can run this command.
Table 7. J
API User Requirement
job changepriority
For YARN applications, the user must be specified in the
yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue
property in the conf/capacity-scheduler.xml.
For MapReduce v1 jobs, the user must be specified in
mapred.queue.<queue-name>.acl-administer-job
property in the mapred-queue-acls.xml.
job kill For YARN applications, the user must be specified in the
yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue
property in the conf/capacity-scheduler.xml. For MapReduce v1 jobs, the user must be specified in
mapred.queue.<queue-name>.acl-administer-job
property in the mapred-queue-acls.xml.
job linklogs

User that submitted the job

-or-

User with permissions on the log files.

job table* ACL permission:
login 
on the cluster
Table 8. L
API User Requirement
license remove ACL permission:
fc 
or
 a 
on the cluster
license listcrl ACL permission:
login 
on the cluster
license list ACL permission:
login 
on the cluster
license apps ACL permission:
login 
on the cluster
license addcrl ACL permission:
fc 
or
 a 
on the cluster
license add ACL permission:
fc 
or
 a 
on the cluster
licence showid ACL permission:
login 
on the cluster
Table 9. M
API User Requirement
metrics API ACL permission:
login 
on the cluster
Table 10. N
API User Requirement
nagios generate ACL permission:
login 
on the cluster
nfsmgmt refreshexports ACL permission:
fc 
or
 a
 
on the cluster
node add-to-cluster ACL permission:
fc 
or
 a 
on the cluster
node allow-into-cluster ACL permission:
fc 
or
 a 
on the cluster
node cldbmaster none
node heatmap ACL permission:
login 
on the cluster
node list ACL permission:
login 
on the cluster
node listcldbs ACL permission:
login 
on the cluster
node listcldbzks ACL permission:
login 
on the cluster
node listzookeepers ACL permission:
login 
on the cluster
node maintenance ACL permission:
fc 
or
 a 
on the cluster
node metrics ACL permission:
login 
on the cluster
node move ACL permission:
fc 
or
 a 
on the cluster
node remove ACL permission:
fc 
or
 a 
on the cluster
node services ACL permission: ss,
fc 
or
 a 
on the cluster
node topo ACL permission:
login 
on the cluster
Table 11. R
API User Requirement
rlimit get ACL permission:
login 
on the cluster
rlimit set ACL permission:
fc 
or
 a
 
on the cluster
Table 12. S
API User Requirement
schedule create ACL permission:
fc 
or
 a
 
on the cluster
schedule list ACL permission:
login 
on the cluster
schedule modify ACL permission:
fc 
or
 a
 
on the cluster
schedule remove ACL permission:
fc 
or
 a
 
on the cluster
service list ACL permission:
login 
on the cluster
setloglevel cldb ACL permission:
fc 
or
 a
 
on the cluster
setloglevel fileserver ACL permission:
fc 
or
 a
 
on the cluster
setloglevel hbmaster ACL permission:
fc 
or
 a
 
on the cluster
setloglevel hbregionserver ACL permission:
fc 
or
 a
 
on the cluster
setloglevel jobtracker ACL permission:
fc 
or
 a
 
on the cluster
setloglevel nfs ACL permission:
fc 
or
 a
 
on the cluster
setloglevel tasktracker ACL permission:
fc 
or
 a
 
on the cluster
Table 13. T
API User Requirement
table cf create ACE Permission: Create/Rename Column Family (
createrenamefamilyperm
)
table cf edit
  • ACE Permission to rename a column family: Create/Rename Column Family (
    createrenamefamilyperm
    )
  • ACE Permission to edit the minimum or maximum version: Set min/max versions (
    versionperm
    )
  • ACE Permission to edit the time to live setting: Set min/max versions (
    versionperm
    )
  • ACE Permission to edit the in-memory setting: Pin CF in mempry (
    memoryperm
    )
  • ACE Permission to edit the compression setting: Set compression (
    compressionperm
    )
  • ACE Permission to edit column family permissions: Admin access (
    adminaccessperm
    )
table cf delete ACE Permission: Delete Column Family (
deletefamilyperm
)
table cf list ACE Permissions: Read Data (
readperm
)
table cf colperm get ACE Permission: Admin access (
adminaccessperm
)
table cf colperm set ACE Permission: Admin access (
adminaccessperm
)
table cf colperm delete ACE Permission: Admin access (
adminaccessperm
)
table create Permission on the directory where you want to create the table
table delete Permission on the directory where you want to delete the table
table info ACE Permission: Admin access (
adminaccessperm
)
table region list ACL permission:
login 
on the cluster
table region merge ACE permission: Split Merge (
splitmergeperm
)
table region split ACE permission: Split Merge (
splitmergeperm
)
table region pack ACE permission: Force pack (
packperm
)
table replica add
  • Read permission on the directory that contains the destination table
  • ACE Permission: Replication Access (
    replperm
    ) on the source table
table replica autosetup
  • Write permission on the directory where you want to create the destination table

  • ACE permissions: Read Data (readperm) for the data in the source table that you want to copy

  • ACE permissions: Replication Access (replperm) on the source table

table replica edit ACE Permission: Replication Access (
replperm
) on the source table
table replica list ACE Permission: Replication Access (
replperm
) on the source table
table replica pause ACE Permission: Replication Access (
replperm
) on the source table
table replica remove ACE Permission: Replication Access (
replperm
) on the source table
table replica resume ACE Permission: Replication Access (
replperm
) on the source table
table upstream add
  • Read permission on the directory that contains the source table
  • ACE Permission: Replication Access (
    replperm
    ) on the destination table
table upstream list ACE Permission: Replication Access (
replperm
) on the destination table
table upstream remove ACE Permission: Replication Access (
replperm
) on the destination table
task failattempt For MapReduce v1 jobs, the user must be specified in
mapred.queue.<queue-name>.acl-administer-job
property in the mapred-queue-acls.xml.
task killattempt For MapReduce v1 jobs, the user must be specified in
mapred.queue.<queue-name>.acl-administer-job
property in the mapred-queue-acls.xml.
task table* ACL permission:
login 
on the cluster
trace dump ACL permission:
login 
on the cluster
trace info ACL permission:
login 
on the cluster
trace print ACL permission:
login 
on the cluster
trace reset ACL permission:
login 
on the cluster
trace resize ACL permission:
login 
on the cluster
trace setlevel ACL permission:
login 
on the cluster
trace setmode ACL permission:
login 
on the cluster
Table 14. U
API User Requirement
urls ACL permission:
login 
on the cluster
Table 15. V
API User Requirement
virtualip add ACL permission:
fc 
or
 a 
on the cluster
virtualip edit ACL permission:
fc 
or
 a 
on the cluster
virtualip list ACL permission:
login 
on the cluster
virtualip move ACL permission:
fc 
or
 a 
on the cluster
virtualip remove ACL permission:
fc 
or
 a 
on the cluster
volume container move ACL permission:
fc 
or
 m 
on the volume
volume container switchmaster Only the
root
user or
MAPR_USER
user (user name under which MapR services runs) can run this command.
volume create ACL permission:
fc 
or
 cv 
on the cluster
volume dump create ACL permission:
fc 
or
 dump 
on the volume
volume dump restore ACL permission:
fc 
or
 restore 
on the volume
volume fixmountpath ACL permission:
fc 
or
 m 
on the volume
volume info none
volume link create ACL permission:
fc 
or
 m 
on the volume
volume link remove ACL permission:
fc 
or
 m 
on the volume
volume list ACL permission:
login 
on the cluster
volume mirror push ACL permission:
fc 
or
 restore 
on the volume
volume mirror start ACL permission:
fc 
or
 restore 
on the volume
volume mirror stop ACL permission:
fc 
or
 restore 
on the volume
volume modify ACL permission:
fc 
or
 m 
on the volume
volume mount ACL permission:
fc 
or
 m 
on the volume
volume move ACL permission:
fc 
or
 m 
on the volume
volume remove ACL permission:
fc 
or
 d 
on the volume
volume rename ACL permission:
fc 
or
 d 
on the volume
volume showmounts ACL permission:
login 
on the cluster
volume snapshot create ACL permission:
fc 
or
 m 
on the volume
volume snapshot list ACL permission:
fc 
or
 m 
on the volume
volume snapshot preserve ACL permission:
fc 
or
 m 
on the volume
volume snapshot remove ACL permission:
fc 
or
 m 
on the volume
volume unmount ACL permission:
fc 
or
 m 
on the volume