Adding Cluster Permissions

You can set cluster permissions for users and groups through the MapR Control System and the CLI.

The following table lists the actions a user can perform on a cluster with the corresponding UI columns and codes used in the cluster ACL:

UI

ACL

Allowed Action

Login

login

Log in to the MapR Control System, use the API and command-line interface, read access on cluster and volumes

Start/Stop Service

ss

Start and stop services.

Create Volumes

cv

Create volumes.

Administrator

a

Administrative access (can edit and view ACLs, but cannot perform cluster operations).

Full Control

fc

Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs.

Setting Permissions Using the MapR Control System

Complete the following steps to add cluster permissions in the MapR Control System:
  1. Log in to MCS and click Admin > User Settings > Permissions.
  2. Under USER PERMISSIONS, select the type and specify the name of the user or group in the Name field.
  3. Select the checkbox associated with the permissions you want to grant to the user or group.
  4. Click Add Another to add permissions for another user or group.
    Each row lets you assign permissions to a single user or group.
    Note: A user gets the permissions directly granted to the user as well as permissions granted to any group to which the user belongs.
  5. Click Save Changes to save the changes.

Setting Permissions Using the CLI or the REST API

To set permissions using the CLI, run the following command:

maprcli acl set
    [ -cluster <cluster name> ]
    [ -group <group> ]
    [ -name <name> ]
    -type cluster|volume
    [ -user <user> ]

See acl set for complete reference information.

Granting a User Full Control from the Command-Line

The user who has full control over the cluster can manage aspects of the cluster except assign permissions for other users.

Complete the following steps to give full administrative control to a user:

  1. Log on to any cluster node as root (or use sudo).
  2. Execute the following command, replacing <user> with the username of the account that gets administrative control: sudo /opt/mapr/bin/maprcli acl edit -type cluster -user <user>:fc

    For general information about users and groups in the cluster, see Managing Users and Groups.