...
Label | Description |
Policy name | Enter an appropriate policy name. This name can not be duplicated across the system.This field is mandatory. |
Hive database | Select the appropriate database. Multiple databases can be selected for a particular policy. This field is mandatory. |
UDF | We can also set policies for UDF.User Defined Function.Enter an appropriate udf. |
Audit Logging | Choose whether the particular policy will be audited or not. |
Group permissions | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
User Permissions | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Include/exclude | The include flag means it will consider the values entered in the field.The default value is set as include.The exclude Flag will exclude all the table names or column names entered in that particular field. |
Enable/disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy.
|
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character.You can use wildcards in the database name ,table name ,column name.for e.g database name as *,table name as ? and column name as ?. In case of UDF we can use for e.g. database name as *,UDF as ?. |
Permission | Description |
Select | Allows users to perform a select operation |
Update | Allows users to perform an update operation |
Create | Allows users to perform a Create operation |
Drop | Allows users to perform a Drop operation |
Alter | Allows users to perform a Alter operation |
Index | Allows users to perform an indexing operation |
Lock | Allows users to perform an indexing operation |
All | Allows users to perform all operations |
Note |
---|
GRANT: Hive GRANT is a command used to provide access or privileges on Hive database tables to the users. |
Code Block |
---|
Syntax: grant <permissions> on table <table> to user <user or group>; i.e : grant select on table default.newtable to user mark; |
Note |
---|
This will create a policy and give select rights to user1. |
...
Label | Description |
Policy Name | Enter an appropriate policy name. This name is cannot be duplicated across the system.This field is mandatory. |
Hbase Table | Select the appropriate database. Multiple tables can be selected for a particular policy. This field is mandatory |
Hbase column-family | For the selected table, select column families for the which the policy will be applicable |
Hbase column | For the selected table and CF, select columns for the which the policy will be applicable |
Audit Logging | Choose whether the particular policy will be audited or not. |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
User Permission | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Enable/Disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character.You can use wildcards in the table name ,column name ,column families.for e.g table name as *, column family as ? and column name as ?. |
Permission | Description |
Read | Allows user to perform a read operation |
Write | Allows user to perform a write operation |
Create | Allows user to perform a create operation |
Admin | This gives the delegated admin access to user |
Note |
---|
GRANT: HBase GRANT is a command used to provide access or privileges on Hbase database tables to the users. |
Code Block |
---|
Syntax: grant '<user-or-group>','<permissions>','<table>' i.e : grant 'mark’' , 'RW' , 'testtable2' |
Note |
---|
This will create a policy and give read and write access to user1 on testtable2 .Similarly we can grant create and admin writes |
...
Note |
---|
Topology name: A topology is a graph of computation. Each node in a topology contains processing logic, and links between nodes indicate how data should be passed around between nodes. |
Label | Description |
Policy name | Enter an appropriate policy name. This name is cannot be duplicated across the system. |
Storm topology | Enter an appropriate Topology Name |
Audit logging | Choose whether the particular policy will be audited or not. |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
User permission | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Enable/disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field.The default value is set as include.The exclude Flag will exclude all the table names or column names entered in that particular field. |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character.You can use wildcards in the topology name.for e.g topology name as ?. |
Permission | Description |
Submit Topology | Allows user to submit a topology |
File upload | Allows user to upload files |
Get Nimbus Conf | Allows user to access Nimbus Configuration |
Get Cluster info | Allows user to get Cluster Information |
File Download | Allows user to Download Files |
Kill Topology | Allows user to kill topology |
Rebalance | Allows user to Rebalance topologies |
Activate | Allows user to Activate topology |
Deactivate | Allows user to Deactivate topology |
Get Topology Conf | Allows user to access Topology Configuration |
Get Topology | Allows user to access Topology |
Get User Topology | Allows user to access user Topology |
Get Topology Info | Allows user to access Topology Information |
Upload New Credential | Allows user to upload new credential |
...
Step 1 : Click on the Add New Policy button on listing page
Step 2 : Add YARN Policy
Label | Description |
Policy Name | Enter an appropriate policy name. This name is cannot be duplicated across the system. |
Queue | The fundamental unit of scheduling in yarn |
Audit Logging | Choose whether the particular policy will be audited or not. |
Enable/disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Recursive | You can indicate whether all files or folders within the existing folder comes under the policy.Can be used instead of wildcard characters |
User Permission | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Group Permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character.You can use wildcards in the topology name.for e.g topology name as ?. |
Permission | Description |
Submit-job | Allows user to submit a job on a defined queue |
Admin-queue | Allows user to manage admin queue |
Edit/Delete YARN policies
...
Step 1 : Click on the Add New Policy button on listing page
Step 2 : Add SOLR policy
Label | Description |
Policy Name | Enter an appropriate policy name. This name is cannot be duplicated across the system |
Solr connection | http:<host_ip>:6083/solr |
Audit logging | Choose whether the particular policy will be audited or not. |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
User Permission | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Enabled/disabled | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field.The default value is set as include.The exclude Flag will exclude all the table names or column names entered in that particular field. |
Permission | Description |
Querry | Permission to fetch records from Solr DB. |
Update | Permission to update records in Solr |
Others | |
Solr Admin | Permission to manage user accounts and |
Edit / Delete SOLR Policies
...
Step 1 : Click on the Add New Policy button on listing page
Step 2 : Add KAFKA Policy
Label | Description |
Policy name | Enter an appropriate policy name. This name is cannot be duplicated across the system |
Topic | A topic is a category or feed name to which messages are published. |
Audit logging | Choose whether the particular policy will be audited or not. |
User permission | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
Enable/Disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field.The default value is set as include.The exclude Flag will exclude all the table names or column names entered in that particular file |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character.You can use wildcards in the topology name.for e.g topology name as ?. |
Permission | Description |
Publish | A process that publish message to kafka topic producers. |
Consume | Consume only a subset of the partitions in a topic in a process |
Configure | Configure the kafka broker/cluster |
Describe | Permission to fetch metadata on the topic |
Kafka Admin |
USERS/GROUPS
...