2.1. Cluster Roles

To enhance the granularity of permissions that may be granted to Ambari users, the following new, cluster-level roles are available:

[Note]Note

In Ambari 2.2 and earlier, the only roles available were Operator and Read-only. Those roles are renamed to Cluster Administrator and Cluster User respectively.

Cluster User

Users assigned to the Cluster User role are able to view information about the cluster and its services, including configurations, service status and health alerts. Effectively, this is a “read-only” user.

Service Operator

Users assigned to the Service Operator role have control over service lifecycles, such as starting and stopping services, service checks, and performing service-specific tasks such as rebalancing HDFS and refreshing the YARN Capacity Scheduler.

Service Administrator

Users assigned to the Service Administrator role have the same permissions as users assigned to the Service Operator role but have the added ability to configure services. This includes the ability to manage configuration groups, move service masters, and enable HA.

Cluster Operator

Users assigned to the Cluster Operator role have the same permissions as users assigned to the Service Administrator role but have the added ability to perform host-level tasks such as adding and removing hosts and components.

Cluster Administrator

Users assigned to the Cluster Administrators role have control over the relevant cluster, its hosts, and services.

[Note]Note

Ambari-level Administrator users have full control over all aspects of Ambari. This includes the ability to create clusters, change cluster names, register new versions of cluster software, as well as fully control all clusters managed by the Ambari instance.