Understanding Cluster Roles
In Ambari 2.2 and earlier, the only roles available were Operator and Read-only. To enhance the granularity of permissions that can be granted to Ambari users, the following new, cluster-level roles are available:
Cluster User
Users assigned to the Cluster User role can view information about the cluster and its services, including configurations, service status, and health alerts. In Ambari 2.2 and earlier, this user was referred to as the Read-only user. Effectively, the cluster user is a view-only user.
Service Operator
Users assigned to the Service Operator role have control over service life cycles, such as starting and stopping services, performing service checks, and performing service-specific tasks such as rebalancing HDFS and refreshing the YARN Capacity Scheduler.
Service Administrator
Users assigned to the Service Administrator role have the same permissions as users assigned to the Service Operator role but have the added ability to configure services. This includes the ability to manage configuration groups, move service masters, and enable HA.
Cluster Operator
Users assigned to the Cluster Operator role have the same permissions as users assigned to the Service Administrator role but have the added ability to perform host-level tasks such as adding and removing hosts and components.
Cluster Administrator
Users assigned to the Cluster Administrators role have control over the relevant cluster, its hosts, and services. In Ambari 2.2 and earlier, this user was referred to as the Operator user.
Ambari Administrator
Ambari Administrator users have full control over all aspects of Ambari. This includes the ability to create clusters, change cluster names, register new versions of cluster software, and fully control all clusters managed by the Ambari instance.
The following chart compares these cluster roles:
| Cluster User | Service Operator | Service Administrator | Cluster Operator | Cluster Administrator | Ambari Administrator | |
|---|---|---|---|---|---|---|
| Service-Level Authorizations | ||||||
| View metrics |  |
|
|
|
|
|
| View status information | |
|
|
|
|
|
| View configurations | |
|
|
|
|
|
| Compare configurations | |
|
|
|
|
|
| View service alerts | |
|
|
|
|
|
| Start, stop, or restart service | |
|
|
|
|
|
| Decommission or recommission | |
|
|
|
|
|
| Run service checks | |
|
|
|
|
|
| Turn maintenance mode on or off | |
|
|
|
|
|
| Perform service-specific tasks | |
|
|
|
|
|
| Modify configurations | |
|
|
|
||
| Manage configuration groups | |
|
|
|
||
| Move to another host | |
|
|
|
||
| Enable HA | |
|
|
|
||
| Enable or disable service alerts | |
|
|
|
||
| Add service to cluster | |
|
||||
| Host-Level Authorizations | ||||||
| View metrics | |
|
|
|
|
|
| View status information | |
|
|
|
|
|
| View configuration | |
|
|
|
|
|
| Turn maintenance mode on or off | |
|
|
|||
| Install components | |
|
|
|||
| Add or delete hosts | |
|
|
|||
| Cluster-Level Authorizations | ||||||
| View metrics | |
|
|
|
|
|
| View status information | |
|
|
|
|
|
| View configuration | |
|
|
|
|
|
| View stack version details | |
|
|
|
|
|
| View alerts | |
|
|
|
|
|
| Enable or disable alerts | |
|
||||
| Enable or disable Kerberos | |
|
||||
| Upgrade orLdowngrade stack | |
|
||||
| Ambari-level Authorizations | ||||||
| Create new clusters |
|
|||||
| Set service users and groups |
|
|||||
| Rename clusters |
|
|||||
| Manage users |
|
|||||
| Manage groups |
|
|||||
| Manage Ambari Views |
|
|||||
| Assign permission and roles |
|
|||||
| Manage stack versions |
|
|||||
| Edit stack repository URLs |
|
|||||