Role based access control

Permissions that an Ambari-level administrator assigns each user or group define each role.

Use these tables to determine what permissions each role includes. For example: A user with any role can view metrics, but only an Ambari Administrator can create a new Ambari-managed cluster.

Table 1. Service-Level Permissions

Permissions	Cluster User	Service Operator	Service Administrator	Cluster Operator	Cluster Administrator	Ambari Administrator
View metrics
View status information
View configurations
Compare configurations
View service alerts
Start, stop, or restart service
Decommission or recommission
Run service checks
Turn maintenance mode on or off
Perform service-specific tasks
Modify configurations
Manage configuration groups
Move to another host
Enable HA
Enable or disable service alerts
Add service to cluster

Table 2. Host-Level Permissions

Permissions	Cluster User	Service Operator	Service Administrator	Cluster Operator	Cluster Administrator	Ambari Administrator
View metrics
View status information
View configuration
Turn maintenance mode on or off
Install components
Add or delete hosts

Table 3. Cluster-Level Permissions

Permissions	Cluster User	Service Operator	Service Administrator	Cluster Operator	Cluster Administrator	Ambari Administrator
View metrics
View status information
View configuration
View stack version details
View alerts
Enable or disable alerts
Enable or disable Kerberos
Upgrade or downgrade stack

Table 4. Ambari-Level Permissions

Permissions	Cluster User	Service Operator	Service Administrator	Cluster Operator	Cluster Administrator	Ambari Administrator
Create new clusters
Set service users and groups
Rename clusters
Manage users
Manage groups
Manage Ambari Views
Assign permission and roles
Manage stack versions
Edit stack repository URLs