Chapter 4. Roles Required to Work with DPS Services
To perform actions in DPS Platform and associated services, you must be an DPS administrator, an infrastructure administrator, or a data steward. In addition, to perform actions in Apache Ambari that impact DPS (such as creating clusters, changing configuration settings for services, and so forth), you must be an Ambari administrator or a cluster administrator.
Other roles might be required during installation, depending on your configuration. See the installation instructions for roles required during installation.
Roles for DPS Services
The following roles are available to perform actions in the DPS UI.
DPS Admin
An DPS Admin role is created during installation, so you can initially log in to DPS Platform.
Can access DPS Platform and perform all actions in DPS Platform related to clusters, users, and enabling services .
Can access all services enabled with DPS Platform, and perform the same actions as each administrator role assigned to the enabled services, such as Infra (infrastructure) Admin, Data Steward, and so forth.
Infra Admin
Can access DPS Platform service to manage clusters enabled for Data Lifecycle Manager (DLM).
Cannot perform any other DPS Admin actions.
Can access and perform all actions in Data Lifecycle Manager.
Has read-only access to browse, within the DLM UI, the folder structure of any cluster enabled for DLM.
This access is available to all users logged in to DLM as the Infra Admin, even if they do not have permissions to view the directories or databases as a Linux user or Kerberos principal.
Cannot view the content of the source or copied files or databases from the DLM UI.
Cannot modify or delete folders or databases that you can view from the DLM UI.
Can create replication policies for any folders or databases on clusters enabled for DLM, and replicate the data objects by using the DLM Engine.
This ability is available to all users logged in to DLM as the Infra Admin, even if the users do not have access to the target path on the target cluster.
Data Steward
Can access the DPS Platform service to see and manage clusters enabled for Data Steward Studio.
Can access Data Steward Studio and monitor all data in the DSS UI.
Interactions are only with Apache Atlas and Apache Ranger, so Atlas and Ranger authorization must be set up to enable read access.
Cannot currently access any file contents from HDFS or Apache Hive.
Roles Required for Installation and Troubleshooting
You also need the Ambari Admin or Cluster Admin roles to install Hortonworks DPS, add clusters to Ambari, troubleshoot cluster issues, and so forth.
See Apache Ambari Administration for further details about these roles.
Ambari Admin
Has full control over all aspects of Ambari.
Can install HDP by using the Ambari installation wizard.
Can install the DLM Engine (Beacon) management pack and configure the DLM Engine.
Can start and stop the DLM Engine and troubleshoot cluster problems.
Cannot access DPS Platform or any enabled service in DPS Platform.
Cluster Admin
Has control over a cluster, its hosts, and services.
Can create clusters to be registered with DPS Platform.
Can start and stop the DLM Engine and troubleshoot cluster problems.
Cannot access DPS Platform or any enabled service in DPS Platform.
Required Roles by Task
The following tables indicate the roles required to perform various tasks in DPS Platform and the associated services.
DPS Platform Tasks and Required Roles
The following table shows tasks you can perform that are related to DPS Platform and the roles required to perform the tasks.
| Task | DataPlane Admin | Infra Admin | Data Steward | Ambari Admin | Cluster Admin |
|---|---|---|---|---|---|
| Install HDP using Ambari | X | ||||
| Install DPS Docker image | X | ||||
| Install service (DLM, DSS) Docker image | X | ||||
| Configure LDAP | X | X | |||
| Enable DPS services (DLM, DSS) | X | ||||
| Manage DPS users | X | ||||
| Manage DPS clusters (register, delete, etc.) | X | ||||
| Monitor clusters in DPS | X | X | X | ||
| Create a cluster | X | X |
Data Lifecycle Manager Tasks and Required Roles
The following table shows tasks you can perform that are related to DLM and the roles required to perform the tasks.
| Task | DataPlane Admin | Infra Admin | Data Steward | Ambari Admin | Cluster Admin |
|---|---|---|---|---|---|
| Install DLM Engine MPack | X | ||||
| Enable DLM | X | ||||
| Log in to DLM | X | ||||
| Register clusters | X | ||||
| Pair clusters | X | ||||
| Browse HDFS folders | X | ||||
| Browse Hive databases | X | ||||
| Create or schedule a replication policy (HDFS or Hive) | X | ||||
| Manage a replication policy (suspend, delete, resume, etc.) | X | ||||
| Monitor a replication job (HDFS or Hive) | X | ||||
| Create or schedule a DR policy (HDFS or Hive) | X | ||||
| Manage a DR policy (suspend, delete, resume, etc.) | X | ||||
| Monitor a DR job (HDFS or Hive) | X | ||||
| Monitor DLM alerts | X | ||||
| Access DLM log information | X | ||||
| Allocate DistCp jobs to YARN queue | X | ||||
| Allocate bandwidth | X | ||||
| Start or stop the DLM (Beacon) Engine in Ambari | X | X | |||
| Access Ambari for troubleshooting | X | X |
Data Steward Studio
The following table shows actions you can perform that are related to DSS and the roles required to perform the actions.
| Task | DataPlane Admin | Infra Admin | Data Steward | Ambari Admin | Cluster Admin |
|---|---|---|---|---|---|
| Enable DSS | X | ||||
| Log in to DSS | X | ||||
| Register clusters | X | ||||
| Start or stop the DSS Profiler engine | X | ||||
| Access Ambari for troubleshooting | X | X |
More Information