Chapter 5. Roles Required to Work with DPS Services
To perform actions in DPS Platform and associated services, you must be an DPS administrator, an infrastructure administrator, or a data steward. In addition, to perform actions in Apache Ambari that impact DPS (such as creating clusters, changing configuration settings for services, and so forth), you must be an Ambari administrator or a cluster administrator.
Other roles might be required during installation, depending on your configuration. See the installation instructions for roles required during installation.
Roles for DPS Services
The following roles are available to perform actions in the DPS UI.
DPS Admin
An DPS Admin role is created during installation, so you can initially log in to DPS Platform
Can access DPS Platform and perform all actions in DPS Platform related to clusters, users, and enabling services
Can access all services enabled with DPS Platform, and perform the same actions as each administrator role assigned to the enabled services, such as Infra (infrastructure) Admin, Data Steward, etc.
Infra Admin
Can access DPS Platform service to manage clusters enabled for Data Lifecycle Manager (DLM), but cannot perform any other DPS Admin actions
Can access and perform all actions in Data Lifecycle Manager
Has read-only access to browse, within the DLM UI, the folder structure of any cluster enabled for DLM
Cannot view the content of the source or copied files or databases, from the DLM UI
Cannot modify or delete folders or databases that you can view from the DLM UI
This access is available to all users logged in to DLM as the Infra Admin, even if they do not have permissions to view the directories or databases as a Linux user or Kerberos principal
Can create replication policies for any folders or databases on clusters enabled for DLM, and replicate the data objects by using the DLM Engine
This ability is available to all users logged in to DLM as the Infra Admin, even if the users do not have access to the target path on the target cluster.
Data Steward
Can access the DPS Platform service to see and manage clusters enabled for Data Steward Studio
Can access Data Steward Studio and monitor all data in the DSS UI
Interactions are only with Apache Atlas and Apache Ranger, so Atlas and Ranger authorization must be set up to enable read access.
Cannot currently access any file contents from HDFS or Apache Hive.
Roles Required for Installation and Troubleshooting
You also need the Ambari Admin or Cluster Admin roles to install Hortonworks DPS, add clusters to Ambari, troubleshoot cluster issues, and so forth.
See Apache Ambari Administration for further details about these roles.
Ambari Admin
Has full control over all aspects of Ambari
Can install HDP by using the Ambari installation wizard
Can install the DLM Engine (Beacon) management pack and configure the DLM Engine
Can start and stop the DLM Engine and troubleshoot cluster problems
Cannot access DPS Platform or any enabled service in DPS Platform
Cluster Admin
Has control over a cluster, its hosts, and services
Can create clusters to be registered with DPS Platform
Can start and stop the DLM Engine and troubleshoot cluster problems
Cannot access DPS Platform or any enabled service in DPS Platform
Required Roles by Task
The following tables indicate the roles required to perform various tasks in DPS Platform and the associated services.
DPS Platform Tasks and Required Roles
The following table shows tasks you can perform that are related to DPS Platform and the roles required to perform the tasks. Except for installation of DPS, and unless otherwise noted, all tasks that require the DataPlane Admin role are performed within the DPS Platform UI.
| Task | DataPlane Admin | Infra Admin | Data Steward | Ambari Admin | Cluster Admin |
|---|---|---|---|---|---|
| Install HDP using Ambari | X | ||||
| Install DPS Docker image (CLI) | X | ||||
| Install service (DLM, DSS) Docker image | X | ||||
| Configure LDAP | X | X | |||
| Enable DPS services (DLM, DSS) | X | ||||
| Manage DPS users | X | ||||
| Manage DPS clusters (register, delete, etc.) | X | ||||
| Monitor clusters in DPS | X | X | X | ||
| Create a cluster | X | X |
Data Lifecycle Manager Tasks and Required Roles
The following table shows tasks you can perform that are related to DLM and the roles required to perform the tasks. Unless otherwise noted, all tasks that require the Infra Admin role are performed within the DLM UI.
| Task | DataPlane Admin | Infra Admin | Data Steward | Ambari Admin | Cluster Admin |
|---|---|---|---|---|---|
| Install DLM Engine MPack | X | ||||
| Enable DLM | X | ||||
| Log in to DLM | X | ||||
| Register clusters | X | ||||
| Pair clusters | X | ||||
| Browse HDFS folders in DLM UI | X | ||||
| Browse Hive databases in DLM UI | X | ||||
| Create or schedule a replication policy (HDFS or Hive) | X | ||||
| Manage a replication policy (suspend, delete, resume, etc.) | X | ||||
| Monitor a replication job (HDFS or Hive) | X | ||||
| Create or schedule a DR policy (HDFS or Hive) | X | ||||
| Manage a DR policy (suspend, delete, resume, etc.) | X | ||||
| Monitor a DR job (HDFS or Hive) | X | ||||
| Monitor DLM alerts | X | ||||
| Access DLM log information | X | ||||
| Allocate DistCp jobs to YARN queue | X | ||||
| Allocate bandwidth | X | ||||
| Start or stop the DLM (Beacon) Engine in Ambari | X | X | |||
| Access Ambari for troubleshooting | X | X |
Data Steward Studio
The following table shows actions you can perform that are related to DSS and the roles required to perform the actions.
| Task | DataPlane Admin | Infra Admin | Data Steward | Ambari Admin | Cluster Admin |
|---|---|---|---|---|---|
| Enable DSS | X | ||||
| Log in to DSS | X | ||||
| Register clusters | X | ||||
| Start or stop the DSS Profiler engine | X | ||||
| Access Ambari for troubleshooting | X | X |
More Information