This topic describes how to manage E-MapReduce (EMR) user accounts on the Users page of the EMR console.
If you click the link of an open source component on the Connect Strings page to access the web UI of the component, an EMR user account is required for identity authentication. The account is also required for identity authentication after LDAP authentication is enabled. If you configure LDAP as the user source for Ranger, you can control the permissions of user accounts listed on the Users page. EMR user accounts can be used to run kinit commands in a high-security cluster.
Classify user accounts
- Administrator: your Alibaba Cloud account or a RAM user with emr:ManageUserPlatform permissions, such as AliyunEMRFullAccess. An administrator can view the information of all user accounts configured in a cluster. In addition, the administrator can perform the following operations on the user accounts: reset the password, remove a user account, modify remarks, and download authentication credentials. In addition, you can add a user account. Authentication credentials can be downloaded only in a high-security cluster.
- Common user: RAM users with other permissions, such as AliyunEMRDevelopAccess. A common user can view only the information of the EMR user account that has the same username as their name and can only reset the password, modify remarks, and download authentication credentials.
Add a user account
- Log on to the EMR console.
- In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.
- Click the Cluster Management tab.
- On the Cluster Management page, find your cluster and click Details in the Actions column.
- In the left-side navigation pane, click Users.
- On the Users page, click Add User in the upper-left corner.
- In the Add User dialog box, select an existing RAM user as the EMR user account from the Username drop-down list and specify Password and Confirm password.
- Click OK.
Perform operations on an added user account
- Reset Password: Change the password of an added user account.
Notice This operation may cause running tasks to fail.
- Download Authentication Credential: Perform this operation only in a high-security cluster. You can download the Ktab of an added user account.
- Remove: Remove an added user account.
Update user account configurations
On the Users page, click Update in the upper-left corner to update the user account configurations that fail to take effect in time due to network latency. You can also click Update to synchronize added OpenLDAP user accounts to the user list on the Users page.
Manage Linux user accounts
This feature is used for high-security clusters with a self-managed LDAP server deployed. You can click LinuxUsers in the upper-right corner of the Users page to add or remove a Linux user account.
When you add a Linux user account, a Linux user account with a specified name is automatically created for each node in the cluster. This account is also available on the nodes that are added when you scale out the cluster in the future.
Different clusters cannot share an EMR user account. EMR user accounts listed on the Users page are valid only for the current cluster. For example, EMR user account A created in cluster-1 cannot be shared with cluster-2. To use EMR user account A in cluster-2, you must create this account in cluster-2.