All Products
Search

This Product

    E-MapReduce:Manage users and data authorization

    Document Center

    E-MapReduce:Manage users and data authorization

    Last Updated:Mar 25, 2026

    Use Security Center in StarRocks Manager to manage users and roles, and grant fine-grained access control to your EMR Serverless StarRocks resources.

    Prerequisites

    Before you begin, ensure that you have:

    Key concepts

    EMR Serverless StarRocks uses a role-based access control model: permissions are granted to roles, and roles are assigned to users. This lets you manage access at scale by updating a role's permissions once rather than updating each user individually.

    Built-in roles

    EMR Serverless StarRocks provides three built-in roles.

    RoleDescriptionNotes
    db_adminManages database objects, such as creating and modifying databases.Grant this role to users responsible for schema management.
    publicA global role automatically assigned to all users. Provides basic access to public resources.All users inherit this role.
    user_adminManages user accounts, including creating and modifying users, and granting permissions.A user with user_admin, or both user_admin and db_admin, is a super administrator.

    Built-in roles cannot be deleted or have their permissions modified.

    User types

    User typeDefinition
    Super administratorA user assigned the user_admin role, or both user_admin and db_admin. The default super administrator account is named admin.
    Regular userA user with only the default public role, or with db_admin attached.

    Manage users

    Add a user

    1. Go to the StarRocks Manager page.

      1. Log on to the E-MapReduce console.

      2. In the left navigation pane, choose EMR Serverless > StarRocks.

      3. In the top menu bar, select the region.

      4. Click StarRocks Manager, or click Connect in the Actions column for the target instance. For details, see Connect to a StarRocks instance using EMR StarRocks Manager.

    2. In the left navigation pane, choose Security Center > User Management.

    3. On the User Management page, click Create User.

    4. Configure the following parameters and click OK.

    Grant permissions to a user

    After creating a user, grant permissions to specific resources.

    1. On the User Management page, click Add Permission in the Actions column for the target user.

    2. On the Permissions tab, click Add Permission.

    3. In the Add Permission panel, configure the following parameters and click OK.

    Edit or delete a user

    Edit: In the Actions column for the target user, click Modify user to update the description, Change Password to reset the password, or Add Permission to update roles and permissions.

    Delete:

    • The built-in admin user cannot be deleted.

    • For custom users, click Delete in the Actions column.

    Manage roles

    If the built-in roles do not meet your needs, create custom roles with more granular permissions.

    Create a role

    1. On the StarRocks Manager page, choose Security Center > Roles.

    2. On the Roles page, click Create Role.

    3. In the Create Role dialog box, enter a description and click OK.

    Grant permissions to a role

    1. On the Roles page, click Add Permission in the Actions column for the target role.

    2. On the Permissions tab, click Add Permission.

    3. In the Add Permission panel, select the resource and permissions, and click OK. For available resources and permissions, see the table in Grant permissions to a user.

    Edit or delete a role

    Edit:

    • Built-in roles cannot be edited or have their permissions modified.

    • Custom roles: click Modify or Add Permission in the Actions column to update the description, assigned users, and permissions.

    Delete:

    • Built-in roles cannot be deleted.

    • For custom roles, click Delete in the Actions column.

    Common scenarios

    Create a user and grant permissions

    1. On the EMR StarRocks Manager page, choose Security Center > User Management.

    2. Create a user.

      1. On the User Management page, click Create User.

      2. In the dialog box that appears, configure the parameters and click OK. For more information about the parameters, see the table in the Add a user section.

    3. Grant permissions to the new user.

      1. On the User Management page, click Add Permission in the Actions column for the new user.

      2. On the Permissions tab, click Add Permission.

      3. In the Add Permission panel, select a resource and its corresponding permissions, and then click OK.

    Create a new role and assign it to an existing user

    If the built-in roles do not meet your needs, you can create a custom role. Custom roles provide more fine-grained access control. This helps you meet security requirements or handle complex scenarios, such as dynamic permission adjustments.

    1. On the EMR StarRocks Manager page, choose Security Center > Roles.

    2. Create a role.

      1. On the Roles page, click Create Role.

      2. In the Create Role dialog box, enter a description and click OK.

    3. Add permissions to the new role.

      1. On the Roles page, click Add Permission in the Actions column for the new role.

      2. On the Permissions tab, click Add Permission.

      3. In the Add Permission panel, select a resource and its corresponding permissions, and then click OK.

    4. Assign the role to an existing user.

      1. Click the User List tab.

      2. On the Users tab, click Create User.

      3. In the Create User panel, select the target user and click OK.

    What's next

    To view SQL query information, analyze execution plans, and troubleshoot SQL issues for an instance, see Diagnosis and analysis.