User Permission Requirements by API

Lists user permission requirements by API.

The following tables describe the user permissions required for each API.

NOTE: An asterisk (*) after the API name indicates that the API is only available via REST interfaces.

Table 1. A
API	User Requirement
acl edit	ACL permission: `a` on the cluster and volume
acl set	ACL permission: `a` on the cluster and volume
acl show	ACL permission: login on the cluster
alarm clear	ACL permission: `fc` or `a` on the cluster
alarm clearall	ACL permission: `fc` or `a` on the cluster
alarm config load	ACL permission: `login` on the cluster
alarm config save	ACL permission: `fc` or `a` on the cluster
alarm list	ACL permission: `login` on the cluster
alarm names	ACL permission: `login` on the cluster
alarm raise	ACL permission: `fc` or `a` on the cluster

Table 2. B
API	User Requirement
blacklist user	ACL permission: `a` on the cluster
blacklist listuser	ACL permission: `a` on the cluster

Table 3. C
API	User Requirement
cluster gateway delete	ACL permission: `fc` or `a` on the source cluster
cluster gateway get	ACL permission: `fc` or `a` on the source cluster
cluster gateway list	ACL permission: `fc` or `a` on the source cluster
cluster gateway local	ACL permission: `fc` or `a` on the source cluster
cluster gateway resolve	ACL permission: `fc` or `a` on the source cluster
cluster gateway set	ACL permission: `fc` or `a` on the source cluster
cluster mapreduce get	ACL permission: `login` on the cluster
cluster mapreduce set	ACL permission: `fc` or `a` on the cluster
config load	ACL permission: `login` on the cluster
config save	ACL permission: `fc` or `a` on the cluster

Table 4. D
API	User Requirement
dashboard info	ACL permission: `login` on the cluster
dailhome ackdail	ACL permission: `login` on the cluster
dailhome enable	ACL permission: `fc` or `a` on the cluster
dailhome lastdialed	ACL permission: `login` on the cluster
dialhome metrics	ACL permission: `login` on the cluster
dailhome status	ACL permission: `login` on the cluster
disk add	ACL permission: `login` on the cluster
disk list	ACL permission: `login` on the cluster
disk listall	ACL permission: `fc` or `a` on the cluster
disk remove	ACL permission: `fc` or `a` on the cluster
dump balancerinfo	ACL permission: `login` on the cluster
dump balancemetrics	ACL permission: `login` on the cluster
dump cldbnodes	ACL permission: `login` on the cluster
dump containerinfo	ACL permission: `login` on the cluster
dump containers	ACL permission: `login` on the cluster
dump fileserverworkinfo	ACL permission: `login` on the cluster
dump replicationmanagerinfo	ACL permission: `login` on the cluster
dump replicationmanagerqueueinfo	ACL permission: `login` on the cluster
dump rereplicationinfo	ACL permission: `login` on the cluster
dump rolebalancermetrics	ACL permission: `login` on the cluster
dump rolebalancerinfo	ACL permission: `login` on the cluster
dump volumeinfo	ACL permission: `login` on the cluster
dump volumenodes	ACL permission: `login` on the cluster
dump zkinfo	ACL permission: `login` on the cluster

Table 5. E
API	User Requirement
entity info	ACL permission: `login` on the cluster
entity list	ACL permission: `login` on the cluster
entity modify	ACL permission: `fc` or `a` on the cluster

Table 6. F
API	User Requirement
fid dump	Only the `root` user or `MAPR_USER` user (user name under which MapR services runs) can run this command.
fid stat	Only the `root` user or `MAPR_USER` user (user name under which MapR services runs) can run this command.

Table 7. J
API	User Requirement
job changepriority	For YARN applications, the user must be specified in the `yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue` property in the conf/capacity-scheduler.xml. For MapReduce v1 jobs, the user must be specified in `mapred.queue.<queue-name>.acl-administer-job` property in the mapred-queue-acls.xml.
job kill	For YARN applications, the user must be specified in the `yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue` property in the conf/capacity-scheduler.xml. For MapReduce v1 jobs, the user must be specified in `mapred.queue.<queue-name>.acl-administer-job` property in the mapred-queue-acls.xml.
job linklogs	User that submitted the job -or- User with permissions on the log files.
job table*	ACL permission: `login` on the cluster

Table 8. L
API	User Requirement
license remove	ACL permission: `fc` or `a` on the cluster
license listcrl	ACL permission: `login` on the cluster
license list	ACL permission: `login` on the cluster
license apps	ACL permission: `login` on the cluster
license addcrl	ACL permission: `fc` or `a` on the cluster
license add	ACL permission: `fc` or `a` on the cluster
licence showid	ACL permission: `login` on the cluster

Table 9. M
API	User Requirement
metrics API	ACL permission: `login` on the cluster

Table 10. N
API	User Requirement
nagios generate	ACL permission: `login` on the cluster
nfsmgmt refreshexports	ACL permission: `fc` or `a` on the cluster
node add-to-cluster	ACL permission: `fc` or `a` on the cluster
node allow-into-cluster	ACL permission: `fc` or `a` on the cluster
node cldbmaster	none
node heatmap	ACL permission: `login` on the cluster
node list	ACL permission: `login` on the cluster
node listcldbs	ACL permission: `login` on the cluster
node listcldbzks	ACL permission: `login` on the cluster
node listzookeepers	ACL permission: `login` on the cluster
node maintenance	ACL permission: `fc` or `a` on the cluster
node metrics	ACL permission: `login` on the cluster
node move	ACL permission: `fc` or `a` on the cluster
node remove	ACL permission: `fc` or `a` on the cluster
node services	ACL permission: ss, `fc` or `a` on the cluster
node topo	ACL permission: `login` on the cluster

Table 11. R
API	User Requirement
rlimit get	ACL permission: `login` on the cluster
rlimit set	ACL permission: `fc` or `a` on the cluster

Table 12. S
API	User Requirement
schedule create	ACL permission: `fc` or `a` on the cluster
schedule list	ACL permission: `login` on the cluster
schedule modify	ACL permission: `fc` or `a` on the cluster
schedule remove	ACL permission: `fc` or `a` on the cluster
service list	ACL permission: `login` on the cluster
setloglevel cldb	ACL permission: `fc` or `a` on the cluster
setloglevel fileserver	ACL permission: `fc` or `a` on the cluster
setloglevel hbmaster	ACL permission: `fc` or `a` on the cluster
setloglevel hbregionserver	ACL permission: `fc` or `a` on the cluster
setloglevel jobtracker	ACL permission: `fc` or `a` on the cluster
setloglevel nfs	ACL permission: `fc` or `a` on the cluster
setloglevel tasktracker	ACL permission: `fc` or `a` on the cluster

Table 13. T
API	User Requirement
table cf create	ACE Permission: Create/Rename Column Family ( `createrenamefamilyperm` )
table cf edit	ACE Permission to rename a column family: Create/Rename Column Family ( `createrenamefamilyperm` ) ACE Permission to edit the minimum or maximum version: Set min/max versions ( `versionperm` ) ACE Permission to edit the time to live setting: Set min/max versions ( `versionperm` ) ACE Permission to edit the in-memory setting: Pin CF in mempry ( `memoryperm` ) ACE Permission to edit the compression setting: Set compression ( `compressionperm` ) ACE Permission to edit column family permissions: Admin access ( `adminaccessperm` )
table cf delete	ACE Permission: Delete Column Family ( `deletefamilyperm` )
table cf list	ACE Permissions: Read Data ( `readperm` )
table cf colperm get	ACE Permission: Admin access ( `adminaccessperm` )
table cf colperm set	ACE Permission: Admin access ( `adminaccessperm` )
table cf colperm delete	ACE Permission: Admin access ( `adminaccessperm` )
table create	Permission on the directory where you want to create the table
table delete	Permission on the directory where you want to delete the table
table info	ACE Permission: Admin access ( `adminaccessperm` )
table listrecent	ACL permission: `login` on the cluster
table region list	ACL permission: `login` on the cluster
table region merge	ACE permission: Split Merge ( `splitmergeperm` )
table region split	ACE permission: Split Merge ( `splitmergeperm` )
table region pack	ACE permission: Force pack ( `packperm` )
table replica add	Read permission on the directory that contains the destination table ACE Permission: Replication Access ( `replperm` ) on the source table
table replica autosetup	Write permission on the directory where you want to create the destination table ACE permissions: Read Data (readperm) for the data in the source table that you want to copy ACE permissions: Replication Access (replperm) on the source table
table replica edit	ACE Permission: Replication Access ( `replperm` ) on the source table
table replica list	ACE Permission: Replication Access ( `replperm` ) on the source table
table replica pause	ACE Permission: Replication Access ( `replperm` ) on the source table
table replica remove	ACE Permission: Replication Access ( `replperm` ) on the source table
table replica resume	ACE Permission: Replication Access ( `replperm` ) on the source table
table upstream add	Read permission on the directory that contains the source table ACE Permission: Replication Access ( `replperm` ) on the destination table
table upstream list	ACE Permission: Replication Access ( `replperm` ) on the destination table
table upstream remove	ACE Permission: Replication Access ( `replperm` ) on the destination table
task failattempt	For MapReduce v1 jobs, the user must be specified in `mapred.queue.<queue-name>.acl-administer-job` property in the mapred-queue-acls.xml.
task killattempt	For MapReduce v1 jobs, the user must be specified in `mapred.queue.<queue-name>.acl-administer-job` property in the mapred-queue-acls.xml.
task table*	ACL permission: `login` on the cluster
trace dump	ACL permission: `login` on the cluster
trace info	ACL permission: `login` on the cluster
trace print	ACL permission: `login` on the cluster
trace reset	ACL permission: `login` on the cluster
trace resize	ACL permission: `login` on the cluster
trace setlevel	ACL permission: `login` on the cluster
trace setmode	ACL permission: `login` on the cluster

Table 14. U
API	User Requirement
urls	ACL permission: `login` on the cluster

Table 15. V
API	User Requirement
virtualip add	ACL permission: `fc` or `a` on the cluster
virtualip edit	ACL permission: `fc` or `a` on the cluster
virtualip list	ACL permission: `login` on the cluster
virtualip move	ACL permission: `fc` or `a` on the cluster
virtualip remove	ACL permission: `fc` or `a` on the cluster
volume container move	ACL permission: `fc` or `m` on the volume
volume container switchmaster	Only the `root` user or `MAPR_USER` user (user name under which MapR services runs) can run this command.
volume create	ACL permission: `fc` or `cv` on the cluster
volume dump create	ACL permission: `fc` or `dump` on the volume
volume dump restore	ACL permission: `fc` or `restore` on the volume
volume fixmountpath	ACL permission: `fc` or `m` on the volume
volume info	none
volume link create	ACL permission: `fc` or `m` on the volume
volume link remove	ACL permission: `fc` or `m` on the volume
volume list	ACL permission: `login` on the cluster
volume mirror push	ACL permission: `fc` or `restore` on the volume
volume mirror start	ACL permission: `fc` or `restore` on the volume
volume mirror stop	ACL permission: `fc` or `restore` on the volume
volume modify	ACL permission: `fc` or `m` on the volume
volume mount	ACL permission: `fc` or `m` on the volume
volume move	ACL permission: `fc` or `m` on the volume
volume remove	ACL permission: `fc` or `d` on the volume
volume rename	ACL permission: `fc` or `d` on the volume
volume showmounts	ACL permission: `login` on the cluster
volume snapshot create	ACL permission: `fc` or `m` on the volume
volume snapshot list	ACL permission: `fc` or `m` on the volume
volume snapshot preserve	ACL permission: `fc` or `m` on the volume
volume snapshot remove	ACL permission: `fc` or `m` on the volume
volume unmount	ACL permission: `fc` or `m` on the volume