tencent cloud

Elastic MapReduce

Release Notes and Announcements
Release Notes
Announcements
Security Announcements
Product Introduction
Overview
Strengths
Architecture
Features
Use Cases
Constraints and Limits
Technical Support Scope
Product release
Purchase Guide
EMR on CVM Billing Instructions
EMR on TKE Billing Instructions
EMR Serverless HBase Billing Instructions
Getting Started
EMR on CVM Quick Start
EMR on TKE Quick Start
EMR on CVM Operation Guide
Planning Cluster
Administrative rights
Configuring Cluster
Managing Cluster
Managing Service
Monitoring and Alarms
TCInsight
EMR on TKE Operation Guide
Introduction to EMR on TKE
Configuring Cluster
Cluster Management
Service Management
Monitoring and Ops
Application Analysis
EMR Serverless HBase Operation Guide
EMR Serverless HBase Product Introduction
Quotas and Limits
Planning an Instance
Managing an Instance
Monitoring and Alarms
Development Guide
EMR Development Guide
Hadoop Development Guide
Spark Development Guide
Hbase Development Guide
Phoenix on Hbase Development Guide
Hive Development Guide
Presto Development Guide
Sqoop Development Guide
Hue Development Guide
Oozie Development Guide
Flume Development Guide
Kerberos Development Guide
Knox Development Guide
Alluxio Development Guide
Kylin Development Guide
Livy Development Guide
Kyuubi Development Guide
Zeppelin Development Guide
Hudi Development Guide
Superset Development Guide
Impala Development Guide
Druid Development Guide
TensorFlow Development Guide
Kudu Development Guide
Ranger Development Guide
Kafka Development Guide
Iceberg Development Guide
StarRocks Development Guide
Flink Development Guide
JupyterLab Development Guide
MLflow Development Guide
Practical Tutorial
Practice of EMR on CVM Ops
Data Migration
Practical Tutorial on Custom Scaling
API Documentation
History
Introduction
API Category
Cluster Resource Management APIs
Cluster Services APIs
User Management APIs
Data Inquiry APIs
Scaling APIs
Configuration APIs
Other APIs
Serverless HBase APIs
YARN Resource Scheduling APIs
Making API Requests
Data Types
Error Codes
FAQs
EMR on CVM
Service Level Agreement
Contact Us
문서Elastic MapReduceEMR on TKE Operation GuideConfiguring ClusterPermission ManagementRole Authorization

Role Authorization

PDF
포커스 모드
폰트 크기
마지막 업데이트 시간: 2024-10-30 15:50:01
When using the EMR service, users need to grant the service account the default system role EMR_QCSRole. Once the role is successfully granted, EMR can call related services (such as TKE and COS) to create clusters and save logs.
Note
When enabling EMR for the first time, you need to complete the role authorization process using the root account; otherwise, neither sub-accounts nor the root account can use EMR.

Role Authorization Process

1. When a user creates a cluster or creates an on-demand execution plan, if the EMR_QCSRole role authorization for the service account fails, the user will be redirected to a page notifying the permission limitations. Then click Go to CAM to proceed with role authorization.
2. Click Agree to Authorize to authorize the default role EMR_QCSRole to the EMR service account.
3. After authorization is completed, the user needs to refresh the EMR console or purchase page, after which normal operations can proceed. For more detailed information on EMR_QCSRole policies, you can log in to the CAM Console. The permissions included in EMR_QCSRole can be found in Collaborator/Sub-account Permissions.

Special Instructions for Service Role Authorization Related to EMR on TKE Clusters

When you create or use an EMR on TKE cluster, data needs to be directly written to or calculated in Cloud Object Storage (COS). To ensure data security, EMR should be granted temporary keys to read and write COS resources. Therefore, the relevant EMR service-related role EMR_QCSLinkedRoleInApplicationDataAccess should be authorized and bound to the QcloudAccessForEMRLinkedRoleInApplicationDataAccess preset policy.
1. When viewing the EMR on TKE cluster list, you need to check if the service-related role EMR_QCSLinkedRoleInApplicationDataAccess is bound to the EMR service.
2. If the EMR service-related role EMR_QCSLinkedRoleInApplicationDataAccess does not exist, authorization and binding need to be performed.
Note
If you need to specify cluster access permissions for the corresponding COS resources in a more refined manner, see Custom Service Roles for settings.

EMR on TKE Cluster Authentication Description

The permission settings for sub-accounts and collaborators are consistent with that of the EMR on CVM version. For details, see Collaborator/Sub-account Permissions.
Tag authentication and API authentication settings are consistent with that of the EMR on CVM version. For details, see Authentication Granularity Scheme.

이전 주제: Introduction to EMR on TKE다음 주제: Creating Cluster

도움말 및 지원

문제 해결에 도움이 되었나요?

피드백