azkaban group分组,权限

翻译自:https://azkaban.readthedocs.io/en/latest/userManager.html?highlight=group

1.job project,名为"e",分享给某人看,下图位置中添加那个人账号即可(可在lmk账号登录,并在 projects>>Personal>>看到那个项目e)

2.分享到组内,group,也是同样的方式同样位置(如下图),在Group下add一个名为跟g2park的group name,

并在azkaban-web-server/con/azkaban-user.xml下添加一个分组g2park ,并分配好权限

<azkaban-users>
  <user groups="azkaban" password="azkaban" roles="admin" username="azkaban"/>
  <user password="metrics" roles="metrics" username="metrics"/>
  <group name="g2park" roles="g2park_role" />

  <user username="admin" password="123" groups="g2park" roles="admin,metrics" />
  <user username="ht" password="123" groups="g2park"  />
  <user username="lmk" password="123" groups="g2park" />

  <role name="admin" permissions="ADMIN"/>
  <role name="metrics" permissions="METRICS"/>
  <role name="g2park_role" permissions="READ,WRITE,EXECUTE,SCHEDULE" />
</azkaban-users>

上面xml配置中的分组g2park与网页上的分组名字对应,重启azkaban-web-server服务,同一个分组下就能看到了,

即,ht账号分享project到是group里,lmk账号登陆后,可在Projects>>Group下看到

3.此外,创建分享权限时候有几个权限可以勾选,

以下是官网关于权限的一些说明如下:

1)xml中user账号的roles权限和所在groups中的roles权限,取合集

2)权限分为 ADMIN,READ,WRITE,EXECUTE,SCHEDULE 

Roles

Roles are different in that it assigns global permissions to users in Azkaban. You can set up roles with the <roles> tag.:

<azkaban-users>
  <user username="a" ... groups="groupa" roles="readall" / >
  <user username="b" ... / >
  ...
  <group name="groupa" roles="admin" / >
  ...
  <role name="admin" permissions="ADMIN" / >
  <role name="readall" permissions="READ" / >
</azkaban-users>

 

In the above example, user ‘a’ has the role ‘readall’, which is defined as having the READ permission. This means that user ‘a’ has global READ access on all the projects and executions.

User ‘a’ also is in ‘groupa’, which has the role ADMIN. It’s certainly redundant, but user ‘a’ is also granted the ADMIN role on all projects.

The possible role permissions are the following:

PermissionsValues
ADMIN Grants all access to everything in Azkaban.
READ Gives users read only access to every project and their logs
WRITE Allows users to upload files, change job properties or remove any project
EXECUTE Allows users to trigger the execution of any flow
SCHEDULE Users can add or remove schedules for any flows
CREATEPROJECTS Allows users to create new projects if project creation is locked down

 

posted @ 2018-09-13 19:55  君子笑而不语  阅读(723)  评论(0)    收藏  举报