Managing Oracle Big Data Manager Users, Roles, and Access

2.3 Managing Oracle Big Data Manager Users, Roles, and Access

An administrator must create Oracle Big Data Manager users at the command line. Once they’ve been created, you can edit user details and manage access in the Oracle Big Data Manager console.

Note:

By default, the bigdatamgr user is created and granted the administrator role in Oracle Big Data Manager. This user should be used to grant roles and register providers. The bigdatamgr user has the same password as the Cloudera Manager administrator that was defined in Create Instance wizard when creating the cluster.

2.3.1 Adding Oracle Big Data Manager Users

An administrator must create Oracle Big Data Manager user accounts on the Linux command line. After creating a user account, the administrator can use the Oracle Big Data Manager console to edit user details and manage access.

To add a user:

Open a command shell and use SSH to connect to a cluster node as the bigdatamgr user (or another user with administration privileges).
Open a root shell:
```
su -
```
Export the new user’s password to a password file:
```
user_password > user_password_file
chmod 600 user_password_file
```
where:
- user_password is the password for the new user.
- user_password_file is the password file for the new user. This file must have permissions 600.
Note:

It is a safer practice to define the user password as an environment variable and then pass that value to the command. When the value is passed as the value of the environment variable, the actual value won't be visible in the bash history. In this case, use the following, instead of the commands listed above.
```
echo ${USER_PASSWORD}>${USER_PASSWORD_FILE}
chmod 600 ${USER_PASSWORD_FILE}
```
where:
- USER_PASSWORD is the environment variable containing the value of the password for the new user. The name of the environment variable can be any valid environment variable name.
- USER_PASSWORD_FILE is the environment variable containing the value of the password file for the new user. The name of the environment variable can be any valid environment variable name. This file has to have permissions 600.
Add the user and create a home directory for the user in the cluster’s HDFS file system:
```
/usr/bin/bdm-add-user--create-hdfs-home new_user user_password_file
```
where new_user is the new user name.
On the node where Oracle Big Data Manager runs, enter the following command to restart Oracle Big Data Manager. This reloads the user configuration from the database.
```
service bigdatamanager restart
```
You can also use Configuration Manager to restart the Big Data Manager service.

Note:
On Oracle Big Data Appliance, Oracle Big Data Manager is by default hosted on the same node as Cloudera Manager and is accessed on port 8890.

2.3.2 Edit User Details and Manage Roles

A user with administrator privileges can edit user details and manage roles in the Oracle Big Data Manager console.

To access and modify user details and manage user roles:

Sign in to the Oracle Big Data Manager console as the bigdatamgr user, or as another user with administrator privileges.
Click the Administration tab at the top of the page, and then click Users on the left side of the page to show the list of users that have been added.
Click the menu in the row for the user, and then select Edit. To disable the user account, select Disable account.
Edit user details as desired. Click inside the Roles field to see and select from available roles.

The Roles page on the Administration tab shows the roles available for users and the permissions associated with each. The permissions for each role are configured by default in Oracle Big Data Manager and cannot be changed.

2.3.3 Controlling Access to Specific Providers

A user with administrator privileges can control access to storage containers.

Note:

When a new cluster is created, the bigdatamgr user is created and granted the Oracle Big Data Manager Administrator role.

To control access to storage containers:

Sign into the Oracle Big Data Manager console as the bigdatamgr user, or another user with administrator privileges.
Click Administration at the top of the page to open the Administration page.
Click Storages on the left of the page to show a list of registered storage providers.
Click the menu icon to the right of the provider you are providing access to, and select Manage Users.
Use the arrows to move users from the left panel to the right panel to create an access list of users who will be able to see that provider in the web application. This doesn’t give Write access to the storage. Users must have appropriate permissions to work with data in the provider.