Create Access Rules

Not Oracle Cloud Infrastructure This topic does not apply to Oracle Cloud Infrastructure.

Administrators can create access rules to enable ports not associated with predefined access rules, or to restrict access to ports to only permit connections from specific IP addresses.

To create an access rule:
  1. Open the service console. See Access the Service Console for Big Data Cloud.
  2. From the Menu icon menu for the cluster for which you want to manage access, select Access Rules.

    The Access Rules page is displayed. For information about the details on this page, see Service Console: Access Rules Page.

  3. Click Create Rule. In the Create Access Rule dialog, enter the following information:
    • Rule Name: Any name to identify this rule. Must start with a letter, followed by letters, numbers, hyphens, or underscores. Cannot start with ora_ or sys_.

    • Description: (Optional) Any description of your choice.

    • Source: The hosts from which traffic should be allowed. Choices are:

      • PAAS_INFRA: Internal for platform services. Used for various life cycle operations including provisoning, patching, and scaling.

      • PUBLIC-INTERNET: The public-internet Security IP List.

      • bdcsce_ADMIN_HOST: The security list consisting of master nodes, which are designated as ADMIN hosts.

      • bdcsce_COMPUTE_SLAVE: Hosts where the YARN NodeManager is running (no DataNode).

      • bdcsce_MASTER: Hosts where the Big Data Cloud console and REST servers are running.

      • bdcsce_NN_MASTER: Hosts where the NameNode is running (no Big Data Cloud console or REST server).

      • bdcsce_SLAVE: Hosts where both the YARN NodeManager and DataNode are running.

      • custom: A custom list of addresses from which traffic should be allowed. In the field that displays below when you select this option, enter a comma-separated list of the subnets (in CIDR format) or IPv4 addresses for which you want to permit access.

    • Destination: The service component to which traffic should be allowed. Choices are as follows (see the previous descriptions):

      • bdcsce_ADMIN_HOST

      • bdcsce_COMPUTE_SLAVE

      • bdcsce_MASTER

      • bdcsce_NN_MASTER

      • bdcsce_SLAVE

    • Destination Port(s): The port or range of ports you want to open. Specify a single port, such as 5001, or a range of ports separated by a hyphen, such as 5001-5010.

    • Protocol: The protocol for the access rule.

  4. Click Create.

    The Create Access Rule dialog closes and the rule is displayed in the list of rules. New rules are enabled by default. If necessary, adjust the number of results displayed on the Access Rules page so you can see the newly created rule.