tencent cloud

Elastic MapReduce

  • Release Notes and Announcements
  • Product Introduction
  • Purchase Guide
    • EMR on CVM Billing Instructions
    • EMR on TKE Billing Instructions
    • EMR Serverless HBase Billing Instructions
    • EMR Serverless TCBase Billing Overview
  • Getting Started
  • EMR on CVM Operation Guide
    • Planning Cluster
    • Administrative rights
    • Configuring Cluster
    • Managing Cluster
    • Managing Service
    • Monitoring and Alarms
    • TCInsight
  • EMR on TKE Operation Guide
  • EMR Serverless HBase Operation Guide
  • EMR Serverless TCBase Operation Guide
  • EMR Development Guide
    • Hadoop Development Guide
    • Spark Development Guide
    • Hbase Development Guide
    • Phoenix on Hbase Development Guide
    • Hive Development Guide
    • Presto Development Guide
    • Sqoop Development Guide
    • Hue Development Guide
    • Oozie Development Guide
    • Flume Development Guide
    • Kerberos Development Guide
    • Knox Development Guide
    • Alluxio Development Guide
    • Kylin Development Guide
    • Livy Development Guide
    • Kyuubi Development Guide
    • Zeppelin Development Guide
    • Hudi Development Guide
    • Superset Development Guide
    • Impala Development Guide
    • Druid Development Guide
    • TensorFlow Development Guide
    • Kudu Development Guide
    • Ranger Development Guide
    • Kafka Development Guide
    • StarRocks Development Guide
    • Flink Development Guide
    • JupyterLab Development Guide
    • MLflow Development Guide
  • Practical Tutorial
    • Practice of EMR on CVM Ops
    • Data Migration
    • Practical Tutorial on Custom Scaling
  • API Documentation
    • History
    • Introduction
    • API Category
    • Making API Requests
    • Cluster Resource Management APIs
    • Cluster Services APIs
    • User Management APIs
    • Information Query APIs
    • Scaling APIs
    • Configuration APIs
    • Other APIs
    • Cluster Lifecycle APIs
    • Serverless HBase APIs
    • YARN Resource Scheduling APIs
    • Data Types
    • Error Codes
  • FAQs
    • EMR on CVM
  • Service Level Agreement
  • Contact Us
文档Elastic MapReduceEMR on TKE Operation GuideConfiguring ClusterPermission ManagementRole Authorization

Role Authorization

Download
聚焦模式
字号
最后更新时间: 2024-10-30 15:50:01
When using the EMR service, users need to grant the service account the default system role EMR_QCSRole. Once the role is successfully granted, EMR can call related services (such as TKE and COS) to create clusters and save logs.
Note
When enabling EMR for the first time, you need to complete the role authorization process using the root account; otherwise, neither sub-accounts nor the root account can use EMR.

Role Authorization Process

1. When a user creates a cluster or creates an on-demand execution plan, if the EMR_QCSRole role authorization for the service account fails, the user will be redirected to a page notifying the permission limitations. Then click Go to CAM to proceed with role authorization.
2. Click Agree to Authorize to authorize the default role EMR_QCSRole to the EMR service account.
3. After authorization is completed, the user needs to refresh the EMR console or purchase page, after which normal operations can proceed. For more detailed information on EMR_QCSRole policies, you can log in to the CAM Console. The permissions included in EMR_QCSRole can be found in Collaborator/Sub-account Permissions.

Special Instructions for Service Role Authorization Related to EMR on TKE Clusters

When you create or use an EMR on TKE cluster, data needs to be directly written to or calculated in Cloud Object Storage (COS). To ensure data security, EMR should be granted temporary keys to read and write COS resources. Therefore, the relevant EMR service-related role EMR_QCSLinkedRoleInApplicationDataAccess should be authorized and bound to the QcloudAccessForEMRLinkedRoleInApplicationDataAccess preset policy.
1. When viewing the EMR on TKE cluster list, you need to check if the service-related role EMR_QCSLinkedRoleInApplicationDataAccess is bound to the EMR service.
2. If the EMR service-related role EMR_QCSLinkedRoleInApplicationDataAccess does not exist, authorization and binding need to be performed.
Note
If you need to specify cluster access permissions for the corresponding COS resources in a more refined manner, see Custom Service Roles for settings.

EMR on TKE Cluster Authentication Description

The permission settings for sub-accounts and collaborators are consistent with that of the EMR on CVM version. For details, see Collaborator/Sub-account Permissions.
Tag authentication and API authentication settings are consistent with that of the EMR on CVM version. For details, see Authentication Granularity Scheme.

上一篇: Introduction to EMR on TKE下一篇: Creating Cluster

帮助和支持

本页内容是否解决了您的问题?

填写满意度调查问卷,共创更好文档体验。

文档反馈