Analytic applications

Syntax for authorizing Spark applications.

Authorize Spark applications on a DataStax Enterprise Analytics node.

Spark application management permissions use the following modelled hierarchy:

  • ANY WORKPOOL
    • WORKPOOL datacenter_name
  • ANY SUBMISSION
    • ANY SUBMISSION IN WORKPOOL datacenter_name
      • SUBMISSION id IN WORKPOOL datacenter_name

Synopsis

Use the following syntax to grant access:
  • All workpools in the cluster:
    GRANT permission_list 
    ON ANY WORKPOOL 
    TO role_name;
  • Workpool in a datacenter:
    GRANT permission_list 
    ON WORKPOOL datacenter_name 
    TO role_name;
  • All applications in cluster:
    GRANT permission_list 
    ON ANY SUBMISSION 
    TO role_name;
  • All applications in a workpool:
    GRANT permission_list 
    ON ANY SUBMISSION 
    IN WORKPOOL datacenter_name 
    TO role_name; 
  • Specific application in a workpool:
    GRANT permission_list 
    ON SUBMISSION id 
    IN WORKPOOL datacenter_name 
    TO role_name; 

Permission matrix

Privilege Resource Permissions
CREATE ANY WORKPOOL Submit applications to a workpool to any datacenter in cluster.
CREATE WORKPOOL datacenter_name Submit applications to a workpool in the specified datacenter.
DESCRIBE ANY WORKPOOL From the Spark UI, able to access all jobs.
DESCRIBE WORKPOOL datacenter_name From the Spark UI, able only able to access logs for jobs in the specified datacenter.
DESCRIBE ANY SUBMISSION Access all application logs in the Spark UI.
DESCRIBE ANY SUBMISSION IN WORKPOOL datacenter_name From the Spark UI only access application logs in the datacenter specified.
DESCRIBE SUBMISSION id IN WORKPOOL datacenter_name From the Spark UI only access the logs of an application.
MODIFY ANY SUBMISSION Manage applications across the entire cluster.
MODIFY ANY SUBMISSION IN WORKPOOL datacenter_name Manage applications in the specified datacenter.
MODIFY SUBMISSION id IN WORKPOOL datacenter_name Manage a specific application.