Analytic applications
Syntax for authorizing Spark applications.
Authorize Spark applications on a DataStax Enterprise Analytics node.
Spark application management permissions use the following modelled hierarchy:
- ANY WORKPOOL
- WORKPOOL datacenter_name
- ANY SUBMISSION
- ANY SUBMISSION IN WORKPOOL datacenter_name
- SUBMISSION id IN WORKPOOL datacenter_name
- ANY SUBMISSION IN WORKPOOL datacenter_name
Synopsis
Use the following syntax to grant access:
- All workpools in the
cluster:
GRANT permission_list ON ANY WORKPOOL TO role_name;
- Workpool in a
datacenter:
GRANT permission_list ON WORKPOOL datacenter_name TO role_name;
- All applications in cluster:
GRANT permission_list ON ANY SUBMISSION TO role_name;
- All applications in a
workpool:
GRANT permission_list ON ANY SUBMISSION IN WORKPOOL datacenter_name TO role_name;
- Specific application in a
workpool:
GRANT permission_list ON SUBMISSION id IN WORKPOOL datacenter_name TO role_name;
Permission matrix
Privilege | Resource | Permissions |
---|---|---|
CREATE | ANY WORKPOOL | Submit applications to a workpool to any datacenter in cluster. |
CREATE | WORKPOOL datacenter_name | Submit applications to a workpool in the specified datacenter. |
DESCRIBE | ANY WORKPOOL | From the Spark UI, able to access all jobs. |
DESCRIBE | WORKPOOL datacenter_name | From the Spark UI, able only able to access logs for jobs in the specified datacenter. |
DESCRIBE | ANY SUBMISSION | Access all application logs in the Spark UI. |
DESCRIBE | ANY SUBMISSION IN WORKPOOL datacenter_name | From the Spark UI only access application logs in the datacenter specified. |
DESCRIBE | SUBMISSION id IN WORKPOOL datacenter_name | From the Spark UI only access the logs of an application. |
MODIFY | ANY SUBMISSION | Manage applications across the entire cluster. |
MODIFY | ANY SUBMISSION IN WORKPOOL datacenter_name | Manage applications in the specified datacenter. |
MODIFY | SUBMISSION id IN WORKPOOL datacenter_name | Manage a specific application. |