Database Reference
In-Depth Information
NOTE
Permissions in Azure Data Storage work a bit differently. Permissions
are managed in the storage account. The HDInsight cluster has full
permissions to all containers in the storage account that is set as its
default storage. It can also access containers in other storage accounts.
If the target container is the public container, or it has the public-access
level, the HDInsight cluster will have read-access without additional
configuration. If the target container uses the private-access level,
however, you have to update the
core-site.xml
within the
HDInsight cluster to provide the key to access the container.
In the current release of HDFS, the host operating system manages user
identity. HDFS uses whatever identity the host reports to determine the
user's identity. On a Windows server, the user identity reported to HDFS
will be the equivalent of the
whoami
command from a command prompt.
The group membership will be the same groups as reported by running
net
user [username]
command.
NOTE
HDFS also has a super-user account. The super user has access to view
and modify everything, because permission checks are effectively
bypassed for the super user. The account used to start the NameNode
process is always set as the super user. Note that if the NameNode
process is started under a different user identity, that account will then
be the super user. This can be convenient for development purposes,
because a developer starting a local NameNode to work against will
automatically be the super user. However, for a production
environment, a consistent, secured account should be used to start the
NameNode.
Files and folders support a simple set of permissions:
•
Read (
r
) permission
: An account has permission to read the
contents of the file or directory.
