user
The egosh user sub-command controls user accounts and roles in your cluster.
user add -u user_account -x password [-d description]
Creates a new user account in the EGO user database with the specified name.
This is an administrative subcommand. You must first log on as cluster administrator before you
can issue this subcommand.
- -u user_account
- Specifies the name of the user account to create. User account names must adhere to the
following naming rules:
- The user account name can be a maximum of 32 characters.
- The user account name must be unique, and begin with a letter.
- The user account name can only contain the following characters: 0-9, a-z, A-Z, -, _, or space.
- -x password
- Specifies the password to be used to authenticate the user when this user account is
accessed.
Specify up to 40 (
![[7.3.2 Fix]](../732fix.gif)
64 with
Fix 602717)
alphanumeric or special characters, except greater than (>), less than (<), ampersand (&), or
control characters (Ctrl + key). - -d description
- Specifies any additional information about the user account or the user to whom this account
belongs.
Specify up to 200 alphanumeric or special characters, except control characters (Ctrl + key). Enclose description in quotation marks if there are spaces within it.
user assignrole -u user_account -r role [-p consumer_name]
Assigns the specified role to the specified user account or OS user group, and optionally specifies the consumer to which this role appliess.
This is an administrative subcommand. You must first log on as cluster administrator or consumer
administrator before you can issue this subcommand.
- -u user_account
- Specifies the user account or user group to assign the role to. The user account or user group specified must already exist prior to issuing this command. A user group must be prefixed by the @ character; for example, @group1. A special built-in user group that represents a group with all users in it is expressed as %any.
- -r role
- Specifies the role to assign.
- -p consumer_name
- Specifies the consumer to which this user is assigned the specified role.
The following example assigns George Smith the role of cluster administrator
for all the consumers:
egoadmin@egosh> user assignrole -u gsmith -r
The following example assigns user group group1 the role of consumer
administrator for the UAT consumer and all of its
descendants:
egoadmin@egosh> user assignrole -u @group1 -r CONSUMER_ADMIN -p /UAT
The following example assigns Karen Dayton the role of consumer administrator
for the UAT consumer and all of its
descendants:
egoadmin@egosh> user assignrole -u kdayton -r CONSUMER_ADMIN -p /UAT
user delete -u user_account
Deletes a user account from the EGO user database.
This is an administrative subcommand. You must first log on as cluster administrator before you
can issue this subcommand.
- -u user_account
- Specifies the name of the user account to be deleted.
user list [-l] [-ll]
Displays all user accounts and a description from the EGO user database.
- -l
- Provides the same information with a longer name field, if some are truncated when -l is not specified.
- -ll
- Provides the same information as the -l option, and in comma-separated values (CSV) format.
user logoff
Logs off the current user account from EGO. Logging off does not close the interactive command interface session but does prevent the user from issuing administrative subcommands.
user logon [-u user_account] [-x password]
Logs the user onto EGO. If you do not specify either
-u
user_acount or -x password, you are
prompted to provide the password user account and password. Note: You are automatically
logged off of EGO after 8 hours. To perform another administrative command after expiry, you are
required to log on again. The logon expiry time is not configurable.
- -u user_account
- Specifies the EGO user account to use to log on. If you have enabled Kerberos authentication for the MapReduce framework, note that the principal name defined as the service principal in the Key Distribution Center (KDC) maps to MapReduce’s cluster administrator account (Admin).
- -x password
- Specifies the password to use to authenticate the logon sequence. If you have enabled Kerberos authentication for the MapReduce framework, use the Kerberos password.
user modify -u user_account [-x password] [-d description]
This is an administrative subcommand. You must first log on as cluster administrator before you
can issue this subcommand.
- -u user_account
- Specifies the name of the user account to modify. You cannot modify the name itself.
- -x password
- Specifies the new password to be used to authenticate the user when this user account is
accessed.
Specify up to 40 alphanumeric or special characters. Certain special characters such as greater than (>) and less than (<) are not valid when used with the -x option. In such cases, enter the new password at the prompt after issuing the user modify command instead of using the -x option.
- -d description
- Specifies any additional information about the user account or the user to whom this account
belongs.
Specify up to 200 alphanumeric or special characters, except control characters (Ctrl + key). Enclose description in quotation marks if there are spaces within it.
user roles4user -u user_account [-p consumer_name] [-a]
Lists the roles assigned to a user account.
- -u user_account
- Specifies the user account for which to list the roles.
- -p consumer_name
- Lists all user roles for the specified consumer.
- -a
- Lists all role names and their users for the current consumer and those inherited from a parent consumer.
user permissions4user -u user_account [-p consumer_name]
Displays the permission list for a user, sorted by context.
- -u user_account
- Specifies the user account.
- -p consumer_name
- Lists all permissions for user accounts of the specified consumer.
user users4role -r role [-p consumer_name] [-a]
Lists all user accounts in the EGO user database that have the specified role. For consumer
administrators, this command also lists the consumer this user can administer. For consumer users,
this command also lists the consumer to which the user has access. For users with custom roles, the
consumer is not listed.
- -r role
- Specifies the role to list all users for. Specify one of the following predefined roles or a
custom role:
- CLUSTER_ADMIN
- CLUSTER_READONLY_ADMIN
- CONSUMER_ADMIN
- CONSUMER_READONLY_ADMIN
- CONSUMER_USER
- -p consumer_name
- Lists all users’ accounts and their roles for the specified consumer. If you specified the role CLUSTER_ADMIN, a consumer name is not needed. If you specified either of the other two predefined roles, a consumer name is required. The consumer_name option does not apply to custom roles.
- -a
- Lists all user accounts and their roles for the current consumer and those inherited from a parent consumer.
user unassignrole -u user_account -r role [-p consumer_name]
Removes the specified role from the specified user account or OS user group. Optionally, specifies the consumer to which this action applies or removes this role from all descendants of the specified consumer.
This is an administrative subcommand. You must first log on as cluster administrator or consumer
administrator before you can issue this subcommand.
- -u user_account
- Specifies the user account or user group to remove the role from. A user group must be prefixed by the @ character; for example, @group1. A special built-in user group that represents a group with all users in it is expressed as %any.
- -r role
- Specifies the role to remove. Specify one of the following:
- CLUSTER_ADMIN
- CLUSTER_READONLY_ADMIN
- CONSUMER_ADMIN
- CONSUMER_READONLY_ADMIN
- CONSUMER_USER
- -p consumer_name
- specifies the consumer for which this role is removed from the user account.
user view [user_account …]
Displays a list of EGO user accounts.
- user_account
- Specifies the name of the specific user account(s) to view.