Security

    • Only the administrator account in the security center has the authority to operate. It has functions such as queue management, tenant management, user management, alarm group management, worker group management, token management, etc. In the user management module, resources, data sources, projects, etc. Authorization
    • Administrator login, default user name and password: admin/dolphinscheduler123
    • Queue is used when the “queue” parameter is needed to execute programs such as spark and mapreduce.
    • The administrator enters the Security Center->Queue Management page and clicks the “Create Queue” button to create a queue.

    Add tenant

    • The tenant corresponds to the Linux user, which is used by the worker to submit the job. Task will fail if Linux does not exists this user. You can set the parameter as true in configuration file . After that DolphinScheduler would create user if not exists, The property worker.tenant.auto.create=true requests worker run command without password.
    • The administrator enters the Security Center->Tenant Management page and clicks the “Create Tenant” button to create a tenant.

    • Users are divided into administrator users and normal users

      • The administrator has authorization and user management authority, but does not have the authority to create project and workflow definition operations.
      • Ordinary users can create projects and create, edit, and execute workflow definitions.
      • Note: If the user switches tenants, all resources under the tenant where the user belongs will be copied to the new tenant that is switched.
    • The administrator enters the Security Center -> User Management page and clicks the “Create User” button to create a user.

    Security - 图3

    • The administrator enters the Security Center->User Management page and clicks the “Edit” button to edit user information.
    • After an ordinary user logs in, click the user information in the user name drop-down box to enter the user information page, and click the “Edit” button to edit the user information.

    Modify user password

    • The administrator enters the Security Center->User Management page and clicks the “Edit” button. When editing user information, enter the new password to modify the user password.
    • After a normal user logs in, click the user information in the user name drop-down box to enter the password modification page, enter the password and confirm the password and click the “Edit” button, then the password modification is successful.

    Create alarm group

    • The alarm group is a parameter set at startup. After the process ends, the status of the process and other information will be sent to the alarm group in the form of email.

    • The administrator enters the Security Center -> Alarm Group Management page and clicks the “Create Alarm Group” button to create an alarm group.

    • The administrator enters the Security Center -> Token Management page, clicks the “Create Token” button, selects the expiration time and user, clicks the “Generate Token” button, and clicks the “Submit” button, then the selected user’s token is created successfully.

      Security - 图5

    • Call example:

    Granted permission

    • The administrator enters the Security Center -> User Management page and clicks the “Authorize” button of the user who needs to be authorized, as shown in the figure below:

    • Select the project to authorize the project.

    Security - 图7

    • Resources, data sources, and UDF function authorization are the same as project authorization.

    Each worker node will belong to its own worker group, and the default group is “default”.

    When the task is executed, the task can be assigned to the specified worker group, and the task will be executed by the worker node in the group.

    • Open the “conf/worker.properties” configuration file on the worker node where you want to set the groups, and modify the “worker.groups” parameter
    • The “worker.groups” parameter is followed by the name of the group corresponding to the worker node, which is “default”.
    • If the worker node corresponds to more than one group, they are separated by commas
    • You can also modify the worker group for worker which be assigned to specific worker group, and if the modification is successful, the worker will use the new group and ignore the configuration in worker.properties. The step to modify it as below: “security center -> worker group management -> click ‘new worker group’ -> click ‘new worker group’ -> enter ‘group name’ -> select exists worker -> click submit”.

    Environmental Management

    • Configure the Worker operating environment online. A Worker can specify multiple environments, and each environment is equivalent to the dolphinscheduler_env.sh file.

    • The default environment is the dolphinscheduler_env.sh file.

    • When the task is executed, the task can be assigned to the designated worker group, and the corresponding environment can be selected according to the worker group. Finally, the worker node executes the environment first and then executes the task.

    • The environment configuration is equivalent to the configuration in the dolphinscheduler_env.sh file.

    Use environment

    • Create a task node in the workflow definition and select the environment corresponding to the Worker group and the Worker group. When the task is executed, the Worker will execute the environment first before executing the task.