- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- EMR on CVM Operation Guide
- Planning Cluster
- Configuring Cluster
- Managing Cluster
- Instance Information
- Node Specification Management
- Checking and Updating Public IP
- Logging in to Clusters
- Cluster Scale-Out
- Cluster Scale-in
- Releasing Now
- Auto Scaling
- Graceful Scale-In
- Changing Configurations
- Automatic Replacement
- Exporting Software Configuration
- Cluster Scripts
- Cluster Termination
- Operation Logs
- Task Center
- Disk Management
- Managing Service
- Monitoring and Alarms
- Cluster Overview
- Node Status
- Service Status
- Cluster Event
- Log
- Application Analysis
- Cluster Inspection
- Java Analysis
- Monitoring Metrics
- Node Monitoring Metrics
- HDFS Monitoring Metrics
- YARN Monitoring Metrics
- ZooKeeper Monitoring Metrics
- HBase Monitoring Metrics
- Hive Monitoring Metrics
- Spark Monitoring Metrics
- Presto Monitoring Metrics
- Trino Monitoring Metrics
- ClickHouse Monitoring Metrics
- Druid Monitoring Metrics
- Kudu Monitoring Metrics
- Alluxio Monitoring Metrics
- PrestoSQL Monitoring Metrics
- Impala Monitoring Metrics
- Ranger Monitoring Metrics
- COSRanger Monitoring Metrics
- Doris Monitoring Metrics
- Kylin Monitoring Metrics
- Zeppelin Monitoring Metrics
- Oozie Monitoring Metrics
- Storm Monitoring Metrics
- Livy Monitoring Metrics
- Kyuubi Monitoring Metrics
- StarRocks Monitoring Metrics
- Kafka Monitoring Metrics
- Alarm Configurations
- Alarm Records
- EMR on TKE Operation Guide
- EMR Lite HBase Operation Guide
- EMR Development Guide
- Hadoop Development Guide
- HDFS Common Operations
- HDFS Federation Management Development Guide
- HDFS Federation Management
- Submitting MapReduce Tasks
- Automatically Adding Task Nodes Without Assigning ApplicationMasters
- YARN Task Queue Management
- Practices on YARN Label Scheduling
- Hadoop Practical Tutorial
- Using API to Analyze Data in HDFS and COS
- Dumping YARN Job Logs to COS
- Spark Development Guide
- Hbase Development Guide
- Phoenix on Hbase Development Guide
- Hive Development Guide
- Presto Development Guide
- Sqoop Development Guide
- Hue Development Guide
- Oozie Development Guide
- Flume Development Guide
- Kerberos Development Guide
- Knox Development Guide
- Alluxio Development Guide
- Kylin Development Guide
- Livy Development Guide
- Kyuubi Development Guide
- Zeppelin Development Guide
- Hudi Development Guide
- Superset Development Guide
- Impala Development Guide
- Druid Development Guide
- TensorFlow Development Guide
- Kudu Development Guide
- Ranger Development Guide
- Kafka Development Guide
- Iceberg Development Guide
- StarRocks Development Guide
- Flink Development Guide
- Hadoop Development Guide
- Practical Tutorial
- API Documentation
- FAQs
- Service Level Agreement
- Contact Us
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- EMR on CVM Operation Guide
- Planning Cluster
- Configuring Cluster
- Managing Cluster
- Instance Information
- Node Specification Management
- Checking and Updating Public IP
- Logging in to Clusters
- Cluster Scale-Out
- Cluster Scale-in
- Releasing Now
- Auto Scaling
- Graceful Scale-In
- Changing Configurations
- Automatic Replacement
- Exporting Software Configuration
- Cluster Scripts
- Cluster Termination
- Operation Logs
- Task Center
- Disk Management
- Managing Service
- Monitoring and Alarms
- Cluster Overview
- Node Status
- Service Status
- Cluster Event
- Log
- Application Analysis
- Cluster Inspection
- Java Analysis
- Monitoring Metrics
- Node Monitoring Metrics
- HDFS Monitoring Metrics
- YARN Monitoring Metrics
- ZooKeeper Monitoring Metrics
- HBase Monitoring Metrics
- Hive Monitoring Metrics
- Spark Monitoring Metrics
- Presto Monitoring Metrics
- Trino Monitoring Metrics
- ClickHouse Monitoring Metrics
- Druid Monitoring Metrics
- Kudu Monitoring Metrics
- Alluxio Monitoring Metrics
- PrestoSQL Monitoring Metrics
- Impala Monitoring Metrics
- Ranger Monitoring Metrics
- COSRanger Monitoring Metrics
- Doris Monitoring Metrics
- Kylin Monitoring Metrics
- Zeppelin Monitoring Metrics
- Oozie Monitoring Metrics
- Storm Monitoring Metrics
- Livy Monitoring Metrics
- Kyuubi Monitoring Metrics
- StarRocks Monitoring Metrics
- Kafka Monitoring Metrics
- Alarm Configurations
- Alarm Records
- EMR on TKE Operation Guide
- EMR Lite HBase Operation Guide
- EMR Development Guide
- Hadoop Development Guide
- HDFS Common Operations
- HDFS Federation Management Development Guide
- HDFS Federation Management
- Submitting MapReduce Tasks
- Automatically Adding Task Nodes Without Assigning ApplicationMasters
- YARN Task Queue Management
- Practices on YARN Label Scheduling
- Hadoop Practical Tutorial
- Using API to Analyze Data in HDFS and COS
- Dumping YARN Job Logs to COS
- Spark Development Guide
- Hbase Development Guide
- Phoenix on Hbase Development Guide
- Hive Development Guide
- Presto Development Guide
- Sqoop Development Guide
- Hue Development Guide
- Oozie Development Guide
- Flume Development Guide
- Kerberos Development Guide
- Knox Development Guide
- Alluxio Development Guide
- Kylin Development Guide
- Livy Development Guide
- Kyuubi Development Guide
- Zeppelin Development Guide
- Hudi Development Guide
- Superset Development Guide
- Impala Development Guide
- Druid Development Guide
- TensorFlow Development Guide
- Kudu Development Guide
- Ranger Development Guide
- Kafka Development Guide
- Iceberg Development Guide
- StarRocks Development Guide
- Flink Development Guide
- Hadoop Development Guide
- Practical Tutorial
- API Documentation
- FAQs
- Service Level Agreement
- Contact Us
When using the EMR service, users need to grant the service account the default system role EMR_QCSRole. Once the role is successfully granted, EMR can call related services (such as TKE and COS) to create clusters and save logs.
Note
When enabling EMR for the first time, you need to complete the role authorization process using the root account; otherwise, neither sub-accounts nor the root account can use EMR.
Role Authorization Process
1. When a user creates a cluster or creates an on-demand execution plan, if the EMR_QCSRole role authorization for the service account fails, the user will be redirected to a page notifying the permission limitations. Then click Go to CAM to proceed with role authorization.
2. Click Agree to Authorize to authorize the default role EMR_QCSRole to the EMR service account.
3. After authorization is completed, the user needs to refresh the EMR console or purchase page, after which normal operations can proceed. For more detailed information on EMR_QCSRole policies, you can log in to the CAM Console. The permissions included in EMR_QCSRole can be found in Collaborator/Sub-account Permissions.
Special Instructions for Service Role Authorization Related to EMR on TKE Clusters
When you create or use an EMR on TKE cluster, data needs to be directly written to or calculated in Cloud Object Storage (COS). To ensure data security, EMR should be granted temporary keys to read and write COS resources. Therefore, the relevant EMR service-related role
EMR_QCSLinkedRoleInApplicationDataAccess should be authorized and bound to the QcloudAccessForEMRLinkedRoleInApplicationDataAccess preset policy.1. When viewing the EMR on TKE cluster list, you need to check if the service-related role
EMR_QCSLinkedRoleInApplicationDataAccess is bound to the EMR service.2. If the EMR service-related role
EMR_QCSLinkedRoleInApplicationDataAccess does not exist, authorization and binding need to be performed.Note
If you need to specify cluster access permissions for the corresponding COS resources in a more refined manner, see Custom Service Roles for settings.
EMR on TKE Cluster Authentication Description
The permission settings for sub-accounts and collaborators are consistent with that of the EMR on CVM version. For details, see Collaborator/Sub-account Permissions.
Tag authentication and API authentication settings are consistent with that of the EMR on CVM version. For details, see Authentication Granularity Scheme.
Yes
No
Was this page helpful?