Our MapR usage include writing data to stream from external machine , submitting spark application job from external machine (which reads data from stream and dumps it into MapR db). Our external machine then queries data via drill from MapR db tables.
Currently we have only 2 users in MapR cluster, i.r. root and mapr (MapR user). These 2 users will be created, maintained and administered by MapR administrator.
We are planning to create a less privileged user which will only have login and create volume permissions on MapR cluster. Using this user we will create volumes in cluster, create stream (and topic) in cluster, configure mapr client on external machine via ticket of this user, submit spark application job from external machine using this user(we will create this user on external machine as well with same uid and gid), and then query data from mapr db tables via drill via this users credentials only.
We will also have mapr data (volume, stream, db) segregation based on different data entities (defined by us). And we would like to have different users for each of this data type (user1 for data type1, user2 for type and so on). So, we will have multiple such "less privileged users" on mapr cluster.
If we adopt LDAP solution to manage these users at one place (on LDAP server) and use configure PAM profiles on MapR cluster nodes to use LDAP for user authentication, do we still need to create users on MapR cluster nodes ?
This user will be owner of all data in volumes, stream, db and spark application will run from this user in MapR cluster. So, can we achieve all this functionality by not creating user on MapR cluster nodes and create (and manage) users only on LDAP ?