[
https://issues.apache.org/jira/browse/SAMZA-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16566082#comment-16566082
]
ASF GitHub Bot commented on SAMZA-1794:
---------------------------------------
Github user asfgit closed the pull request at:
https://github.com/apache/samza/pull/592
> setting application acl in launch context for secured YARN cluster
> ------------------------------------------------------------------
>
> Key: SAMZA-1794
> URL: https://issues.apache.org/jira/browse/SAMZA-1794
> Project: Samza
> Issue Type: Improvement
> Reporter: Hai
> Assignee: Hai
> Priority: Major
>
> Currently we don't set application acl for container launch context. See
> [https://hadoop.apache.org/docs/r2.6.4/api/org/apache/hadoop/yarn/api/records/ContainerLaunchContext.html#setApplicationACLs(java.util.Map)]
> This could potentially cause problem if samza job is running on a secured
> YARN cluster. Say user A submits the job, then by default only user A can
> view the log and the status of the job. Even worse case is that user A
> submits the job through some proxy account, then even user A herself/himself
> couldn't access to logs/status of the application.
> We need to make some changes for the YARN application submission to set
> application acls in launch context as configured.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
