[
https://issues.apache.org/jira/browse/SAMZA-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hai resolved SAMZA-1794.
------------------------
Resolution: Fixed
> setting application acl in launch context for secured YARN cluster
> ------------------------------------------------------------------
>
> Key: SAMZA-1794
> URL: https://issues.apache.org/jira/browse/SAMZA-1794
> Project: Samza
> Issue Type: Improvement
> Reporter: Hai
> Assignee: Hai
> Priority: Major
>
> Currently we don't set application acl for container launch context. See
> [https://hadoop.apache.org/docs/r2.6.4/api/org/apache/hadoop/yarn/api/records/ContainerLaunchContext.html#setApplicationACLs(java.util.Map)]
> This could potentially cause problem if samza job is running on a secured
> YARN cluster. Say user A submits the job, then by default only user A can
> view the log and the status of the job. Even worse case is that user A
> submits the job through some proxy account, then even user A herself/himself
> couldn't access to logs/status of the application.
> We need to make some changes for the YARN application submission to set
> application acls in launch context as configured.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
