[jira] Commented: (HADOOP-3698) Implement access control for submitting jobs to queues in the JobTracker

Wed, 20 Aug 2008 21:03:37 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-3698?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12624241#action_12624241
 ] 

Hemanth Yamijala commented on HADOOP-3698:
------------------------------------------

bq. What do you mean by sysadmins? - do they have special priviledges beyond 
the ACL. I think it makes sense for the superuser and the supergroup (of HDFS) 
to have full permissions to job queues without the need for their 
username/groupname appear in the ACL. Is that what you meant by sysadmins?

Sanjay, yes. This is what I mean by sysadmins. They have complete control over 
the system, without needing special access control to be set up for them.

bq. I suggest we add the "changeACL operation right now; its default list 
should be null (ie only the superuser/supergroup can modify it).

Is this because you believe that this operation can be delegated to others 
users/groups ? Also, for this version of the resource manager, we don't have a 
UI for administering the queues. In other words, even if we declare the 
operation right now, there is going to be no place where we need to check this. 
I suggest we add this as a TODO comment to the Enum I've declared above, on the 
lines of what Owen proposed for listjobs. Makes sense ?

> Implement access control for submitting jobs to queues in the JobTracker
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-3698
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3698
>             Project: Hadoop Core
>          Issue Type: New Feature
>          Components: mapred
>            Reporter: Hemanth Yamijala
>            Assignee: Hemanth Yamijala
>             Fix For: 0.19.0
>
>
> HADOOP-3445 implements multiple queues in the JobTracker as part of the new 
> resource manager for Hadoop (HADOOP-3421). There needs to be a mechanism to 
> control who can submit jobs to a specified queue. This JIRA is for tracking 
> the requirements, approach and implementation for the same.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to