[
https://issues.apache.org/jira/browse/AMBARI-7976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrew Onischuk resolved AMBARI-7976.
-------------------------------------
Resolution: Fixed
Committed to branch-1.7.0
> Ambari: Add oozie install user as an Oozie admin user
> -----------------------------------------------------
>
> Key: AMBARI-7976
> URL: https://issues.apache.org/jira/browse/AMBARI-7976
> Project: Ambari
> Issue Type: Bug
> Reporter: Andrew Onischuk
> Assignee: Andrew Onischuk
> Fix For: 1.6.0
>
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
> * have write access to all jobs
> * have write access to admin operations
> When authorization server security is enabled by config property
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
