[
https://issues.apache.org/jira/browse/OOZIE-2897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16033070#comment-16033070
]
Peter Bacsko commented on OOZIE-2897:
-------------------------------------
[~rohini] could you check please if this approach is the one we need?
> LauncherAM should support ACLs
> ------------------------------
>
> Key: OOZIE-2897
> URL: https://issues.apache.org/jira/browse/OOZIE-2897
> Project: Oozie
> Issue Type: Sub-task
> Reporter: Peter Bacsko
>
> In MapReduce, you can define ACL-related properties:
> {noformat}
> mapreduce.job.acl-view-job
> mapreduce.job.acl-modify-job
> {noformat}
> {{acl-view-job}} defines a list of users/groups who can retrieve the job
> statistics. {{acl-modify-job}} defines a list of users/groups who can kill a
> job or adjust the priority of it.
> Docs:
> https://hadoop.apache.org/docs/r1.2.1/mapred_tutorial.html#Job+Authorization
> In YARN, we can provide backward compatibility for these properties. Example
> code:
> {code}
> Map<ApplicationAccessType, String> acls = new HashMap<ApplicationAccessType,
> String>();
> acls.put(ApplicationAccessType.MODIFY_APP, "*");
> acls.put(ApplicationAccessType.VIEW_APP, "*");
> amContainer.setApplicationACLs(acls);
> {code}
> This has to be done before application submission. We have to open
> {{mapred-site.xml}} and check if {{mapred.acls.enabled}} is true. If so, then
> read the values of view-job/modify-job and configure the launcher context as
> described above.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
