[ https://issues.apache.org/jira/browse/SPARK-23782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16417751#comment-16417751 ]
Marcelo Vanzin commented on SPARK-23782: ---------------------------------------- All the information you're trying to protect can be found through other means. Looking at the even log dir in HDFS; looking at the cluster manager's UI; just running "ps" on the cluster machines. Different users seeing different listings can be confusing. "Hey I was trying to find your jobs for blah on the SHS and I don't see them." Again, knowing the existence of users and the fact that they run jobs is not a security problem. You cannot see what those jobs do. > SHS should not show applications to user without read permission > ---------------------------------------------------------------- > > Key: SPARK-23782 > URL: https://issues.apache.org/jira/browse/SPARK-23782 > Project: Spark > Issue Type: Bug > Components: Web UI > Affects Versions: 2.4.0 > Reporter: Marco Gaido > Priority: Major > > The History Server shows all the applications to all the users, even though > they have no permission to read them. They cannot read the details of the > applications they cannot access, but still anybody can list all the > applications submitted by all users. > For instance, if we have an admin user {{admin}} and two normal users {{u1}} > and {{u2}}, and each of them submitted one application, all of them can see > in the main page of SHS: > ||App ID||App Name|| ... ||Spark User|| ... || > |app-123456789|The Admin App| .. |admin| ... | > |app-123456790|u1 secret app| .. |u1| ... | > |app-123456791|u2 secret app| .. |u2| ... | > Then clicking on each application, the proper permissions are applied and > each user can see only the applications he has the read permission for. > Instead, each user should see only the applications he has the permission to > read and he/she should not be able to see applications he has not the > permissions for. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org