[
https://issues.apache.org/jira/browse/TEZ-2277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14481684#comment-14481684
]
Hitesh Shah commented on TEZ-2277:
----------------------------------
Not exactly. It is a not a no-op. Let me clarify.
The view acls and write acls are used in 2 places:
1) One in the Tez AM to enforce restrictions for various actions such as
getDAGStatus, killDAG, etc
2) For use with the Tez UI to protect access to data in Timeline.
The write acls are only relevant in (1) as no user is expected to write data to
Timeline after the fact ( or from outside of the Tez framework ). All code in
the Tez AM is running as the AM user ( in this case hive ) which is writing all
historical data to timeline. Adding hrt_qa as a user with read/write
permissions implies that hrt_qa has permissions to be able to kill the DAG. It
also means hrt_qa has permissions to read data from Timeline. However, at no
point, does hrt_qa need to write data to Timeline and nor should it have the
permissions to do this.
> modifyACLsStr in DAGAccessControls does not take effect
> -------------------------------------------------------
>
> Key: TEZ-2277
> URL: https://issues.apache.org/jira/browse/TEZ-2277
> Project: Apache Tez
> Issue Type: Bug
> Affects Versions: 0.6.0
> Reporter: Thejas M Nair
> Priority: Critical
>
> Even if modifyACLsStr in DAGAccessControls constructor is set and that access
> control is set for the DAG, it does not actually get set in access control at
> runtime.
> See comment in
> [HIVE-10145|https://issues.apache.org/jira/browse/HIVE-10145?focusedCommentId=14393933&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14393933]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
