[
https://issues.apache.org/jira/browse/TEZ-2922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14987982#comment-14987982
]
Hitesh Shah commented on TEZ-2922:
----------------------------------
Sorry - missed that bit. Combining them should work but this will end up
sending a merged list back to YARN for the app acls as well as the domain
access controls. What do you think? Should we treat them as a different acl
type and do compare users to this acl?
A minor gotcha that needs to be addressed is handling of "*". If any of the
settings have a "*" ( i.e. yarn admin acls is "*" but am view acls has
"user1,user2 grp1", the new code will end up potentially with "*" + list of
users. This probably needs to be special cased and a unit test would help too.
> Tez Live UI gives access denied for admins
> ------------------------------------------
>
> Key: TEZ-2922
> URL: https://issues.apache.org/jira/browse/TEZ-2922
> Project: Apache Tez
> Issue Type: Bug
> Reporter: Jonathan Eagles
> Assignee: Jonathan Eagles
> Attachments: TEZ-2292.1.patch, TEZ-2292.2.patch, TEZ-2292.3.patch
>
>
> YARN's Timeline Store allow access to Tez DAG history via the yarn.admin.acl
> setting. While live Tez history from AMWebController, neither respects
> yarn.admin.acl nor implements its own like mapreduce via
> mapreduce.cluster.administrators.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
