[jira] Commented: (MAPREDUCE-1307) Introduce the concept of Job Permissions

Sat, 06 Feb 2010 19:24:54 -0800 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12830629#action_12830629
 ] 

Vinod K V commented on MAPREDUCE-1307:
--------------------------------------

I wish to take this issue forward. First, let me summarize this:
h6. At present, we only have ACLs for queues:
_Queue_:
 - submit-job-acl
    -- determines which users and/or groups can submit a job to this queue
 - administer-job-acl
    -- determines which users and/or groups can perform administration 
operations like killing, setting priority on a given job
    -- the job-owner is always part of this list.

----
h6. Now we also want to add authorization per job.
----

h6. 1307-early-1.patch proposal:

_Queue_:
 - same as above using ACLs.

_Job_:  POSIX file system permissions _like_ model
  - Specifies the jobs's user_owner , group_owner  and the permissions
  - user_owner of the job is from authentication
  - group_owner of the job is from job's configuration during submission
  - user_owner can always do all the operations on the job
  - Permissions(RW:RW) specify the rights to group_owner:others respectively
       -- R means 'readability' of the job. Meaning whether or not the 
group/others can view information about the job
       -- W means 'writability' of the job. Meaning whether or not the 
group/others can modify job information, kill job, kill a task of the job, set 
job-priority etc.

> Introduce the concept of Job Permissions
> ----------------------------------------
>
>                 Key: MAPREDUCE-1307
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Devaraj Das
>             Fix For: 0.22.0
>
>         Attachments: 1307-early-1.patch
>
>
> It would be good to define the notion of job permissions analogous to file 
> permissions. Then the JobTracker can restrict who can "read" (e.g. look at 
> the job page) or "modify" (e.g. kill) jobs.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to