[
https://issues.apache.org/jira/browse/MAPREDUCE-7293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17181629#comment-17181629
]
Sunil G commented on MAPREDUCE-7293:
------------------------------------
We were trying to block listing all jobs in the landing page of JHS if the
logged in user doesnt have any permissions.
In that case, user cannot access or aware about the specific job.
However if the user know how to construct the URL, i think its possible that
they can land on that page. We also need to see the cost of getting the user
check in individual page. In the list page, we could get all this from file
name hence it was fine. Other wise , we may need to scan file which will cause
performance issues. Kindly analyse and if there are no major perf issues, lets
do this.
Thanks
> All pages in JHS should honor yarn.webapp.filter-entity-list-by-user
> --------------------------------------------------------------------
>
> Key: MAPREDUCE-7293
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7293
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: jobhistoryserver
> Reporter: Bilwa S T
> Assignee: Bilwa S T
> Priority: Major
>
> Currently only HsJobsBlock checks for the access. If user who doesn't have
> permission to access job page is able to do it which is wrong. So we need to
> have below check in HsJobBlock,HsTasksBlock and HsTaskPage
> {code:java}
> if (isFilterAppListByUserEnabled && ugi != null && !aclsManager
> .checkAccess(ugi, JobACL.VIEW_JOB, job.getUserName(), null)) {
>
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
