Github user tgravescs commented on the issue: https://github.com/apache/spark/pull/17582 so we should definitely fix the /api/v1/applications/<app-id>/logs to go through the acls. It looks like it should be protected in ApiRootResource.java. You have the app id so it needs to do something like the withSparkUI to get the acls included in that application. Like I mentioned the listing (/api/v1/applications) and /api/v1/applications/<app-id> (which is same info I believe as listing) were intentionally left open. I don't really see a reason to change that but if other people have a use case for it then perhaps we should make which pages are protected by acls configurable. on the history server I would expect spark.acls.enable=false and spark.history.ui.acls.enable=true, I can see where that could be confusing, perhaps we should document this better. spark.acls.enable on the history UI really is protecting the root UI, not the app level ui's. We could explicitly turn this off.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org