[
https://issues.apache.org/jira/browse/YARN-6791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
daemon reassigned YARN-6791:
----------------------------
Assignee: daemon
> Add a new acl control to make YARN acl control perfect
> ------------------------------------------------------
>
> Key: YARN-6791
> URL: https://issues.apache.org/jira/browse/YARN-6791
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: yarn
> Affects Versions: 2.7.2
> Reporter: daemon
> Assignee: daemon
> Fix For: 2.7.2
>
> Attachments: screenshot-1.png, screenshot-2.png
>
>
> The yarn application acl control is not so perfect which could let us pretty
> confused sometimes.
> !screenshot-1.png!
> The yarn acl is disabled default, but when we enable it.
> You will find the others who neither is yarn admin nor queue admin, he will
> not view the status
> of the application. It will show something as blow in YARN RM web ui:
> !screenshot-2.png!
> So when we enable those configs, you will find it is very inconvenient to
> view the application status
> for uses.
> There are two ways to solve the problem:
> 1. To make the web ui more perfect, and can allow user to login as any uses
> he want.
> Besides, it should provide a perfect verification mechanism.
> 2. Add a config in YarnConfiguration, which can allow some uses view any
> applications he want.
> But he has not modify permissions.
> In this way, the user can view all applications but can not kill other users
> applications.
> Of the above two solutions, I will choose the second solution.
> It is low cost but is more useful.
> I will work on this, and upload the patch later.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
