Re-posting the reply I got from Greg on another thread. In order for users to be authorized correctly for those actions, HTTP authentication should be enabled on both the master and agent using the '--authenticate_http_readonly' and '--authenticate_http_readwrite' flags. Authentication is the only way for users of the Mesos web UI to identify themselves, and it simply relies on the built-in browser authentication facilities.
I would recommend giving those flags a try. Also, note that when you set those flags, you'll need to specify credentials using '--credentials' on the master and '--http_credentials' on the agent. You can find more information in the authentication docs: http://mesos.apache.org/ documentation/latest/authentication/ I haven't tried it yet i'll post my experience and results once I do. On Wed, Sep 7, 2016 at 9:56 PM, tommy xiao <[email protected]> wrote: > I have same question on it. > > > 2016-09-08 2:48 GMT+08:00 Haripriya Ayyalasomayajula < > [email protected]>: > >> Hi all, >> >> Quoting from the release notes: >> More importantly, we have added foundations for multi-tenancy by adding >> fine-grained >> authorization >> <https://www.youtube.com/watch?v=-yWHuxXwuAA&index=20&list=PLGeM09tlguZQVL7ZsfNMffX9h1rGNVqnC> >> controls. >> For example, it is now possible to set up ACLs so that a user can only view >> information about her own tasks in the WebUI and/or HTTP endpoints. >> >> I have a mesos 1.0 cluster and I'm trying to have specific configurations >> for multi tenancy. >> >> I'm using the local authorizer - default that comes with open source >> mesos 1.0. >> To configure view_tasks, view_executors, access_sandboxes, do we need >> additional authentication added to the exisiting mesos UI? >> >> From the UI how does it recognize User A to be User A? Are there any >> assumptions that I'm missing? What is the required infrastructure for multi >> tenancy here? >> >> >> -- >> Regards, >> Haripriya Ayyalasomayajula >> >> > > > -- > Deshi Xiao > Twitter: xds2000 > E-mail: xiaods(AT)gmail.com > -- Regards, Haripriya Ayyalasomayajula
