Hi everyone, After having a look at the Oozie source code I finally manage to find the solution to my problem, I post it here in case anyone may need it.
In fact Oozie doesn't handle the wildcard '*' properly in the oozie.job.acl, the only way to have an acl handled is to use the following format 'USER1,USER2,USER3' because Oozie will do a split using the ',' character as delimiter in acl. Also the oozie.job.acl need to be in the job.properties and not in the worklow.xml. And final point it seems that the group wide acl with a value like 'USER1,USER2,GROUP1' is not properly handled either. Regards, Pierre Vigreux De : VIGREUX Pierre Ext DTSI/DSI Envoyé : mercredi 21 octobre 2015 10:08 À : Oozie user ML ([email protected]) Objet : Trouble with oozie.job.acl property Hi everyone, This is my first email to the list, I have a trouble with the oozie.job.acl property, I have set up a workflow with the following value : <property> <name>oozie.job.acl</name> <value>*</value> </property> >From what I understood from the documentation, this value is supposed to give >everyone the ability to kill my workflow (through command line or a gui like >hue), but when I try to kill my job with a different user than the one that >submit the workflow I got the following error : oozie job -oozie http://localhost:11000/oozie -kill 0000000-151020102420689-oozie-oozi-W Error: E0508 : E0508: User [user] not authorized for WF job [0000000-151020102420689-oozie-oozi-W] I already check the value of the oozie.service.AuthorizationService.default.group.as.acl which is set as false and is not supposed to override my acl. Do you have any idea of what's wrong ? Did I miss something in my cluster configuration ? Regards, Pierre Vigreux _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, France Telecom - Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorization. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, France Telecom - Orange shall not be liable if this message was modified, changed or falsified. Thank you.
