KWON BYUNGCHANG created YARN-9731:
-------------------------------------
Summary: In ATS v1.5, all jobs are visible to all users without
view-acl
Key: YARN-9731
URL: https://issues.apache.org/jira/browse/YARN-9731
Project: Hadoop YARN
Issue Type: Bug
Components: timelineserver
Affects Versions: 3.1.2
Reporter: KWON BYUNGCHANG
Attachments: ats_v1.5_screenshot.png
In ATS v1.5 of secure mode,
all jobs are visible to all users without view-acl.
if user does not have view-acl, user should not be able to see jobs.
I attatched ATS UI screenshot.
ATS v1.5 log
{code:java}
2019-08-09 10:21:13,679 WARN
applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore
(ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687))
- Failed to authorize when generating application report for
application_1565247558150_1954. Use a placeholder for its latest attempt id.
org.apache.hadoop.security.authorize.AuthorizationException: User magnum does
not have privilege to see this application application_1565247558150_1954
2019-08-09 10:21:13,680 WARN
applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore
(ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687))
- Failed to authorize when generating application report for
application_1565247558150_1951. Use a placeholder for its latest attempt id.
org.apache.hadoop.security.authorize.AuthorizationException: User magnum does
not have privilege to see this application application_1565247558150_1951
{code}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
