[ https://issues.apache.org/jira/browse/YARN-6791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
daemon updated YARN-6791: ------------------------- Description: The yarn application acl control is not so perfect which could let us pretty confused sometimes. !screenshot-1.png! The yarn acl is disabled default, but when we enable it. You will find the others who neither is yarn admin nor queue admin, he will not view the status of the application. It will show something as blow in YARN RM web ui: !screenshot-2.png! So when we enable those configs, you will find it is very inconvenient to view the application status for uses. There are two ways to solve the problem: 1. To make the web ui more perfect, and can allow user to login as any uses he want. Besides, it should provide a perfect verification mechanism. 2. Add a config in YarnConfiguration, which can allow some uses view any applications he want. But he has not modify permissions. In this way, the user can view all applications but can not kill other users applications. Of the above two solutions, I will choose the second solution. It is low cost but is more useful. I will work on this, and upload the patch later. > Add a new acl control to make YARN acl control perfect > ------------------------------------------------------ > > Key: YARN-6791 > URL: https://issues.apache.org/jira/browse/YARN-6791 > Project: Hadoop YARN > Issue Type: Improvement > Components: yarn > Affects Versions: 2.7.2 > Reporter: daemon > Fix For: 2.7.2 > > Attachments: screenshot-1.png, screenshot-2.png > > > The yarn application acl control is not so perfect which could let us pretty > confused sometimes. > !screenshot-1.png! > The yarn acl is disabled default, but when we enable it. > You will find the others who neither is yarn admin nor queue admin, he will > not view the status > of the application. It will show something as blow in YARN RM web ui: > !screenshot-2.png! > So when we enable those configs, you will find it is very inconvenient to > view the application status > for uses. > There are two ways to solve the problem: > 1. To make the web ui more perfect, and can allow user to login as any uses > he want. > Besides, it should provide a perfect verification mechanism. > 2. Add a config in YarnConfiguration, which can allow some uses view any > applications he want. > But he has not modify permissions. > In this way, the user can view all applications but can not kill other users > applications. > Of the above two solutions, I will choose the second solution. > It is low cost but is more useful. > I will work on this, and upload the patch later. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org