Vrushali C created YARN-6820:
--------------------------------
Summary: Restrict read access to timelineservice v2 data
Key: YARN-6820
URL: https://issues.apache.org/jira/browse/YARN-6820
Project: Hadoop YARN
Issue Type: Sub-task
Reporter: Vrushali C
Need to provide a way to restrict read access in ATSv2. Not all users should be
able to read all entities. On the flip side, some folks may not need any read
restrictions, so we need to provide a way to disable this access restriction as
well.
Initially this access restriction could be done in a simple way via a whitelist
of users allowed to read data. That set of users can read all data, no other
user can read any data. Can be turned off for all users to read all data.
Could be stored in a "domain" table in hbase perhaps. Or a configuration
setting for the cluster. Or something else that's simple enough. ATSv1 has a
concept of domain for isolating users for reading. Would be good to keep that
in consideration.
In ATSv1, domain offers a namespace for Timeline server allowing users to host
multiple entities, isolating them from other users and applications. A “Domain”
in ATSV1 primarily stores owner info, read and& write ACL information, created
and modified time stamp information. Each Domain is identified by an ID which
must be unique across all users in the YARN cluster.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
