[ 
https://issues.apache.org/jira/browse/YARN-6945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16115789#comment-16115789
 ] 

Naganarasimha G R commented on YARN-6945:
-----------------------------------------

[~daemon], 
In terms of security, I do not think its right to show the ACL rights in webui 
to all users, general approach would be that user contacts the admin for the 
rights when he fails to fetch the rights. 
But having said that it would be useful for admins to see it, as we have 
started api based queue configuration in CS, As with out this information 
Admins will not be able to support users. 
So if user is Admin i am ok in showing it but not for all users, 
cc [~sunilg]


> Display the ACL of leaf queue in RM scheduler page
> --------------------------------------------------
>
>                 Key: YARN-6945
>                 URL: https://issues.apache.org/jira/browse/YARN-6945
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: fairscheduler
>            Reporter: YunFan Zhou
>            Assignee: YunFan Zhou
>         Attachments: screenshot-1.png, YARN-6945.001.patch
>
>
> {code:java}
> java.io.IOException: org.apache.hadoop.yarn.exceptions.YarnException: Failed 
> to submit application_1501748492123_0298 to YARN : User yarn cannot submit 
> applications to queue root.jack
>         at org.apache.hadoop.mapred.YARNRunner.submitJob(YARNRunner.java:306)
>         at 
> org.apache.hadoop.mapreduce.JobSubmitter.submitJobInternal(JobSubmitter.java:240)
>         at org.apache.hadoop.mapreduce.Job$10.run(Job.java:1290)
>         at org.apache.hadoop.mapreduce.Job$10.run(Job.java:1287)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAs(Subject.java:422)
>         at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1785)
>         at org.apache.hadoop.mapreduce.Job.submit(Job.java:1287)
> {code}
> Sometimes, when we submit our application to a queue, the submitted 
> application may fail because we have no permission to submit the application 
> to the corresponding queue. 
> But we have no place apart from the fair-scheduler.xml to see the ACL of the 
> queue, 
> you can't see such information from RM scheduler page.
> So, I want to join the *aclSubmitApps*、*aclAdministerApps *message to the RM 
> scheduler page.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to