[
https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732287#comment-13732287
]
Xuan Gong commented on YARN-899:
--------------------------------
bq. If we can't apply them at this level, then I think the view ACLs are
something we should leave out.
When the client send an application, the client should provide the queue name
(say, QueueA) as well as the applicationACLs. So, I think that the
applicationACLs should be only for the users who has access to QueueA, not for
the whole users. If someone wants to view the applications on QueueA, no matter
for details or not, should we need to check whether this user has permission to
access QueueA first ?? Only using applicationACLsManager to check
ApplicationAccessType for the user is enough ?
> Get queue administration ACLs working
> -------------------------------------
>
> Key: YARN-899
> URL: https://issues.apache.org/jira/browse/YARN-899
> Project: Hadoop YARN
> Issue Type: Bug
> Components: scheduler
> Affects Versions: 2.1.0-beta
> Reporter: Sandy Ryza
> Assignee: Xuan Gong
> Attachments: YARN-899.1.patch
>
>
> The Capacity Scheduler documents the
> yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue config option
> for controlling who can administer a queue, but it is not hooked up to
> anything. The Fair Scheduler could make use of a similar option as well.
> This is a feature-parity regression from MR1.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
