[
https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732615#comment-13732615
]
Sandy Ryza commented on YARN-899:
---------------------------------
bq. In case of YARN, a queue is a YARN construct. Queue acls should be enforced
by YARN and not by each scheduler.
Agreed. We will need to change this for the existing submit ACLs as well.
Currently the scheduler holds which applications are in which queues and the
ACLs for each queue. I don't think we should change that part, so perhaps an
interface like Scheduler#getQueueACLs(ApplicationAttemptId) would make sense?
bq. There are separate acls for who can view as compared to who can modify (
kill, etc ).
As far as I can tell this is not how it worked for queue ACLs in MR1, but I
think this is how we should do it for MR2.
> Get queue administration ACLs working
> -------------------------------------
>
> Key: YARN-899
> URL: https://issues.apache.org/jira/browse/YARN-899
> Project: Hadoop YARN
> Issue Type: Bug
> Components: scheduler
> Affects Versions: 2.1.0-beta
> Reporter: Sandy Ryza
> Assignee: Xuan Gong
> Attachments: YARN-899.1.patch
>
>
> The Capacity Scheduler documents the
> yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue config option
> for controlling who can administer a queue, but it is not hooked up to
> anything. The Fair Scheduler could make use of a similar option as well.
> This is a feature-parity regression from MR1.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
