Tristan Stevens created YARN-8026: ------------------------------------- Summary: FairScheduler queue ACLs not implemented for application actions Key: YARN-8026 URL: https://issues.apache.org/jira/browse/YARN-8026 Project: Hadoop YARN Issue Type: Bug Components: fairscheduler Reporter: Tristan Stevens
The mapred-site.xml options mapreduce.job.acl-modify-job and mapreduce.job.acl-view-job both specify that queue ACLs should apply for read and modify operations on a job, however according to org.apache.hadoop.yarn.server.security.ApplicationACLsManager.java this feature has not been implemented. This is very important otherwise it is difficult to manage a cluster with a complicated queue hierarchy without either putting everyone in the admin ACL, getting many support tickets or asking people to remember to set mapreduce.job.acl-modify-job and mapreduce.job.acl-view-job. Extract from mapred-default.xml: bq. Irrespective of this ACL configuration, (a) job-owner, (b) the user who started the cluster, (c) members of an admin configured supergroup configured via mapreduce.cluster.permissions.supergroup and *(d) queue administrators of the queue to which this job was submitted* to configured via acl-administer-jobs for the specific queue in mapred-queues.xml can do all the view operations on a job. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org