Tristan Stevens created YARN-8026:
-------------------------------------
Summary: FairScheduler queue ACLs not implemented for application
actions
Key: YARN-8026
URL: https://issues.apache.org/jira/browse/YARN-8026
Project: Hadoop YARN
Issue Type: Bug
Components: fairscheduler
Reporter: Tristan Stevens
The mapred-site.xml options mapreduce.job.acl-modify-job and
mapreduce.job.acl-view-job both specify that queue ACLs should apply for read
and modify operations on a job, however according to
org.apache.hadoop.yarn.server.security.ApplicationACLsManager.java this feature
has not been implemented.
This is very important otherwise it is difficult to manage a cluster with a
complicated queue hierarchy without either putting everyone in the admin ACL,
getting many support tickets or asking people to remember to set
mapreduce.job.acl-modify-job and mapreduce.job.acl-view-job.
Extract from mapred-default.xml:
bq. Irrespective of this ACL configuration, (a) job-owner, (b) the user who
started the cluster, (c) members of an admin configured supergroup configured
via mapreduce.cluster.permissions.supergroup and *(d) queue administrators of
the queue to which this job was submitted* to configured via
acl-administer-jobs for the specific queue in mapred-queues.xml can do all the
view operations on a job.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
