[ https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13779074#comment-13779074 ]
Zhijie Shen commented on YARN-899: ---------------------------------- bq. Someone more experienced correct me if I'm wrong here, but I believe the goal of queue administration ACLs is to allow admins to delegate responsibility. So if I am a cluster admin and I set up a queue for the marketing department and a queue for the engineering department, I might want to allow the head of marketing to kill applications in the marketing queue without needing to go through me. With this in mind, I think who has access should be based on a union of ACLs - I should be able to kill any application in the marketing queue either if I am on the application's ACL or if I am on the queue's ACL. Make sense bq. For the view access, we can check the union of QueueACLs and ApplicationACLs Then, IMHO, the union of ACLs should be applied to both viewing applications and killing them. More, I think it's good to document the super permission from the queue administrator. > Get queue administration ACLs working > ------------------------------------- > > Key: YARN-899 > URL: https://issues.apache.org/jira/browse/YARN-899 > Project: Hadoop YARN > Issue Type: Bug > Components: scheduler > Affects Versions: 2.1.0-beta > Reporter: Sandy Ryza > Assignee: Xuan Gong > Attachments: YARN-899.1.patch, YARN-899.2.patch, YARN-899.3.patch, > YARN-899.4.patch, YARN-899.5.patch, YARN-899.5.patch, YARN-899.6.patch, > YARN-899.7.patch, YARN-899.8.patch > > > The Capacity Scheduler documents the > yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue config option > for controlling who can administer a queue, but it is not hooked up to > anything. The Fair Scheduler could make use of a similar option as well. > This is a feature-parity regression from MR1. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira