[jira] [Commented] (YARN-899) Get queue administration ACLs working

Thu, 26 Sep 2013 11:40:24 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13779074#comment-13779074
 ] 

Zhijie Shen commented on YARN-899:
----------------------------------

bq. Someone more experienced correct me if I'm wrong here, but I believe the 
goal of queue administration ACLs is to allow admins to delegate 
responsibility. So if I am a cluster admin and I set up a queue for the 
marketing department and a queue for the engineering department, I might want 
to allow the head of marketing to kill applications in the marketing queue 
without needing to go through me. With this in mind, I think who has access 
should be based on a union of ACLs - I should be able to kill any application 
in the marketing queue either if I am on the application's ACL or if I am on 
the queue's ACL.

Make sense

bq. For the view access, we can check the union of QueueACLs and ApplicationACLs

Then, IMHO, the union of ACLs should be applied to both viewing applications 
and killing them. More, I think it's good to document the super permission from 
the queue administrator.
                
> Get queue administration ACLs working
> -------------------------------------
>
>                 Key: YARN-899
>                 URL: https://issues.apache.org/jira/browse/YARN-899
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: scheduler
>    Affects Versions: 2.1.0-beta
>            Reporter: Sandy Ryza
>            Assignee: Xuan Gong
>         Attachments: YARN-899.1.patch, YARN-899.2.patch, YARN-899.3.patch, 
> YARN-899.4.patch, YARN-899.5.patch, YARN-899.5.patch, YARN-899.6.patch, 
> YARN-899.7.patch, YARN-899.8.patch
>
>
> The Capacity Scheduler documents the 
> yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue config option 
> for controlling who can administer a queue, but it is not hooked up to 
> anything.  The Fair Scheduler could make use of a similar option as well.  
> This is a feature-parity regression from MR1.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to