[ https://issues.apache.org/jira/browse/YARN-9445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16811560#comment-16811560 ]
Bibin A Chundatt commented on YARN-9445: ---------------------------------------- [~shuzirra] I agree with the [~sunilg] . Admin acl's IIUC was added for YARN admin ops control. Current change could allow admin acl users occupying clusters resources rt . Cluster admin can be allowed to maintain RM (standby,active transistions) , get reports , kill apps etc.. I don't think should be allowed take cluster resources. > yarn.admin.acl is futile > ------------------------ > > Key: YARN-9445 > URL: https://issues.apache.org/jira/browse/YARN-9445 > Project: Hadoop YARN > Issue Type: Bug > Components: security > Affects Versions: 3.3.0 > Reporter: Peter Simon > Assignee: Gergely Pollak > Priority: Major > Attachments: YARN-9445.001.patch > > > * Define a queue with restrictive administerApps settings (e.g. yarn) > * Set yarn.admin.acl to "*". > * Try to submit an application with user yarn, it is denied. > This way my expected behaviour would be that while everyone is admin, I can > submit to whatever pool. > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org