[jira] [Commented] (YARN-9731) In ATS v1.5, all jobs are visible to all users without view-acl

Tue, 09 Mar 2021 08:39:05 -0800 


    [ 
https://issues.apache.org/jira/browse/YARN-9731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298166#comment-17298166
 ] 

Brahma Reddy Battula commented on YARN-9731:
--------------------------------------------

[~abmodi] could you check the latest patch, looks all your comments are 
addressed. It's an security issue,better to have for branch-3.3 also.

> In ATS v1.5, all jobs are visible to all users without view-acl
> ---------------------------------------------------------------
>
>                 Key: YARN-9731
>                 URL: https://issues.apache.org/jira/browse/YARN-9731
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: timelineserver
>    Affects Versions: 3.1.2
>            Reporter: KWON BYUNGCHANG
>            Assignee: KWON BYUNGCHANG
>            Priority: Major
>         Attachments: YARN-9731.001.patch, YARN-9731.002.patch, 
> YARN-9731.003.patch, YARN-9731.004.patch, YARN-9731.005.patch, 
> ats_v1.5_screenshot.png
>
>
> In ATS v1.5 of secure mode,
> all jobs are visible to all users without view-acl.
> if user does not have view-acl,  user should not be able to see jobs.
> I attatched ATS UI screenshot.
>  
> ATS v1.5 log
> {code:java}
> 2019-08-09 10:21:13,679 WARN 
> applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore 
> (ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687))
>  - Failed to authorize when generating application report for 
> application_1565247558150_1954. Use a placeholder for its latest attempt id.
> org.apache.hadoop.security.authorize.AuthorizationException: User magnum does 
> not have privilege to see this application application_1565247558150_1954
> 2019-08-09 10:21:13,680 WARN 
> applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore 
> (ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687))
>  - Failed to authorize when generating application report for 
> application_1565247558150_1951. Use a placeholder for its latest attempt id.
> org.apache.hadoop.security.authorize.AuthorizationException: User magnum does 
> not have privilege to see this application application_1565247558150_1951
> {code}
>  
>  
>  
>  
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to