[
https://issues.apache.org/jira/browse/YARN-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13857050#comment-13857050
]
Sandy Ryza commented on YARN-1539:
----------------------------------
My understanding was that the way that both submit and admin work is that: to
have access to a queue, you need to be in its access control list OR in the
access control list of any of its ancestors. Where is the unnecessary burden?
Also, would this not be an incompatible change?
{code}
@Override
public boolean hasAccess(QueueACL acl, UserGroupInformation user) {
synchronized (this) {
if (acls.get(acl).isUserAllowed(user)) {
return true;
}
}
if (parent != null) {
return parent.hasAccess(acl, user);
}
return false;
}
{code}
> Queue admin ACLs should NOT be similar to submit-acls w.r.t hierarchy.
> ----------------------------------------------------------------------
>
> Key: YARN-1539
> URL: https://issues.apache.org/jira/browse/YARN-1539
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Vinod Kumar Vavilapalli
> Priority: Critical
>
> Today, Queue admin ACLs are similar to submit-acls w.r.t hierarchy in that if
> one has to be able to administer a queue, he/she should be an admin of all
> the queues in the ancestry - an unnecessary burden.
> This was added in YARN-899 and I believe is wrong semantics as well as
> implementation.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
