[
https://issues.apache.org/jira/browse/YARN-1539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13857064#comment-13857064
]
Vinod Kumar Vavilapalli commented on YARN-1539:
-----------------------------------------------
bq. you need to be in its access control list OR in the access control list of
any of its ancestors.
It is AND not OR in Capacity-Scheduler. And that makes sense for submit-acls.
You need to have permissions to submit to a parent-queue, child-queue, leaf
queue etc. But not for admin ACLs.
Seems like that is different for FairScheduler. All the more we should fix this
to be consistent. FairScheduler should also change w.r.t submit-acls.
Yes, this would be an incompatible change, but don't know of a solution
otherwise. I found this a while back
([here|https://issues.apache.org/jira/browse/YARN-899?focusedCommentId=13781287&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13781287])
but failed to file the ticket and fix it in time.
> Queue admin ACLs should NOT be similar to submit-acls w.r.t hierarchy.
> ----------------------------------------------------------------------
>
> Key: YARN-1539
> URL: https://issues.apache.org/jira/browse/YARN-1539
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: Vinod Kumar Vavilapalli
> Priority: Critical
>
> Today, Queue admin ACLs are similar to submit-acls w.r.t hierarchy in that if
> one has to be able to administer a queue, he/she should be an admin of all
> the queues in the ancestry - an unnecessary burden.
> This was added in YARN-899 and I believe is wrong semantics as well as
> implementation.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
