[ 
https://issues.apache.org/jira/browse/YARN-1937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14002145#comment-14002145
 ] 

Zhijie Shen commented on YARN-1937:
-----------------------------------

Hi Varun, thanks for review! W.R.T to you concern, see my comments bellow:

bq. 1. admins should be allowed to view all entities - the current patch only 
allows the owner

Yeah, we definitely need to allow admin as well as users/groups on the allowed 
access list. However, for now, since we still haven't admin module, I prefer to 
defer the admin check until we support admin role (see YARN-2059, YARN-2060).

bq. 2. There should be a way to prevent un-authenticated users from posting 
entities. In the current patch, the owner is set to null but the entity is 
saved. Admins should be allowed to insist that users be authenticated before 
posting entities.

IMHO, we should allow un-authenticated to post entities. Otherwise, the 
unsecured cluster cannot leverage the timeline service.

> Add entity-level access control of the timeline data for owners only
> --------------------------------------------------------------------
>
>                 Key: YARN-1937
>                 URL: https://issues.apache.org/jira/browse/YARN-1937
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-1937.1.patch, YARN-1937.2.patch, YARN-1937.3.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to