[ https://issues.apache.org/jira/browse/YARN-3517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14509152#comment-14509152 ]
Thomas Graves commented on YARN-3517: ------------------------------------- + // non-secure mode with no acls enabled + if (!isAdmin && !UserGroupInformation.isSecurityEnabled() + && !adminACLsManager.areACLsEnabled()) { + isAdmin = true; + } + We don't need the isSecurityEnabled check, just keep the one for areAclsEnabled. This could be combined with the previous if, make this the else if part but that isn't a big deal. in QueuesBlock we are creating the AdminACLsManager every web page load. Perhaps a better way would be to use the this.rm.getApplicationACLsManager() and extend the ApplicationAclsManager to explose an isAdmin functionality > RM web ui for dumping scheduler logs should be for admins only > -------------------------------------------------------------- > > Key: YARN-3517 > URL: https://issues.apache.org/jira/browse/YARN-3517 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager, security > Affects Versions: 2.7.0 > Reporter: Varun Vasudev > Assignee: Varun Vasudev > Priority: Blocker > Labels: security > Attachments: YARN-3517.001.patch, YARN-3517.002.patch, > YARN-3517.003.patch > > > YARN-3294 allows users to dump scheduler logs from the web UI. This should be > for admins only. -- This message was sent by Atlassian JIRA (v6.3.4#6332)