[
https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15435546#comment-15435546
]
Rohith Sharma K S commented on YARN-5554:
-----------------------------------------
+1 for the issue. And also I think there are uncovered bugs with respect to
queueACL for moveToQueue operation.
# Along with modify app acl, user should also have access to ADMINISTER_QUEUE &
SUBMIT_APPLICATIONS acl's. Basically all 3 operations should be AND operation
rather than OR operation. cc :-/ [~jianhe]
Comments on the patch,
# patch appears to be do not fix the reported bug since it still check for
old-queue for user permission. Basically user authorization should happen for
targeted queue.
# The method {{appSubmissionToQueueAllowed}} can be renamed to
{{checkUserAccessToQueue}}?
> MoveApplicationAcrossQueues does not check user permission on the target queue
> ------------------------------------------------------------------------------
>
> Key: YARN-5554
> URL: https://issues.apache.org/jira/browse/YARN-5554
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.7.2
> Reporter: Haibo Chen
> Assignee: Wilfred Spiegelenburg
> Attachments: yarn5554.001.patch
>
>
> moveApplicationAcrossQueues operation currently does not check user
> permission on the target queue. This incorrectly allows one user to move
> his/her own applications to a queue that the user has no access to
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
