hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod K V (JIRA)" <j...@apache.org>
Subject [jira] Updated: (MAPREDUCE-1307) Introduce the concept of Job Permissions
Date Wed, 17 Feb 2010 18:24:28 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Vinod K V updated MAPREDUCE-1307:

    Attachment: MAPREDUCE-1307-20100217.txt

 - Protect getTaskDiagnostics() APIs also w.r.t access control.
 - If a user gets an access control error, he should be informed about the configured ACLs
for the job.
 - Make the ACL part of the JobStatus object so that it is visible to all interested parties
who might be interested (including the command line to get the job status). Also, the CompletedJobStatusStore
can make use of this and enforce access control..

bq. ACLs for jobs should be displayed as part of jobdetails (the front page for jobs where
all high level info is displayed).
This will be done as part of MAPREDUCE-1455.

bq. Can we have the default ACL for job view enabled for the groups the user belongs to?
This is difficult to do without introducing SPECIAL case values ACLs, which itself is tricky
and I'm postponing for future as per need.

Leaving that aside, other changes in the patch include:
 - CompletedJobStore is fixed now to respect ACLs. And because of the new JobStatus objects,
JT cannot read JobStatus by previous versions of JT, and hence this is an incompatible change.
 - Refactored the ACLs related methods into a new class JobACLsManager which acts as an interface
between JT and any component that needs job-level authorization.
 - JobStatus is modified to include ACLs. ClientProtocol's version is bumped up too - another
incompatible change.
 - Added tests to verify the changes in CompletedJobStore.

> Introduce the concept of Job Permissions
> ----------------------------------------
>                 Key: MAPREDUCE-1307
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Devaraj Das
>            Assignee: Vinod K V
>             Fix For: 0.22.0
>         Attachments: 1307-early-1.patch, MAPREDUCE-1307-20100210.txt, MAPREDUCE-1307-20100211.txt,
MAPREDUCE-1307-20100215.txt, MAPREDUCE-1307-20100217.txt
> It would be good to define the notion of job permissions analogous to file permissions.
Then the JobTracker can restrict who can "read" (e.g. look at the job page) or "modify" (e.g.
kill) jobs.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message