hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod K V (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1307) Introduce the concept of Job Permissions
Date Sun, 07 Feb 2010 03:24:28 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12830629#action_12830629
] 

Vinod K V commented on MAPREDUCE-1307:
--------------------------------------

I wish to take this issue forward. First, let me summarize this:
h6. At present, we only have ACLs for queues:
_Queue_:
 - submit-job-acl
    -- determines which users and/or groups can submit a job to this queue
 - administer-job-acl
    -- determines which users and/or groups can perform administration operations like killing,
setting priority on a given job
    -- the job-owner is always part of this list.

----
h6. Now we also want to add authorization per job.
----

h6. 1307-early-1.patch proposal:

_Queue_:
 - same as above using ACLs.

_Job_:  POSIX file system permissions _like_ model
  - Specifies the jobs's user_owner , group_owner  and the permissions
  - user_owner of the job is from authentication
  - group_owner of the job is from job's configuration during submission
  - user_owner can always do all the operations on the job
  - Permissions(RW:RW) specify the rights to group_owner:others respectively
       -- R means 'readability' of the job. Meaning whether or not the group/others can view
information about the job
       -- W means 'writability' of the job. Meaning whether or not the group/others can modify
job information, kill job, kill a task of the job, set job-priority etc.

> Introduce the concept of Job Permissions
> ----------------------------------------
>
>                 Key: MAPREDUCE-1307
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Devaraj Das
>             Fix For: 0.22.0
>
>         Attachments: 1307-early-1.patch
>
>
> It would be good to define the notion of job permissions analogous to file permissions.
Then the JobTracker can restrict who can "read" (e.g. look at the job page) or "modify" (e.g.
kill) jobs.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message