hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandy Ryza (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-899) Get queue administration ACLs working
Date Wed, 07 Aug 2013 19:41:51 GMT

    [ https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732635#comment-13732635
] 

Sandy Ryza commented on YARN-899:
---------------------------------

bq. So, I think that the applicationACLs should be only for the users who has access to QueueA,
not for the whole users.
Someone more experienced correct me if I'm wrong here, but I believe the goal of queue administration
ACLs is to allow admins to delegate responsibility.  So if I am a cluster admin and I set
up a queue for the marketing department and a queue for the engineering department, I might
want to allow the head of marketing to kill applications in the marketing queue without needing
to go through me.  With this in mind, I think who has access should be based on a union of
ACLs - I should be able to kill any application in the marketing queue either if I am on the
application's ACL or if I am on the queue's ACL.
                
> Get queue administration ACLs working
> -------------------------------------
>
>                 Key: YARN-899
>                 URL: https://issues.apache.org/jira/browse/YARN-899
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: scheduler
>    Affects Versions: 2.1.0-beta
>            Reporter: Sandy Ryza
>            Assignee: Xuan Gong
>         Attachments: YARN-899.1.patch
>
>
> The Capacity Scheduler documents the yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue
config option for controlling who can administer a queue, but it is not hooked up to anything.
 The Fair Scheduler could make use of a similar option as well.  This is a feature-parity
regression from MR1.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message