hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Junping Du (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-1968) YARN Admin service should have more fine-grained ACL which is based on mapping of users with methods/operations.
Date Mon, 21 Apr 2014 16:55:16 GMT

     [ https://issues.apache.org/jira/browse/YARN-1968?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Junping Du updated YARN-1968:
-----------------------------

    Description: 
AdminService's operation today have different dimensions of management, some are on user management
while others are on cluster management, etc. 
Today, we only check if user belongs to some authorized group to see if he can execute operations
in admin service. The result is who can either execute all operations or none which is a simple
strategy but not very precisely so we cannot separate different management roles to several
admins. We may need more fine-grained ACLs which can authorized user with partial operations
in AdminService.

  was:
AdminService's operation today have different dimensions of management, some is on user management
while other is on cluster management. 
Today, we only check if user belongs to some authorized group to see if he can execute operations
in admin service. The result is he can either execute all operations or none which is a simple
strategy but not very precisely. We may need more fine-grained ACLs which can authorized user
with partial operations in AdminService.


> YARN Admin service should have more fine-grained ACL which is based on mapping of users
with methods/operations.
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-1968
>                 URL: https://issues.apache.org/jira/browse/YARN-1968
>             Project: Hadoop YARN
>          Issue Type: Improvement
>            Reporter: Junping Du
>
> AdminService's operation today have different dimensions of management, some are on user
management while others are on cluster management, etc. 
> Today, we only check if user belongs to some authorized group to see if he can execute
operations in admin service. The result is who can either execute all operations or none which
is a simple strategy but not very precisely so we cannot separate different management roles
to several admins. We may need more fine-grained ACLs which can authorized user with partial
operations in AdminService.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message