Return-Path: 
 <yarn-issues-return-33573-apmail-hadoop-yarn-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5045D11663
	for <apmail-hadoop-yarn-issues-archive@minotaur.apache.org>;
 Wed, 13 Aug 2014 17:24:14 +0000 (UTC)
Received: (qmail 98912 invoked by uid 500); 13 Aug 2014 17:24:12 -0000
Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org
Received: (qmail 98887 invoked by uid 500); 13 Aug 2014 17:24:12 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Reply-To: yarn-issues@hadoop.apache.org
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 98835 invoked by uid 99); 13 Aug 2014 17:24:12 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Aug 2014 17:24:12 +0000
Date: Wed, 13 Aug 2014 17:24:12 +0000 (UTC)
From: "Zhijie Shen (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12732485.1407397000020.73549.1407950652442@arcas>
In-Reply-To: <JIRA.12732485.1407397000020@arcas>
References: <JIRA.12732485.1407397000020@arcas>
Subject: [jira] [Commented] (YARN-2390) Investigating whehther generic
 history service needs to support queue-acls
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/YARN-2390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095748#comment-14095748 ] 

Zhijie Shen commented on YARN-2390:
-----------------------------------

bq. For getting application report, container report etc, currently in ClientRMService Queue ACL for ADMINISTER_QUEUE is also checked.

That's correct. However, after the app is finished, it has been removed from the queue. The question is whether we still want to give queue admin to the app that used to run on the queue, but now is removed from it and finished.

Personally, I prefer not to grant the view access of the finished app to the queue admin, because IMHO, the permissions of the queue admin should be within the scope of his assigned queue. Thoughts?

> Investigating whehther generic history service needs to support queue-acls
> --------------------------------------------------------------------------
>
>                 Key: YARN-2390
>                 URL: https://issues.apache.org/jira/browse/YARN-2390
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>
> According YARN-1250,  it's arguable whether queue-acls should be applied to the generic history service as well, because the queue admin may not need the access to the completed application that is removed from the queue. Create this ticket to tackle the discussion around.



--
This message was sent by Atlassian JIRA
(v6.2#6252)