[ https://issues.apache.org/jira/browse/YARN-6791?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
YunFan Zhou updated YARN-6791:
------------------------------
Attachment: YARN-6791.004.patch
> Add a new acl control to make YARN acl control perfect
> ------------------------------------------------------
>
> Key: YARN-6791
> URL: https://issues.apache.org/jira/browse/YARN-6791
> Project: Hadoop YARN
> Issue Type: Improvement
> Components: yarn
> Affects Versions: 2.7.2
> Reporter: YunFan Zhou
> Assignee: YunFan Zhou
> Fix For: 2.7.2
>
> Attachments: screenshot-1.png, screenshot-2.png, YARN-6791.001.patch, YARN-6791.002.patch,
YARN-6791.003.patch, YARN-6791.004.patch
>
>
> The yarn application acl control is not so perfect which could let us pretty confused
sometimes.
> !screenshot-1.png!
> The yarn acl is disabled default, but when we enable it.
> You will find the others who neither is yarn admin nor queue admin can not view the
application detail.
> It will show something as blow in YARN RM web ui:
> !screenshot-2.png!
> So when we enable those configs, you will find it is very inconvenient to view the application
status
> when use RM web ui.
> There are two ways to solve the problem:
> 1. To make the web ui more perfect, and can allow user to login as any uses he want.
> Besides, it should provide a perfect verification mechanism.
> 2. Add a config in YarnConfiguration, which can allow some uses view any applications
he want.
> But he has not modify permissions.
> In this way, the user can view all applications but can not kill other users applications.
> Of the above two solutions, I will choose the second solution.
> It is low cost but is more useful.
> I will work on this, and upload the patch later.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org
|