hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vrushali C (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-6820) Restrict read access to timelineservice v2 data
Date Thu, 13 Jul 2017 18:33:01 GMT
Vrushali C created YARN-6820:
--------------------------------

             Summary: Restrict read access to timelineservice v2 data 
                 Key: YARN-6820
                 URL: https://issues.apache.org/jira/browse/YARN-6820
             Project: Hadoop YARN
          Issue Type: Sub-task
            Reporter: Vrushali C


Need to provide a way to restrict read access in ATSv2. Not all users should be able to read
all entities. On the flip side, some folks may not need any read restrictions, so we need
to provide a way to disable this access restriction as well. 

Initially this access restriction could be done in a simple way via a whitelist of users allowed
to read data. That set of users can read all data, no other user can read any data. Can be
turned off for all users to read all data.

Could be stored in a "domain" table in hbase perhaps. Or a configuration setting for the cluster.
Or something else that's simple enough. ATSv1 has a concept of domain for isolating users
for reading. Would be good to keep that in consideration. 

In ATSv1, domain offers a namespace for Timeline server allowing users to host multiple entities,
isolating them from other users and applications. A “Domain” in ATSV1 primarily stores
owner info, read and& write ACL information, created and modified time stamp information.
Each Domain is identified by an ID which must be unique across all users in the YARN cluster.




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message