hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohith Sharma K S (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-3895) Support ACLs in ATSv2
Date Thu, 14 Sep 2017 12:01:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16166135#comment-16166135

Rohith Sharma K S commented on YARN-3895:

I think we should target this for GA! Though YARN-6820 provides basic whitelisting users for
read access, it is not full solution.  
Request folks to put up your approaches for discussions!

Primarily I can think of couple of approaches which need to be discus complexities in detail!
#  User can submit acls during submission of application only which is currently supported
for application. The same acls can be stored under application table which can be referred
while reading entities. These acls belong to per application entities. All the entities under
application have these acls. This approach works well for flow model but not for Tez kind
of model. 
#  How about accepting ACLs via TimelineEntity itself.? Each entity has ACLS who should be
read! Note that acls is for reading data only.  
#  At last, atsv2 can also have group concept where in each group of entities has their own
acls. To to this way, probably let introduce new API that accept acls per group to store acls
at back end. The concern is how are we going to store at back end? What should be the row
key for new table!!
cc :/ [~jlowe] [~vrushalic] [~varun_saxena] [~jianhe] [~vinodkv] [~jrottinghuis] [~haibo.chen]

> Support ACLs in ATSv2
> ---------------------
>                 Key: YARN-3895
>                 URL: https://issues.apache.org/jira/browse/YARN-3895
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>    Affects Versions: YARN-2928
>            Reporter: Varun Saxena
>            Assignee: Varun Saxena
>              Labels: YARN-5355
> This JIRA is to keep track of authorization support design discussions for both readers
and collectors. 

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message