You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-dev@hadoop.apache.org by "Zhijie Shen (JIRA)" <ji...@apache.org> on 2014/09/09 17:06:28 UTC

[jira] [Created] (MAPREDUCE-6080) JHS checks YARN application ACLs to determine user's access to aggregated logs

Zhijie Shen created MAPREDUCE-6080:
--------------------------------------

             Summary: JHS checks YARN application ACLs to determine user's access to aggregated logs
                 Key: MAPREDUCE-6080
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-6080
             Project: Hadoop Map/Reduce
          Issue Type: Bug
          Components: jobhistoryserver, webapps
    Affects Versions: 2.5.0, 3.0.0
            Reporter: Zhijie Shen


While JHS uses JobACLsManager to check user's access tot the job history information, it uses ApplicationACLsManager to justify whether the user has access to the aggregated log, because it directly imports AggregatedLogsBlock into the log web page.

In most cases, the two manager can do consistent access control. However we observed case that YARN acls is enabled while MR cluster acls is not. Therefore, the user can view all the job information except accessing the aggregated logs from JHS. It confuses the user. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)