You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-dev@hadoop.apache.org by "Zhijie Shen (JIRA)" <ji...@apache.org> on 2014/09/09 17:06:28 UTC
[jira] [Created] (MAPREDUCE-6080) JHS checks YARN application ACLs
to determine user's access to aggregated logs
Zhijie Shen created MAPREDUCE-6080:
--------------------------------------
Summary: JHS checks YARN application ACLs to determine user's access to aggregated logs
Key: MAPREDUCE-6080
URL: https://issues.apache.org/jira/browse/MAPREDUCE-6080
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: jobhistoryserver, webapps
Affects Versions: 2.5.0, 3.0.0
Reporter: Zhijie Shen
While JHS uses JobACLsManager to check user's access tot the job history information, it uses ApplicationACLsManager to justify whether the user has access to the aggregated log, because it directly imports AggregatedLogsBlock into the log web page.
In most cases, the two manager can do consistent access control. However we observed case that YARN acls is enabled while MR cluster acls is not. Therefore, the user can view all the job information except accessing the aggregated logs from JHS. It confuses the user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)