You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/10/26 17:32:33 UTC

[jira] [Resolved] (AMBARI-7976) Ambari: Add oozie install user as an Oozie admin user

     [ https://issues.apache.org/jira/browse/AMBARI-7976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Onischuk resolved AMBARI-7976.
-------------------------------------
    Resolution: Fixed

Committed to branch-1.7.0

> Ambari: Add oozie install user as an Oozie admin user
> -----------------------------------------------------
>
>                 Key: AMBARI-7976
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7976
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Andrew Onischuk
>            Assignee: Andrew Onischuk
>             Fix For: 1.6.0
>
>
> Oozie has an authorization model for admin access to oozie facilities. Oozie
> admin users
>   * have write access to all jobs
>   * have write access to admin operations
> When authorization server security is enabled by config property  
> oozie.service.AuthorizationService.authorization.enabled (which is set to true
> in our installations - the default is false), then admin users are determined
> by either membership in a group identified by the property
> oozie.service.AuthorizationService.admin.groups.
> Since we don't set either of them, we expect users to set the admin usernames
> in the file /etc/oozie/conf/adminusers.txt
> See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
> .0/AG_Install.html#User_Authorization_Configuration) for more details on admin
> user configuration
> Because we want to do sharelib update operations which are write access
> operations, the user performing these should be an Oozie admin user. If not,
> the admin operation will fail.
> We should explicitly add the oozie install user as the admin user by adding
> the user to adminusers.txt
> This feature is also needed for rolling upgrade scenarios to explicitly update
> sharelib after upgrading the servers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)