You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/10/26 16:03:33 UTC
[jira] [Created] (AMBARI-7976) Ambari: Add oozie install user as an
Oozie admin user
Andrew Onischuk created AMBARI-7976:
---------------------------------------
Summary: Ambari: Add oozie install user as an Oozie admin user
Key: AMBARI-7976
URL: https://issues.apache.org/jira/browse/AMBARI-7976
Project: Ambari
Issue Type: Bug
Reporter: Andrew Onischuk
Assignee: Andrew Onischuk
Fix For: 1.6.0
Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users
* have write access to all jobs
* have write access to admin operations
When authorization server security is enabled by config property
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.
Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt
See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration
Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.
We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt
This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)