You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Andrew Onischuk (JIRA)" <ji...@apache.org> on 2014/10/26 16:03:33 UTC

[jira] [Created] (AMBARI-7976) Ambari: Add oozie install user as an Oozie admin user

Andrew Onischuk created AMBARI-7976:
---------------------------------------

             Summary: Ambari: Add oozie install user as an Oozie admin user
                 Key: AMBARI-7976
                 URL: https://issues.apache.org/jira/browse/AMBARI-7976
             Project: Ambari
          Issue Type: Bug
            Reporter: Andrew Onischuk
            Assignee: Andrew Onischuk
             Fix For: 1.6.0


Oozie has an authorization model for admin access to oozie facilities. Oozie
admin users

  * have write access to all jobs
  * have write access to admin operations

When authorization server security is enabled by config property  
oozie.service.AuthorizationService.authorization.enabled (which is set to true
in our installations - the default is false), then admin users are determined
by either membership in a group identified by the property
oozie.service.AuthorizationService.admin.groups.

Since we don't set either of them, we expect users to set the admin usernames
in the file /etc/oozie/conf/adminusers.txt

See [Oozie User Authorization Configuration](https://oozie.apache.org/docs/4.0
.0/AG_Install.html#User_Authorization_Configuration) for more details on admin
user configuration

Because we want to do sharelib update operations which are write access
operations, the user performing these should be an Oozie admin user. If not,
the admin operation will fail.

We should explicitly add the oozie install user as the admin user by adding
the user to adminusers.txt

This feature is also needed for rolling upgrade scenarios to explicitly update
sharelib after upgrading the servers.





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)