You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "ANANDA G B (Jira)" <ji...@apache.org> on 2021/03/09 09:10:00 UTC
[jira] [Comment Edited] (YARN-9731) In ATS v1.5, all jobs are
visible to all users without view-acl
[ https://issues.apache.org/jira/browse/YARN-9731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17297827#comment-17297827 ]
ANANDA G B edited comment on YARN-9731 at 3/9/21, 9:09 AM:
-----------------------------------------------------------
Thanks for working on it [~magnum].
[~prabhujoseph] Can we commit this 3.1.2 and 3.3.1 version.
was (Author: gb.ananda@gmail.com):
Thanks for working on it [~magnum].
[~prabhujoseph] Can we commit this 3.1.2 version.
> In ATS v1.5, all jobs are visible to all users without view-acl
> ---------------------------------------------------------------
>
> Key: YARN-9731
> URL: https://issues.apache.org/jira/browse/YARN-9731
> Project: Hadoop YARN
> Issue Type: Bug
> Components: timelineserver
> Affects Versions: 3.1.2
> Reporter: KWON BYUNGCHANG
> Assignee: KWON BYUNGCHANG
> Priority: Major
> Attachments: YARN-9731.001.patch, YARN-9731.002.patch, YARN-9731.003.patch, YARN-9731.004.patch, YARN-9731.005.patch, ats_v1.5_screenshot.png
>
>
> In ATS v1.5 of secure mode,
> all jobs are visible to all users without view-acl.
> if user does not have view-acl, user should not be able to see jobs.
> I attatched ATS UI screenshot.
>
> ATS v1.5 log
> {code:java}
> 2019-08-09 10:21:13,679 WARN applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore (ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687)) - Failed to authorize when generating application report for application_1565247558150_1954. Use a placeholder for its latest attempt id.
> org.apache.hadoop.security.authorize.AuthorizationException: User magnum does not have privilege to see this application application_1565247558150_1954
> 2019-08-09 10:21:13,680 WARN applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore (ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687)) - Failed to authorize when generating application report for application_1565247558150_1951. Use a placeholder for its latest attempt id.
> org.apache.hadoop.security.authorize.AuthorizationException: User magnum does not have privilege to see this application application_1565247558150_1951
> {code}
>
>
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org