[
https://issues.apache.org/jira/browse/HADOOP-10467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13970074#comment-13970074
]
Benoy Antony commented on HADOOP-10467:
---------------------------------------
In some cases, it takes a longer time to add users to groups. In those
situations, the ability to specify usernames in the _proxyuserconfiguration_
will enable administrators to quickly unblock users. That's the use case.
Similar ability is available in yarn queue acls.
An implementation choice would have been to add a separate property for users
alone. But to maintain parity with queue acls , I added usergroups which can
accept users and groups. If maintaining parity with Queue ACL specification is
not important, I can create a new property - users instead of usergroups.
The syntax is _user1,user2SPACEgroup1,group2_ (Same as in queue acls). Since
these properties are per user, they are not in core-default.xml. I can specify
the syntax and new configuration in the release notes. Would that be
appropriate ?
> Enable proxyuser specification to support list of users in addition to list
> of groups.
> --------------------------------------------------------------------------------------
>
> Key: HADOOP-10467
> URL: https://issues.apache.org/jira/browse/HADOOP-10467
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10467.patch, HADOOP-10467.patch
>
>
> Today , the proxy user specification supports only list of groups. In some
> cases, it is useful to specify the list of users in addition to list of
> groups.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
