Riya Khandelwal created MAPREDUCE-7537:
------------------------------------------
Summary: Hadoop MapReduce Task-Level Security - allowed Groups
Bypass
Key: MAPREDUCE-7537
URL: https://issues.apache.org/jira/browse/MAPREDUCE-7537
Project: Hadoop Map/Reduce
Issue Type: New Feature
Components: mrv2
Reporter: Riya Khandelwal
[MAPREDUCE-7523|https://issues.apache.org/jira/browse/MAPREDUCE-7523]
introduced mapreduce.security.denied-tasks: a single, global list of disallowed
class name prefixes applied to values of keys listed in
mapreduce.security.property-domain. By default the policy is not per-user or
per-group—the same rules apply to every submitter until an exception is
configured. mapreduce.security.allowed-users already provides a per-user bypass
of that deny list.
This work adds mapreduce.security.allowed-groups: a per-group bypass using the
submitter’s resolved group names from the cluster’s Hadoop group mapping
(UserGroupInformation.getGroupsSet() for that user).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
