[
https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12831402#action_12831402
]
Vinod K V commented on MAPREDUCE-1307:
--------------------------------------
OK.. I am going ahead with ACLs for job permissions. Here's the proposal:
Users can interact with their jobs via mapred commands, JT RPCs, JT web UI and
TT web UI. This issue only handles the authorization of RPCs and hence the
command-line clients. Authorization for web UI will be addressed by
MAPREDUCE-1455.
h4. Per-job ACLs can be set by job in JobConf during the submission.
- As of now, we will only have two per-job ACLs
-- mapreduce.job.acl-modify-job
-- mapreduce.job.acl-view-job
- Job owner has the authorization to do _anything_ with the job irrespective
of the configured ACLs.
- superuser(the user who starts the mapred cluster) and members of
supergroup(configured on JT via mapred.permissions.supergroup) have the
authorization to do _anything_ with the job irrespective of the configured ACLs.
h4. mapreduce.job.acl-modify-job
- This guards *all* the modifications w.r.t a job. This takes care of all the
following operations that come under this category:
-- killing a job
-- killing a task of a job, failing a task of a job
-- setting the priority of a job
- Each of these operations are also guarded by the per-queue level ACL
"acl-administer-jobs". So a caller(other than the job-owner and the
superuser/supergroup) should have the authorization to satisfy both the
queue-level ACL and then the job-level ACL.
h4. mapreduce.job.acl-view-job
- This guards *some* of the job-views
- For now, we *only* protect APIs that can return possibly sensitive
information of the job-owner
-- job-level counters
-- task-level counters
-- task-logs displayed by TT UI and
-- job.xml showed by JT UI
(The last twowill be handled by MAPREDUCE-1455).
- The above means every other piece information of jobs is still accessible by
any other user, for e.g., JobStatus, JobProfile, list of jobs in the queue, etc.
> Introduce the concept of Job Permissions
> ----------------------------------------
>
> Key: MAPREDUCE-1307
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Devaraj Das
> Fix For: 0.22.0
>
> Attachments: 1307-early-1.patch
>
>
> It would be good to define the notion of job permissions analogous to file
> permissions. Then the JobTracker can restrict who can "read" (e.g. look at
> the job page) or "modify" (e.g. kill) jobs.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
