[
https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12834092#action_12834092
]
Devaraj Das commented on MAPREDUCE-1307:
----------------------------------------
Some comments summarizing an offline discussion with Vinod:
1) Protect getTaskDiagnostics() APIs also w.r.t access control.
2) ACLs for jobs should be displayed as part of jobdetails (the front page for
jobs where all high level info is displayed).
3) If a user gets an access control error, he should be informed about the
configured ACLs for the job.
4) Make the ACL part of the JobStatus object so that it is visible to all
interested parties who might be interested (including the command line to get
the job status). Also, the CompletedJobStatusStore can make use of this and
enforce access control..
5) Can we have the default ACL for job view enabled for the groups the user
belongs to? Current patch makes the default to be '', meaning no one else
except job-owner and superuser/supergroup can see others' jobs if
mapreduce.cluster.job-authorization-enabled is set to true.
> Introduce the concept of Job Permissions
> ----------------------------------------
>
> Key: MAPREDUCE-1307
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Devaraj Das
> Assignee: Vinod K V
> Fix For: 0.22.0
>
> Attachments: 1307-early-1.patch, MAPREDUCE-1307-20100210.txt,
> MAPREDUCE-1307-20100211.txt, MAPREDUCE-1307-20100215.txt
>
>
> It would be good to define the notion of job permissions analogous to file
> permissions. Then the JobTracker can restrict who can "read" (e.g. look at
> the job page) or "modify" (e.g. kill) jobs.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
