[
https://issues.apache.org/jira/browse/MAPREDUCE-1307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod K V updated MAPREDUCE-1307:
---------------------------------
Release Note: Added job-level authorization to MapReduce. JobTracker will
now use the cluster configuration "mapreduce.cluster.job-authorization-enabled"
to enable the checks to verify the authority of access of jobs where ever
needed. Introduced two job-configuration properties to specify ACLs:
"mapreduce.job.acl-view-job" and "mapreduce.job.acl-modify-job". For now, RPCs
related to job-level counters, task-level counters and tasks' diagnostic
information are protected by "mapreduce.job.acl-view-job" ACL.
"mapreduce.job.acl-modify-job" protects killing of a job, killing a task of a
job, failing a task of a job and setting the priority of a job. Irrespective of
the above two ACLs, job-owner, superuser and members of supergroup configured
on JobTracker via mapred.permissions.supergroup, can do all the view and
modification operations.
> Introduce the concept of Job Permissions
> ----------------------------------------
>
> Key: MAPREDUCE-1307
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1307
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: security
> Reporter: Devaraj Das
> Assignee: Vinod K V
> Fix For: 0.22.0
>
> Attachments: 1307-early-1.patch, MAPREDUCE-1307-20100210.txt,
> MAPREDUCE-1307-20100211.txt, MAPREDUCE-1307-20100215.txt,
> MAPREDUCE-1307-20100217.txt
>
>
> It would be good to define the notion of job permissions analogous to file
> permissions. Then the JobTracker can restrict who can "read" (e.g. look at
> the job page) or "modify" (e.g. kill) jobs.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
