[
https://issues.apache.org/jira/browse/MAPREDUCE-7537?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated MAPREDUCE-7537:
--------------------------------------
Labels: pull-request-available (was: )
> Hadoop MapReduce Task-Level Security - allowed Groups Bypass
> ------------------------------------------------------------
>
> Key: MAPREDUCE-7537
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-7537
> Project: Hadoop Map/Reduce
> Issue Type: New Feature
> Components: mrv2
> Reporter: Riya Khandelwal
> Priority: Major
> Labels: pull-request-available
>
> [MAPREDUCE-7523|https://issues.apache.org/jira/browse/MAPREDUCE-7523]
> introduced mapreduce.security.denied-tasks: a single, global list of
> disallowed class name prefixes applied to values of keys listed in
> mapreduce.security.property-domain. By default the policy is not per-user or
> per-group—the same rules apply to every submitter until an exception is
> configured. mapreduce.security.allowed-users already provides a per-user
> bypass of that deny list.
> This work adds mapreduce.security.allowed-groups: a per-group bypass using
> the submitter’s resolved group names from the cluster’s Hadoop group mapping
> (UserGroupInformation.getGroupsSet() for that user).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
