Zhijie Shen created MAPREDUCE-6080: -------------------------------------- Summary: JHS checks YARN application ACLs to determine user's access to aggregated logs Key: MAPREDUCE-6080 URL: https://issues.apache.org/jira/browse/MAPREDUCE-6080 Project: Hadoop Map/Reduce Issue Type: Bug Components: jobhistoryserver, webapps Affects Versions: 2.5.0, 3.0.0 Reporter: Zhijie Shen
While JHS uses JobACLsManager to check user's access tot the job history information, it uses ApplicationACLsManager to justify whether the user has access to the aggregated log, because it directly imports AggregatedLogsBlock into the log web page. In most cases, the two manager can do consistent access control. However we observed case that YARN acls is enabled while MR cluster acls is not. Therefore, the user can view all the job information except accessing the aggregated logs from JHS. It confuses the user. -- This message was sent by Atlassian JIRA (v6.3.4#6332)