Zhijie Shen created MAPREDUCE-6080:
--------------------------------------
Summary: JHS checks YARN application ACLs to determine user's
access to aggregated logs
Key: MAPREDUCE-6080
URL: https://issues.apache.org/jira/browse/MAPREDUCE-6080
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: jobhistoryserver, webapps
Affects Versions: 2.5.0, 3.0.0
Reporter: Zhijie Shen
While JHS uses JobACLsManager to check user's access tot the job history
information, it uses ApplicationACLsManager to justify whether the user has
access to the aggregated log, because it directly imports AggregatedLogsBlock
into the log web page.
In most cases, the two manager can do consistent access control. However we
observed case that YARN acls is enabled while MR cluster acls is not.
Therefore, the user can view all the job information except accessing the
aggregated logs from JHS. It confuses the user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
