[ https://issues.apache.org/jira/browse/YARN-5554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15730829#comment-15730829 ]
Wilfred Spiegelenburg commented on YARN-5554: --------------------------------------------- I am all for it but I think we should do that from a follow up jira and not as part of this one. The reason I think that we should do it in a separate jira is that within the FairScheduler when you dig deeper the access check performed in the queue is exactly what is now done for the CapacityScheduler. The {{FSQueue.hasAccess()}} is using the same call to an {{YarnAuthorizationProvider}} as we have now in the in the QueueACLsManager for CS. > MoveApplicationAcrossQueues does not check user permission on the target queue > ------------------------------------------------------------------------------ > > Key: YARN-5554 > URL: https://issues.apache.org/jira/browse/YARN-5554 > Project: Hadoop YARN > Issue Type: Bug > Components: resourcemanager > Affects Versions: 2.7.2 > Reporter: Haibo Chen > Assignee: Wilfred Spiegelenburg > Labels: oct16-medium > Attachments: YARN-5554.10.patch, YARN-5554.11.patch, > YARN-5554.2.patch, YARN-5554.3.patch, YARN-5554.4.patch, YARN-5554.5.patch, > YARN-5554.6.patch, YARN-5554.7.patch, YARN-5554.8.patch, YARN-5554.9.patch > > > moveApplicationAcrossQueues operation currently does not check user > permission on the target queue. This incorrectly allows one user to move > his/her own applications to a queue that the user has no access to -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org