[
https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732635#comment-13732635
]
Sandy Ryza commented on YARN-899:
---------------------------------
bq. So, I think that the applicationACLs should be only for the users who has
access to QueueA, not for the whole users.
Someone more experienced correct me if I'm wrong here, but I believe the goal
of queue administration ACLs is to allow admins to delegate responsibility. So
if I am a cluster admin and I set up a queue for the marketing department and a
queue for the engineering department, I might want to allow the head of
marketing to kill applications in the marketing queue without needing to go
through me. With this in mind, I think who has access should be based on a
union of ACLs - I should be able to kill any application in the marketing queue
either if I am on the application's ACL or if I am on the queue's ACL.
> Get queue administration ACLs working
> -------------------------------------
>
> Key: YARN-899
> URL: https://issues.apache.org/jira/browse/YARN-899
> Project: Hadoop YARN
> Issue Type: Bug
> Components: scheduler
> Affects Versions: 2.1.0-beta
> Reporter: Sandy Ryza
> Assignee: Xuan Gong
> Attachments: YARN-899.1.patch
>
>
> The Capacity Scheduler documents the
> yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue config option
> for controlling who can administer a queue, but it is not hooked up to
> anything. The Fair Scheduler could make use of a similar option as well.
> This is a feature-parity regression from MR1.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
