[ https://issues.apache.org/jira/browse/YARN-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13732635#comment-13732635 ]
Sandy Ryza commented on YARN-899: --------------------------------- bq. So, I think that the applicationACLs should be only for the users who has access to QueueA, not for the whole users. Someone more experienced correct me if I'm wrong here, but I believe the goal of queue administration ACLs is to allow admins to delegate responsibility. So if I am a cluster admin and I set up a queue for the marketing department and a queue for the engineering department, I might want to allow the head of marketing to kill applications in the marketing queue without needing to go through me. With this in mind, I think who has access should be based on a union of ACLs - I should be able to kill any application in the marketing queue either if I am on the application's ACL or if I am on the queue's ACL. > Get queue administration ACLs working > ------------------------------------- > > Key: YARN-899 > URL: https://issues.apache.org/jira/browse/YARN-899 > Project: Hadoop YARN > Issue Type: Bug > Components: scheduler > Affects Versions: 2.1.0-beta > Reporter: Sandy Ryza > Assignee: Xuan Gong > Attachments: YARN-899.1.patch > > > The Capacity Scheduler documents the > yarn.scheduler.capacity.root.<queue-path>.acl_administer_queue config option > for controlling who can administer a queue, but it is not hooked up to > anything. The Fair Scheduler could make use of a similar option as well. > This is a feature-parity regression from MR1. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira