[
https://issues.apache.org/jira/browse/YARN-3895?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16341310#comment-16341310
]
Vrushali C commented on YARN-3895:
----------------------------------
I see, thanks [~jlowe] and [~jeagles] . I was earlier under the beliefe that
the list of domain ids may not be that big. But if it's approximately one per
dag or one app, then that is a lot of domain ids and putting so many in one
hbase cell value is not going to work well.
Let me rethink the backend storage layout for domain ids in this case.
One question, in a common scenario, do you have the user (the doAs DAG user)
who wrote the entity be the one to query it? Or is another user in that group
query for the entity a more common occurence? Put another way, is the writer
user frequently the same as the reader user?
If so, perhaps querying the groups_domain table for domain id can be deferred
to after we get the entities.
It looks like getting the domain id from the entity and checking for that
domain id for the user / group is perhaps a better way to query data.
> Support ACLs in ATSv2
> ---------------------
>
> Key: YARN-3895
> URL: https://issues.apache.org/jira/browse/YARN-3895
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: timelineserver
> Affects Versions: YARN-2928
> Reporter: Varun Saxena
> Assignee: Varun Saxena
> Priority: Major
> Labels: YARN-5355
>
> This JIRA is to keep track of authorization support design discussions for
> both readers and collectors.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
