[ https://issues.apache.org/jira/browse/YARN-2575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15092467#comment-15092467 ]
Sean Po commented on YARN-2575: ------------------------------- >> When Reservation ACLs are not enabled - in this case, everyone should have >> access. This logic is already in place at Line 82 of ReservationsACLsManager. >> When Reservation ACLs are enabled but not defined - in this case also I >> think everyone should have access. Here are my thoughts on this: If we do implement it, the one problem that I see is that there might be inconsistencies in behaviour compared to QueueACLs checks because the queue hierarchy is ignored in ReservationACLs. For QueueACLs the behaviour is that if the queue is root and if ADMINISTER_QUEUE acl is not defined on root, then all users will have the ADMINISTER_QUEUE ACL on the root queue (Line 587 CapacitySchedulerConfiguration). For example: UserA has ADMINISTER_QUEUE ACL on queue root.QueueA, but not root.QueueB. If the queueACLs on root are not defined, UserA will also have ADMINISTER_QUEUE ACL on root.QueueB because QueueACLs checking process recursively looks up the hierarchy. With ReservationACLs, hierarchy is ignored, so if we made it so that everyone had ACLs on the queue if the ACL for the queue is not defined, then the UserA from the example above will have access to only root and root.QueueA. The good part about implementing this is that when someone is configuring YARN, they can get started a lot quicker without mucking around with the configuration. This will make it easier too if there is a team where everyone needs to make reservations on a particular queue, for example a test queue for team members to play around with. What are your thoughts [~subru] and [~asuresh]? > Consider creating separate ACLs for Reservation create/update/delete/list ops > ----------------------------------------------------------------------------- > > Key: YARN-2575 > URL: https://issues.apache.org/jira/browse/YARN-2575 > Project: Hadoop YARN > Issue Type: Sub-task > Components: capacityscheduler, fairscheduler, resourcemanager > Reporter: Subru Krishnan > Assignee: Sean Po > Attachments: YARN-2575.v1.patch, YARN-2575.v2.1.patch, > YARN-2575.v2.patch, YARN-2575.v3.patch, YARN-2575.v4.patch > > > YARN-1051 introduces the ReservationSystem and in the current implementation > anyone who can submit applications can also submit reservations. This JIRA is > to evaluate creating separate ACLs for Reservation create/update/delete ops. > Depends on YARN-4340 -- This message was sent by Atlassian JIRA (v6.3.4#6332)