The yarn application acl control is not so perfect which could let us pretty confused sometimes.
The yarn acl is disabled default, but when we enable it.
You will find the others who neither is yarn admin nor queue admin can not view the application detail.
It will show something as blow in YARN RM web ui:
So when we enable those configs, you will find it is very inconvenient to view the application status
when use RM web ui.
There are two ways to solve the problem:
1. To make the web ui more perfect, and can allow user to login as any uses he want.
Besides， it should provide a perfect verification mechanism.
2. Add a config in YarnConfiguration, which can allow some uses view any applications he want.
But he has not modify permissions.
In this way, the user can view all applications but can not kill other users applications.
Of the above two solutions， I will choose the second solution.
It is low cost but is more useful.
I will work on this, and upload the patch later.