Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-9731

In ATS v1.5, all jobs are visible to all users without view-acl

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.2
    • Fix Version/s: None
    • Component/s: timelineserver
    • Labels:
      None

      Description

      In ATS v1.5 of secure mode,

      all jobs are visible to all users without view-acl.

      if user does not have view-acl,  user should not be able to see jobs.

      I attatched ATS UI screenshot.

       

      ATS v1.5 log

      2019-08-09 10:21:13,679 WARN applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore (ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687)) - Failed to authorize when generating application report for application_1565247558150_1954. Use a placeholder for its latest attempt id.
      org.apache.hadoop.security.authorize.AuthorizationException: User magnum does not have privilege to see this application application_1565247558150_1954
      2019-08-09 10:21:13,680 WARN applicationhistoryservice.ApplicationHistoryManagerOnTimelineStore (ApplicationHistoryManagerOnTimelineStore.java:generateApplicationReport(687)) - Failed to authorize when generating application report for application_1565247558150_1951. Use a placeholder for its latest attempt id.
      org.apache.hadoop.security.authorize.AuthorizationException: User magnum does not have privilege to see this application application_1565247558150_1951
      

       

       

       

       

       

       

        Attachments

        1. YARN-9731.005.patch
          13 kB
          KWON BYUNGCHANG
        2. YARN-9731.004.patch
          13 kB
          KWON BYUNGCHANG
        3. YARN-9731.003.patch
          13 kB
          KWON BYUNGCHANG
        4. YARN-9731.002.patch
          13 kB
          KWON BYUNGCHANG
        5. YARN-9731.001.patch
          3 kB
          KWON BYUNGCHANG
        6. ats_v1.5_screenshot.png
          326 kB
          KWON BYUNGCHANG

          Activity

            People

            • Assignee:
              magnum KWON BYUNGCHANG
              Reporter:
              magnum KWON BYUNGCHANG
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: