Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for ACLs #78

merged 3 commits into from Oct 3, 2018


None yet
1 participant
Copy link

commented Oct 3, 2018

Adds support for Access Control Lists (ACLs). This allows filtering permissions on users/groups. Three access categories are supported:

  • VIEW: view application details. This comes from yarn, we only forward the request.
  • MODIFY: modify application. This comes from yarn, we only forward the request. AFAICT this only disables support for others killing the application.
  • UI: access the web ui. This is implemented in skein.

The first two are just forwarding application acls to YARN, and match YARN's semantics and defaults. Note that while these parameters will be forwarded in all cases, YARN will ignore them unless the cluster has been properly configured. See for more information.

By default, ACLs are disabled. If enabled, the default behavior is to restrict access for all 3 categories to only the application owner. Note that the application owner will always have access. Additional access can be granted for other users/groups as needed. The wildcard "*" can be used to mean "all users". All of this matches yarn/spark's behavior and defaults.

From a specification standpoint, this looks like:

# Enables acls
# Gives ui permissions to tom and nancy,
# modify access to anyone in the engineering group,
# and view access to everyone
  enable: true
    - tom
    - nancy
    - engineering
    - '*'

Fixes #74.

@jcrist jcrist merged commit ae0aa43 into master Oct 3, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

@jcrist jcrist deleted the acl-support branch Oct 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.