https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116247#M79041 <P>What are the consequencs/ disadvantages setting hadoop.security.authorization to true? why its by default set to false.</P> Fri, 29 Jan 2016 02:36:57 GMT garunkumar85 2016-01-29T02:36:57Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116247#M79041 <P>What are the consequencs/ disadvantages setting hadoop.security.authorization to true? why its by default set to false.</P> Fri, 29 Jan 2016 02:36:57 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116247#M79041 garunkumar85 2016-01-29T02:36:57Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116248#M79042 <P>If you enable it you also need to define ACLs for the different yarn services. I.e. define users and groups that can execute specific tasks. More details can be found here.</P><P><A href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html#Enable_Service_Level_Authorization" target="_blank">https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html#Enable_Service_Level_Authorization</A></P> Fri, 29 Jan 2016 04:35:26 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116248#M79042 bleonhardi 2016-01-29T04:35:26Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116249#M79043 <P>users list should be pulled from KDC ?</P> Fri, 29 Jan 2016 05:01:33 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116249#M79043 garunkumar85 2016-01-29T05:01:33Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116250#M79044 <P>instead of all users, can we restrict to confined users and the list should be pulled from KDC ?</P> Fri, 29 Jan 2016 05:02:07 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116250#M79044 garunkumar85 2016-01-29T05:02:07Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116251#M79045 <P>Not sure what you mean with "confined" users and pulled from KDC. Its just the hadoop (linux) users/groups you want to give access to these services. For example if you have a linux group hadoopadmins who should be able to run these services you would specify them. KDC principals are mapped to linux users by Hadoop using the authtolocal rules. </P><P>Normally the linux users will come from LDAP/AD but that does not have to be the case.</P> Fri, 29 Jan 2016 18:02:54 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116251#M79045 bleonhardi 2016-01-29T18:02:54Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116252#M79046 <P><A rel="user" href="https://community.cloudera.com/users/168/bleonhardi.html" nodeid="168">@Benjamin Leonhardi</A> Thank you Benjamin for your explanation. </P> Sat, 30 Jan 2016 02:28:53 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116252#M79046 garunkumar85 2016-01-30T02:28:53Z https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116253#M79047 <P><A rel="user" href="https://community.cloudera.com/users/168/bleonhardi.html" nodeid="168">@Benjamin Leonhardi</A></P><P>Can you help me with working demo of enabling service level authorization for yarn.</P><P>I have followed the steps in <A href="https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html#Enable_Service_Level_Authorization">https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/ServiceLevelAuth.html#Enable_Service_Level_Authorization</A> but it is not working.</P><P>I can run yarn jobs from any user irrespective of the acl settings. I need this in HDP 2.3.4.0 with Ambari 2.2.0</P> Mon, 04 Apr 2016 20:26:40 GMT https://community.cloudera.com/t5/Support-Questions/service-level-authorisation/m-p/116253#M79047 rahulpathak109 2016-04-04T20:26:40Z