Support Questions

cjervis · ‎10-28-2019

There is a really good article in IBM documentation about managing queue access with ACLs

However when I change the ACL config and add specific group:

yarn.scheduler.capacity.root.default.acl_submit_applications=yarn,ambari-qa,clusterusers

And after I refresh queues with:

$mapred queue -showacls

I get the following output.

Queue acls for user : myuser

Queue Operations
=====================
root
default

My temporal solution was to set:

yarn.scheduler.capacity.root.default.acl_submit_applications=*

Which works (see the output):

Queue acls for user : myuser

Queue Operations
=====================
root
default SUBMIT_APPLICATIONS

Note: myuser is a part of a group clusterusers

I would like to know why this config does not work if I set some groups on my own. Any ideas?

rguruvannagari · ‎10-28-2019

If clusterusers is a group then you should have a space separator between users and groups in acl config.

Something like

yarn.scheduler.capacity.root.default.acl_submit_applications=yarn,ambari-qa clusterusers

rguruvannagari · ‎10-28-2019

If clusterusers is a group then you should have a space separator between users and groups in acl config.

Something like

yarn.scheduler.capacity.root.default.acl_submit_applications=yarn,ambari-qa clusterusers

HDP 3.1 managing ACL access not working in ambari