ApplicationACLsManager (hadoop-yarn-common 2.4.1 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.yarn.server.security
Class ApplicationACLsManager

java.lang.Object
  org.apache.hadoop.yarn.server.security.ApplicationACLsManager

@InterfaceAudience.Private public class ApplicationACLsManager
extends Object
extends Object

Constructor Summary
`ApplicationACLsManager(org.apache.hadoop.conf.Configuration conf)`

Method Summary
`void`	`addApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId, Map<org.apache.hadoop.yarn.api.records.ApplicationAccessType,String> acls)`
`boolean`	`areACLsEnabled()`
`boolean`	`checkAccess(org.apache.hadoop.security.UserGroupInformation callerUGI, org.apache.hadoop.yarn.api.records.ApplicationAccessType applicationAccessType, String applicationOwner, org.apache.hadoop.yarn.api.records.ApplicationId applicationId)` If authorization is enabled, checks whether the user (in the callerUGI) is authorized to perform the access specified by 'applicationAccessType' on the application by checking if the user is applicationOwner or part of application ACL for the specific access-type.
`void`	`removeApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

ApplicationACLsManager

public ApplicationACLsManager(org.apache.hadoop.conf.Configuration conf)

Method Detail

areACLsEnabled

public boolean areACLsEnabled()

addApplication

public void addApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId,
                           Map<org.apache.hadoop.yarn.api.records.ApplicationAccessType,String> acls)

removeApplication

public void removeApplication(org.apache.hadoop.yarn.api.records.ApplicationId appId)

checkAccess

public boolean checkAccess(org.apache.hadoop.security.UserGroupInformation callerUGI,
                           org.apache.hadoop.yarn.api.records.ApplicationAccessType applicationAccessType,
                           String applicationOwner,
                           org.apache.hadoop.yarn.api.records.ApplicationId applicationId)

If authorization is enabled, checks whether the user (in the callerUGI) is authorized to perform the access specified by 'applicationAccessType' on the application by checking if the user is applicationOwner or part of application ACL for the specific access-type.

The owner of the application can have all access-types on the application
For all other users/groups application-acls are checked

Parameters:: callerUGI -; applicationAccessType -; applicationOwner -; applicationId -
Throws:: org.apache.hadoop.security.AccessControlException