Configure a Resource-based Policy: YARN
How to add a new policy to an existing YARN service.
-
On the Service Manager page, select an existing YARN service.
The List of Policies page appears.
-
Click Add New Policy.
The Create Policy page appears.
-
Complete the Create Policy page as follows:
Table 1. Policy Details Field Description Policy Name Enter an appropriate policy name. This name cannot be duplicated across the system. This field is mandatory. normal/override Enables you to specify an override policy. When override is selected, the access permissions in the policy override the access permissions in existing policies. This feature can be used with Add Validity Period to create temporary access policies that override existing policies. Queue The YARN queue to which the policy applies. Recursive The default recursive setting specifies that the policy will also be applied to all sub-queues; you can also specify a non-recursive path. Description (Optional) Describe the purpose of the policy. Audit Logging Specify whether this policy is audited. (Deselect to disable auditing). Policy Label Specify a label for this policy. You can search reports and filter policies based on these labels. Add Validity Period Specify a start and end time for the policy. Table 2. Allow Conditions Label
Description
Select Group Specify the groups to which this policy applies.
To designate a group as an Administrator, select the Delegate Admin check box. Administrators can edit or delete the policy, and can also create child policies based on the original policy.
The public group contains all users, so granting access to the public group grants access to all users.
Select User Specify the users to which this policy applies.
To designate a user as an Administrator, select the Delegate Admin check box. Administrators can edit or delete the policy, and can also create child policies based on the original policy.
Permissions Add or edit permissions: submit-app, admin-queue, Select/Deselect All. Delegate Admin You can use Delegate Admin to assign administrator privileges to the users or groups specified in the policy. Administrators can edit or delete the policy, and can also create child policies based on the original policy. - Click Add.