Example: Moving the application and viewing the log in the "Test" queue
Provide the privileges to a user to move application between queues and to view a log in a specific queue.
application_1536220066338_0002running in the queue "Test":
- Application owner: John
- "Marketing" and "Dev" queue administrator: Jane
- Jane has log view rights via the
- YARN cluster administrator: Bob
In this use case, John attempts to view the logs for his job, which is allowed because he is the application owner.
Jane attempts to access
application_1536220066338_0002 in the queue "Test" to move the application to the
"Marketing" queue. She is denied access to the "Test" queue via the queue ACLs–so she cannot
submit to or administer the queue "Test". She is also unable to kill a job running in queue
"Test". She then attempts to access the logs for
application_1536220066338_0002 and is allowed access via the
application_1536220066338_0002in the queue "Test" to move the application to the "Marketing" queue. As the YARN cluster administrator, he has access to all queues and can move the application.