Example: Moving the application and viewing the log in the "Test" queue
Provide the privileges to a user to move application between queues and to view a log in a specific queue.
For this Application ACL evaluation flow example, assume the following for
application_1536220066338_0002 running in the
queue "Test":- Application owner: John
- "Marketing" and "Dev" queue administrator: Jane
- Jane has log view rights via the
mapreduce.job.acl-view-jobACL - YARN cluster administrator: Bob
In this use case, John attempts to view the logs for his job, which is allowed because he is the application owner.
Jane attempts to access application_1536220066338_0002 in the queue "Test" to move the application to the
"Marketing" queue. She is denied access to the "Test" queue via the queue ACLs–so she cannot
submit to or administer the queue "Test". She is also unable to kill a job running in queue
"Test". She then attempts to access the logs for application_1536220066338_0002 and is allowed access via the mapreduce.job.acl-view-job ACL.
Bob attempts to access
application_1536220066338_0002 in the queue "Test" to move the application to the
"Marketing" queue. As the YARN cluster administrator, he has access to all queues and can move
the application.
