GitHub user lhaiesp opened a pull request: https://github.com/apache/samza/pull/592
SAMZA-1794: setting application acl in launch context Currently we don't set application acl for container launch context. See https://hadoop.apache.org/docs/r2.6.4/api/org/apache/hadoop/yarn/api/records/ContainerLaunchContext.html#setApplicationACLs(java.util.Map) This could potentially cause problem if samza job is running on a secured YARN cluster. Say user A submits the job, then by default only user A can view the log and the status of the job. Even worse case is that user A submits the job through some proxy account, then even user A herself/himself couldn't access to logs/status of the application. We need to make some changes for the YARN application submission to set application acls in launch context as configured. You can merge this pull request into a Git repository by running: $ git pull https://github.com/lhaiesp/samza master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/samza/pull/592.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #592 ---- commit 6f11c2c0d3dd2b96b3261174b068dae75a2fb2b3 Author: Hai Lu <halu@...> Date: 2018-07-31T22:27:03Z SAMZA-1794: setting application acl in launch context for secured YARN cluster ---- ---