diff options
Diffstat (limited to 'docs/configuration.md')
| -rw-r--r-- | docs/configuration.md | 55 |
1 files changed, 52 insertions, 3 deletions
diff --git a/docs/configuration.md b/docs/configuration.md index 6512e16faf..9191570d07 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -1231,7 +1231,7 @@ Apart from these, the following properties are also available, and may be useful <td><code>spark.acls.enable</code></td> <td>false</td> <td> - Whether Spark acls should are enabled. If enabled, this checks to see if the user has + Whether Spark acls should be enabled. If enabled, this checks to see if the user has access permissions to view or modify the job. Note this requires the user to be known, so if the user comes across as null no checks are done. Filters can be used with the UI to authenticate and set the user. @@ -1243,8 +1243,33 @@ Apart from these, the following properties are also available, and may be useful <td> Comma separated list of users/administrators that have view and modify access to all Spark jobs. This can be used if you run on a shared cluster and have a set of administrators or devs who - help debug when things work. Putting a "*" in the list means any user can have the privilege - of admin. + help debug when things do not work. Putting a "*" in the list means any user can have the + privilege of admin. + </td> +</tr> +<tr> + <td><code>spark.admin.acls.groups</code></td> + <td>Empty</td> + <td> + Comma separated list of groups that have view and modify access to all Spark jobs. + This can be used if you have a set of administrators or developers who help maintain and debug + the underlying infrastructure. Putting a "*" in the list means any user in any group can have + the privilege of admin. The user groups are obtained from the instance of the groups mapping + provider specified by <code>spark.user.groups.mapping</code>. Check the entry + <code>spark.user.groups.mapping</code> for more details. + </td> +</tr> +<tr> + <td><code>spark.user.groups.mapping</code></td> + <td><code>org.apache.spark.security.ShellBasedGroupsMappingProvider</code></td> + <td> + The list of groups for a user are determined by a group mapping service defined by the trait + org.apache.spark.security.GroupMappingServiceProvider which can configured by this property. + A default unix shell based implementation is provided <code>org.apache.spark.security.ShellBasedGroupsMappingProvider</code> + which can be specified to resolve a list of groups for a user. + <em>Note:</em> This implementation supports only a Unix/Linux based environment. Windows environment is + currently <b>not</b> supported. However, a new platform/protocol can be supported by implementing + the trait <code>org.apache.spark.security.GroupMappingServiceProvider</code>. </td> </tr> <tr> @@ -1306,6 +1331,18 @@ Apart from these, the following properties are also available, and may be useful </td> </tr> <tr> + <td><code>spark.modify.acls.groups</code></td> + <td>Empty</td> + <td> + Comma separated list of groups that have modify access to the Spark job. This can be used if you + have a set of administrators or developers from the same team to have access to control the job. + Putting a "*" in the list means any user in any group has the access to modify the Spark job. + The user groups are obtained from the instance of the groups mapping provider specified by + <code>spark.user.groups.mapping</code>. Check the entry <code>spark.user.groups.mapping</code> + for more details. + </td> +</tr> +<tr> <td><code>spark.ui.filters</code></td> <td>None</td> <td> @@ -1328,6 +1365,18 @@ Apart from these, the following properties are also available, and may be useful have view access to this Spark job. </td> </tr> +<tr> + <td><code>spark.ui.view.acls.groups</code></td> + <td>Empty</td> + <td> + Comma separated list of groups that have view access to the Spark web ui to view the Spark Job + details. This can be used if you have a set of administrators or developers or users who can + monitor the Spark job submitted. Putting a "*" in the list means any user in any group can view + the Spark job details on the Spark web ui. The user groups are obtained from the instance of the + groups mapping provider specified by <code>spark.user.groups.mapping</code>. Check the entry + <code>spark.user.groups.mapping</code> for more details. + </td> +</tr> </table> #### Encryption |