fa8c95
@@ -27,9 +27,9 @@
 import java.util.Map;
 import java.util.Set;
 
-import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.ql.Context;
 import org.apache.hadoop.hive.ql.DriverContext;
 import org.apache.hadoop.hive.ql.exec.Operator;
@@ -48,18 +48,17 @@
 import org.apache.hadoop.hive.ql.plan.api.StageType;
 import org.apache.hadoop.hive.ql.session.SessionState;
 import org.apache.hadoop.mapred.JobConf;
-import org.apache.hadoop.security.token.Token;
 import org.apache.hadoop.util.StringUtils;
 import org.apache.hadoop.yarn.api.records.LocalResource;
 import org.apache.hadoop.yarn.api.records.LocalResourceType;
 import org.apache.tez.common.counters.CounterGroup;
 import org.apache.tez.common.counters.TezCounter;
 import org.apache.tez.common.counters.TezCounters;
+import org.apache.tez.common.security.DAGAccessControls;
 import org.apache.tez.dag.api.DAG;
 import org.apache.tez.dag.api.Edge;
 import org.apache.tez.dag.api.GroupInputEdge;
 import org.apache.tez.dag.api.SessionNotRunning;
-import org.apache.tez.dag.api.TezUncheckedException;
 import org.apache.tez.dag.api.Vertex;
 import org.apache.tez.dag.api.VertexGroup;
 import org.apache.tez.dag.api.client.DAGClient;
@@ -277,6 +276,7 @@
DAG build(JobConf conf, TezWork work, Path scratchDir,
     // the name of the dag is what is displayed in the AM/Job UI
     DAG dag = DAG.create(work.getName());
     dag.setCredentials(conf.getCredentials());
+    setAccessControlsForCurrentUser(dag);
 
     for (BaseWork w: ws) {
 
@@ -351,6 +351,17 @@
DAG build(JobConf conf, TezWork work, Path scratchDir,
     return dag;
   }
 
+  private void setAccessControlsForCurrentUser(DAG dag) {
+    // get current user
+    String currentUser = SessionState.getUserFromAuthenticator();
+    if(LOG.isDebugEnabled()) {
+      LOG.debug("Setting Tez DAG access for " + currentUser);
+    }
+    // set permissions for current user on DAG
+    DAGAccessControls ac = new DAGAccessControls(currentUser, currentUser);
+    dag.setAccessControls(ac);
+  }
+
   DAGClient submit(JobConf conf, DAG dag, Path scratchDir,
       LocalResource appJarLr, TezSessionState sessionState,
       List<LocalResource> additionalLr, String[] inputOutputJars,
