On my hadoop cluser, I have designed an oozie workflow with the following property.
<global>
<configuration>
<property>
<name>mapred.job.queue.name</name>
<value>myQueue</value>
</property>
<property>
<name>oozie.launcher.mapred.job.queue.name</name>
<value>oozie-launcher</value>
</property>
<property>
<name>tez.queue.name</name>
<value>myQueue</value>
</property>
<property>
<name>oozie.job.acl</name>
<value>*</value>
</property>
<property>
<name>mapreduce.job.acl-modify-job</name>
<value>*</value>
</property>
</configuration>
My concern is with the property oozie.job.acl wich is supposed to provide an acl that allow everyone to kill my workflow.
But when I try to kill it with a different user than the one who submit it, oozie return an error E0508
oozie job -oozie http://localhost:11000/oozie -kill 0000000-151020102420689-oozie-oozi-W
Error: E0508 : E0508: User [user] not authorized for WF job [0000000-151020102420689-oozie-oozi-W]
Am I missing something in the configuration of my cluster ? I am using oozie 4.1.0.
I finally manage to find the answer to my question by having a look at Oozie source code and will post the solution.
In fact Oozie doesn't recognize the wildcard '*', you need to pass the full acl with the following format USER1,USER2,USER3 also it seems that the format USER1,USER2 GROUP1,GROUP2 like presented in the bug OOZIE-228 doesn't work because Oozie split the acl string based on , character. And to be sure it is handled properly, the oozie.job.acl need to be in the job.properties and not in the workflow.xml.
Hope this will save time to people having the same trouble has me.