ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Review Request 58912: Audit log record for 'show databases' hive command contains all tags
Date Tue, 02 May 2017 03:26:18 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58912/
-----------------------------------------------------------

Review request for ranger, Madhan Neethiraj and Selvamohan Neethiraj.


Bugs: RANGER-1553
    https://issues.apache.org/jira/browse/RANGER-1553


Repository: ranger


Description
-------

If hive service is associated with a tag service then when a ‘show databases’ command
is authorized by Ranger, potentially, all tags associated with all hive entities are evaluated
to determine the authorization of the command. Consequently, the audit log record generated
for it will show, in the tags field, every tag provisioned for any hive entity in Ranger.
When a large number of tags are associated with hive entities the audit log is very cluttered
and does not convey meaningful information.

For this specific command, tags information in the generated audit log record is scrubbed.


Diffs
-----

  hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
9dea37a 


Diff: https://reviews.apache.org/r/58912/diff/1/


Testing
-------

Tested with local VM


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message