From dev-return-12345-apmail-ranger-dev-archive=ranger.apache.org@ranger.apache.org Tue May 2 03:26:21 2017 Return-Path: X-Original-To: apmail-ranger-dev-archive@www.apache.org Delivered-To: apmail-ranger-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 77224183CB for ; Tue, 2 May 2017 03:26:21 +0000 (UTC) Received: (qmail 10820 invoked by uid 500); 2 May 2017 03:26:21 -0000 Delivered-To: apmail-ranger-dev-archive@ranger.apache.org Received: (qmail 10777 invoked by uid 500); 2 May 2017 03:26:21 -0000 Mailing-List: contact dev-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list dev@ranger.apache.org Received: (qmail 10762 invoked by uid 99); 2 May 2017 03:26:20 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 May 2017 03:26:20 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 3FB5DC01DB; Tue, 2 May 2017 03:26:20 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3 X-Spam-Level: *** X-Spam-Status: No, score=3 tagged_above=-999 required=6.31 tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id HEh2ZGQS3uhA; Tue, 2 May 2017 03:26:19 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id EF5025FCE3; Tue, 2 May 2017 03:26:18 +0000 (UTC) Received: from reviews.apache.org (unknown [10.41.0.12]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 98CEBE01A8; Tue, 2 May 2017 03:26:18 +0000 (UTC) Received: from reviews-vm2.apache.org (localhost [IPv6:::1]) by reviews.apache.org (ASF Mail Server at reviews-vm2.apache.org) with ESMTP id 6B15BC406FB; Tue, 2 May 2017 03:26:18 +0000 (UTC) Content-Type: multipart/alternative; boundary="===============1346939193371259761==" MIME-Version: 1.0 Subject: Review Request 58912: Audit log record for 'show databases' hive command contains all tags From: Abhay Kulkarni To: Madhan Neethiraj , Selvamohan Neethiraj Cc: Abhay Kulkarni , ranger Date: Tue, 02 May 2017 03:26:18 -0000 Message-ID: <20170502032618.62795.43084@reviews-vm2.apache.org> X-ReviewBoard-URL: https://reviews.apache.org/ Auto-Submitted: auto-generated Sender: Abhay Kulkarni X-ReviewGroup: ranger X-Auto-Response-Suppress: DR, RN, OOF, AutoReply X-ReviewRequest-URL: https://reviews.apache.org/r/58912/ X-Sender: Abhay Kulkarni Reply-To: Abhay Kulkarni X-ReviewRequest-Repository: ranger --===============1346939193371259761== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58912/ ----------------------------------------------------------- Review request for ranger, Madhan Neethiraj and Selvamohan Neethiraj. Bugs: RANGER-1553 https://issues.apache.org/jira/browse/RANGER-1553 Repository: ranger Description ------- If hive service is associated with a tag service then when a ‘show databases’ command is authorized by Ranger, potentially, all tags associated with all hive entities are evaluated to determine the authorization of the command. Consequently, the audit log record generated for it will show, in the tags field, every tag provisioned for any hive entity in Ranger. When a large number of tags are associated with hive entities the audit log is very cluttered and does not convey meaningful information. For this specific command, tags information in the generated audit log record is scrubbed. Diffs ----- hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java 9dea37a Diff: https://reviews.apache.org/r/58912/diff/1/ Testing ------- Tested with local VM Thanks, Abhay Kulkarni --===============1346939193371259761==--