You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2017/05/02 03:26:18 UTC
Review Request 58912: Audit log record for 'show databases' hive
command contains all tags
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58912/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj and Selvamohan Neethiraj.
Bugs: RANGER-1553
https://issues.apache.org/jira/browse/RANGER-1553
Repository: ranger
Description
-------
If hive service is associated with a tag service then when a ‘show databases’ command is authorized by Ranger, potentially, all tags associated with all hive entities are evaluated to determine the authorization of the command. Consequently, the audit log record generated for it will show, in the tags field, every tag provisioned for any hive entity in Ranger. When a large number of tags are associated with hive entities the audit log is very cluttered and does not convey meaningful information.
For this specific command, tags information in the generated audit log record is scrubbed.
Diffs
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java 9dea37a
Diff: https://reviews.apache.org/r/58912/diff/1/
Testing
-------
Tested with local VM
Thanks,
Abhay Kulkarni
Re: Review Request 58912: Audit log record for 'show databases' hive
command contains all tags
Posted by Madhan Neethiraj <ma...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58912/#review173614
-----------------------------------------------------------
Ship it!
Ship It!
- Madhan Neethiraj
On May 2, 2017, 3:26 a.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58912/
> -----------------------------------------------------------
>
> (Updated May 2, 2017, 3:26 a.m.)
>
>
> Review request for ranger, Madhan Neethiraj and Selvamohan Neethiraj.
>
>
> Bugs: RANGER-1553
> https://issues.apache.org/jira/browse/RANGER-1553
>
>
> Repository: ranger
>
>
> Description
> -------
>
> If hive service is associated with a tag service then when a ‘show databases’ command is authorized by Ranger, potentially, all tags associated with all hive entities are evaluated to determine the authorization of the command. Consequently, the audit log record generated for it will show, in the tags field, every tag provisioned for any hive entity in Ranger. When a large number of tags are associated with hive entities the audit log is very cluttered and does not convey meaningful information.
>
> For this specific command, tags information in the generated audit log record is scrubbed.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java 9dea37a
>
>
> Diff: https://reviews.apache.org/r/58912/diff/1/
>
>
> Testing
> -------
>
> Tested with local VM
>
>
> Thanks,
>
> Abhay Kulkarni
>
>