You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Abhay Kulkarni <ak...@hortonworks.com> on 2018/03/23 18:09:16 UTC
Re: Review Request 66251: Avoid creation of spurious audit record in
HDFS 2.8.0 and later versions
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66251/
-----------------------------------------------------------
(Updated March 23, 2018, 6:09 p.m.)
Review request for ranger and Madhan Neethiraj.
Summary (updated)
-----------------
Avoid creation of spurious audit record in HDFS 2.8.0 and later versions
Bugs: RANGER-2037
https://issues.apache.org/jira/browse/RANGER-2037
Repository: ranger
Description
-------
HDFS 2.8.0 calls authorizer twice for each access request; first for traverse-only check and second for specific access permission check. Currently, first check produces an audit record which is unnecessary and confusing as it seems to suggest that Ranger authorizer denied the request.
Diffs (updated)
-----
hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 59cf6b12f
Diff: https://reviews.apache.org/r/66251/diff/2/
Changes: https://reviews.apache.org/r/66251/diff/1-2/
Testing (updated)
-------
Tested in a local VM.
Thanks,
Abhay Kulkarni
Re: Review Request 66251: Avoid creation of spurious audit record in
HDFS 2.8.0 and later versions
Posted by Zsombor Gegesy <zs...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66251/#review199907
-----------------------------------------------------------
Ship it!
Ship It!
- Zsombor Gegesy
On March 23, 2018, 6:09 p.m., Abhay Kulkarni wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66251/
> -----------------------------------------------------------
>
> (Updated March 23, 2018, 6:09 p.m.)
>
>
> Review request for ranger and Madhan Neethiraj.
>
>
> Bugs: RANGER-2037
> https://issues.apache.org/jira/browse/RANGER-2037
>
>
> Repository: ranger
>
>
> Description
> -------
>
> HDFS 2.8.0 calls authorizer twice for each access request; first for traverse-only check and second for specific access permission check. Currently, first check produces an audit record which is unnecessary and confusing as it seems to suggest that Ranger authorizer denied the request.
>
>
> Diffs
> -----
>
> hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java 59cf6b12f
>
>
> Diff: https://reviews.apache.org/r/66251/diff/2/
>
>
> Testing
> -------
>
> Tested in a local VM.
>
>
> Thanks,
>
> Abhay Kulkarni
>
>