You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Sergey Shelukhin (JIRA)" <ji...@apache.org> on 2016/02/22 20:38:18 UTC
[jira] [Commented] (HIVE-13113) add audit log to HS2, especially
for SQL auth
[ https://issues.apache.org/jira/browse/HIVE-13113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15157551#comment-15157551 ]
Sergey Shelukhin commented on HIVE-13113:
-----------------------------------------
[~thejas] fyi
> add audit log to HS2, especially for SQL auth
> ---------------------------------------------
>
> Key: HIVE-13113
> URL: https://issues.apache.org/jira/browse/HIVE-13113
> Project: Hive
> Issue Type: New Feature
> Reporter: Sergey Shelukhin
>
> We need a separate audit log similar to HDFS audit log, where table/etc. accesses can optionally be logged. It is especially important with SQL standard auth, since the default model for that is doAs=false, and the lack of impersonation makes HDFS audit logs relatively useless. There's some audit logging in metastore, but it does into the main log and I don't think anyone ensured it is sufficient and consistently applied even within the scope of metastore; there's also a question of whether accesses at the task level can be audited, and how (should HS2 audit-log each task x input combo, since tasks cannot log to a permanent location?).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)