You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Hrishikesh Gadre (JIRA)" <ji...@apache.org> on 2017/12/28 14:13:00 UTC

[jira] [Created] (SENTRY-2112) Collection/core admin operation audit logs do not record accurate operation name

Hrishikesh Gadre created SENTRY-2112:
----------------------------------------

             Summary: Collection/core admin operation audit logs do not record accurate operation name
                 Key: SENTRY-2112
                 URL: https://issues.apache.org/jira/browse/SENTRY-2112
             Project: Sentry
          Issue Type: Bug
          Components: Solr Plugin
    Affects Versions: 2.0.0
            Reporter: Hrishikesh Gadre
            Assignee: Hrishikesh Gadre


As part of SENTRY-1475, we reimplemented the Sentry/Solr integration which also includes audit logs. In case of collection/core admin operations, Sentry plugin asserts two checks
* Does user has global admin privileges?
* Does user has collection level admin privileges?

e.g. let's say user want to create alias named A for collection B. Then Sentry checks following permissions,
* Does user has collection admin privileges (i.e. admin=collections) ?
* Does user has collection privileges (i.e. collection=A)?

Solr plugin also emits audit log for each of these steps. Currently the audit log for second step records operationName = update/query (instead of actual operation name e.g. CREATEALIAS).

This jira is to rectify this bug (introduced as part of SENTRY-1475).




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)