You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Fredy Wijaya (JIRA)" <ji...@apache.org> on 2019/06/26 23:30:00 UTC

[jira] [Created] (IMPALA-8716) Log a a group of privileges into a single audit log

Fredy Wijaya created IMPALA-8716:
------------------------------------

             Summary: Log a a group of privileges into a single audit log
                 Key: IMPALA-8716
                 URL: https://issues.apache.org/jira/browse/IMPALA-8716
             Project: IMPALA
          Issue Type: Sub-task
          Components: Frontend
            Reporter: Fredy Wijaya
            Assignee: Fredy Wijaya


Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, SELECT, REFRESH). For example if we have run "show partitions foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be creating 2 audit logs:
- Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, INSERT, foo.bar
- Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, SELECT, foo.bar

This can be confusing. A better solution is to log this as a single audit log, e.g.
- allowed, VIEW_METADATA, foo.bar



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org