You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "kalyan kumar kalvagadda (JIRA)" <ji...@apache.org> on 2019/01/09 17:45:00 UTC
[jira] [Updated] (SENTRY-2323) Audit log to understand the changes
to path and permission information in Sentry namenode-plugin
[ https://issues.apache.org/jira/browse/SENTRY-2323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
kalyan kumar kalvagadda updated SENTRY-2323:
--------------------------------------------
Description:
Currently we do not have any clue on what’s going on with the ACL information in Sentry namenode plug-in.
*Solution:* To understand the changes happening to HDFS ACL’s, sentry could use the current HDFS audit logging to log the ACL changes and event that triggered the change.
# Permission grants and event that caused it.
** Let’s take an example: READ permission granted on /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Grant
# Permission revoke and the event that caused it.
** Let’s take an example:
READ permission removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Revoke.
READ/WRITE permissions removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit File removed.
** Permission change because of changes to roles is not possible to show as the data would be huge.
was:
Currently we do not have any clue on what’s going on with the ACL information in Sentry namenode plug-in.
*Solution: *To understand the changes happening to HDFS ACL’s, sentry could use the current HDFS audit logging to log the ACL changes and event that triggered the change.
# Permission grants and event that caused it.
** Let’s take an example: READ permission granted on /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Grant
# Permission revoke and the event that caused it.
** Let’s take an example:
READ permission removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Revoke.
READ/WRITE permissions removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit File removed.
** Permission change because of changes to roles is not possible to show as the data would be huge.
> Audit log to understand the changes to path and permission information in Sentry namenode-plugin
> ------------------------------------------------------------------------------------------------
>
> Key: SENTRY-2323
> URL: https://issues.apache.org/jira/browse/SENTRY-2323
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: kalyan kumar kalvagadda
> Assignee: Arjun Mishra
> Priority: Major
>
> Currently we do not have any clue on what’s going on with the ACL information in Sentry namenode plug-in.
> *Solution:* To understand the changes happening to HDFS ACL’s, sentry could use the current HDFS audit logging to log the ACL changes and event that triggered the change.
> # Permission grants and event that caused it.
> ** Let’s take an example: READ permission granted on /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Grant
> # Permission revoke and the event that caused it.
> ** Let’s take an example:
> READ permission removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Revoke.
> READ/WRITE permissions removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit File removed.
> ** Permission change because of changes to roles is not possible to show as the data would be huge.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)