You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Abhishek Shukla (Jira)" <ji...@apache.org> on 2021/07/30 15:27:00 UTC

[jira] [Created] (RANGER-3356) [HDFS Plugin] Audit log not generated for non-super user for deleteSnapshot operation

Abhishek Shukla created RANGER-3356:
---------------------------------------

             Summary: [HDFS Plugin] Audit log not generated for non-super user for deleteSnapshot operation
                 Key: RANGER-3356
                 URL: https://issues.apache.org/jira/browse/RANGER-3356
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 2.2.0
            Reporter: Abhishek Shukla


While adding automation test case for RANGER-3337 observed that ranger audit is not getting generated for deleteSnapshot operation performed by a non-superuser.

 
{code:java}
Create a new HDFS policy in Ranger.

Policy Details:

Policy Name: testcase
Resource Path: /testcase
Allow Conditions:

Select User: testuser
Enabled: yes
Recursive: yes
Audit Logging: yes
Permissions: Read, Write, Execute

Note that "testuser" should be a non-privileged account. On my cluster I'm using "testuser", but you may choose something different.

Run the following commands whilst authenticated as the "hdfs" superuser:

$ hdfs dfs -mkdir -p /testcase/dir1
$ hdfs dfsadmin -allowSnapshot /testcase
$ hdfs dfs -createSnapshot /testcase s1

 
1. kinit as testuser, and run 
$ hdfs dfs -deleteSnapshot /testcase s1{code}
 

Snapshot is deleted but no audit log is generated, while if the same operation is performed by hdfs user audit log is generated.

cc [~abhayk]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)