You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Abhishek Shukla (Jira)" <ji...@apache.org> on 2021/07/30 15:27:00 UTC
[jira] [Created] (RANGER-3356) [HDFS Plugin] Audit log not
generated for non-super user for deleteSnapshot operation
Abhishek Shukla created RANGER-3356:
---------------------------------------
Summary: [HDFS Plugin] Audit log not generated for non-super user for deleteSnapshot operation
Key: RANGER-3356
URL: https://issues.apache.org/jira/browse/RANGER-3356
Project: Ranger
Issue Type: Bug
Components: plugins
Affects Versions: 2.2.0
Reporter: Abhishek Shukla
While adding automation test case for RANGER-3337 observed that ranger audit is not getting generated for deleteSnapshot operation performed by a non-superuser.
{code:java}
Create a new HDFS policy in Ranger.
Policy Details:
Policy Name: testcase
Resource Path: /testcase
Allow Conditions:
Select User: testuser
Enabled: yes
Recursive: yes
Audit Logging: yes
Permissions: Read, Write, Execute
Note that "testuser" should be a non-privileged account. On my cluster I'm using "testuser", but you may choose something different.
Run the following commands whilst authenticated as the "hdfs" superuser:
$ hdfs dfs -mkdir -p /testcase/dir1
$ hdfs dfsadmin -allowSnapshot /testcase
$ hdfs dfs -createSnapshot /testcase s1
1. kinit as testuser, and run
$ hdfs dfs -deleteSnapshot /testcase s1{code}
Snapshot is deleted but no audit log is generated, while if the same operation is performed by hdfs user audit log is generated.
cc [~abhayk]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)