You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@impala.apache.org by "Fredy Wijaya (JIRA)" <ji...@apache.org> on 2019/07/02 03:52:00 UTC
[jira] [Resolved] (IMPALA-8716) Log a a group of privileges into a
single audit event
[ https://issues.apache.org/jira/browse/IMPALA-8716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fredy Wijaya resolved IMPALA-8716.
----------------------------------
Resolution: Fixed
Fix Version/s: Impala 3.3.0
> Log a a group of privileges into a single audit event
> -----------------------------------------------------
>
> Key: IMPALA-8716
> URL: https://issues.apache.org/jira/browse/IMPALA-8716
> Project: IMPALA
> Issue Type: Sub-task
> Components: Frontend
> Reporter: Fredy Wijaya
> Assignee: Fredy Wijaya
> Priority: Major
> Fix For: Impala 3.3.0
>
>
> Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, SELECT, REFRESH). For example if we run "show partitions foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be creating 2 audit logs:
> - Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, INSERT, foo.bar
> - Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, SELECT, foo.bar
> This can be confusing. A better solution is to log this as a single audit log, e.g.
> - allowed, VIEW_METADATA, foo.bar
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)