You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Selvamohan Neethiraj (JIRA)" <ji...@apache.org> on 2015/09/24 00:33:19 UTC

[jira] [Updated] (RANGER-615) Audit to db: Truncate all string values of audit record so that writing of audit does not fail

     [ https://issues.apache.org/jira/browse/RANGER-615?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Selvamohan Neethiraj updated RANGER-615:
----------------------------------------
    Fix Version/s:     (was: 0.5.0)
                   0.5.1

> Audit to db: Truncate all string values of audit record so that writing of audit does not fail
> ----------------------------------------------------------------------------------------------
>
>                 Key: RANGER-615
>                 URL: https://issues.apache.org/jira/browse/RANGER-615
>             Project: Ranger
>          Issue Type: Bug
>          Components: audit
>    Affects Versions: 0.4.0, 0.5.0, 0.6.0
>            Reporter: Alok Lal
>            Assignee: Alok Lal
>             Fix For: 0.5.1, 0.6.0
>
>
> For hive plugin {{resource_path}} field of {{xa_access_audit}} table would be formatted like: {{database/table/col1,col2,col3}}. Length of this formatted string depends on the number of columns accessed in the query and the length of the column names.  If table has a large number of columns then it is possible to exceed the column length which leads to failure to write audit message to audit table.
> Following is the proposed solution:
> - Truncate messages that exceed the destination database column so that insertion of audit row does not fail.
> - The length at which data value is truncated should be configurable. This helps for example, if the column size in the database is increased at a later date to capture more of audit data before it gets clipped.
> - Also, it should be possible to suppress any truncation and restore the earlier behavior.
> - Configuration should have sensible defaults in the code, too.
> - Concrete consider the following example: For example, say, they have a problem with {{resource_path}} column exceeding the current database size of {{2000}}. Then one would define the following property in the audit config file:
> {code:xml}
>     <property>
>         <name>xasecure.audit.db.max.columnvalue.resource_path</name>
>         <value>2000</value>
>     </property>
> {code}
> This would clip the value of resource_path column so it does not exceed 2000. The last 3 characters of the column value should be “…” to indicate that message was clipped.
> - User should be able to do this sort of a setting for any string column of the {{xa_access_audit}} table.
> - Setting the value to a -ve number should prevent any truncation. If this property is absent then the column would be clipped at 2000 which is the default column size for this table.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)