You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Wenkang-xu (via GitHub)" <gi...@apache.org> on 2023/04/10 02:45:05 UTC

[GitHub] [ranger] Wenkang-xu opened a new pull request, #243: fix: mismatch the value of access_type and action

Wenkang-xu opened a new pull request, #243:
URL: https://github.com/apache/ranger/pull/243

   When I try to use the ranger audit logs to analysis the access info, the value of Access Type and Permission on the ranger web page confuses me. After readed the source code, I found the problem that mismatch the value of Access Type and Permission.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ranger.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [ranger] Wenkang-xu commented on pull request #243: fix: mismatch the value of access_type and action

Posted by "Wenkang-xu (via GitHub)" <gi...@apache.org>.

Wenkang-xu commented on PR #243:
URL: https://github.com/apache/ranger/pull/243#issuecomment-1501338966

   ![image](https://user-images.githubusercontent.com/104415572/230815236-9357739f-d070-4971-b234-c0c7be60a896.png)
   ![image](https://user-images.githubusercontent.com/104415572/230815241-5bdb5603-c1f9-4065-948a-ba5e02e3aaf8.png)
   Look at the picture above, the first picture shows some hive audit logs, the second picture shows some prestodb audit logs.
   
   ### explain the problem
   We know Permission on the web page is the Operation Type [[this.setAction(hiveOpTypeName);](https://github.com/apache/ranger/blob/b9d24af9f93053b70a5c692be13aa212b3e0fb26/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java)] which doesn't contain "select"([See this](https://github.com/apache/hive/blob/master/ql/src/java/org/apache/hadoop/hive/ql/security/authorization/plugin/HiveOperationType.java)). For example: HiveAccessType.SELECT can reference many Operation Type, like QUERY, SHOWPARTITIONS etc. You can find in [this code](https://github.com/apache/ranger/blob/7901d88e2aeac1d515581a0e987e7d4318da78b1/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java). 
   Therefore we can clearly judge that mismatch the value between Access Type and Action.
   
   ### Test my code
   After I changed the code which is my submit and repackaged it, the web page show autit logs as I expected.
   ![image](https://user-images.githubusercontent.com/104415572/230817665-022764cf-3fff-435d-bad8-5b868ff34136.png)
   
   ![image](https://user-images.githubusercontent.com/104415572/230817675-96b31eae-df4d-44b9-a095-26a2503a4616.png)
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ranger.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org