You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Attila Bukor (Jira)" <ji...@apache.org> on 2021/06/15 19:00:00 UTC

[jira] [Created] (KUDU-3293) Confusing Ranger audit logs

Attila Bukor created KUDU-3293:
----------------------------------

             Summary: Confusing Ranger audit logs
                 Key: KUDU-3293
                 URL: https://issues.apache.org/jira/browse/KUDU-3293
             Project: Kudu
          Issue Type: Bug
          Components: authz, ranger
            Reporter: Attila Bukor


When a client opens a table, the master authorizes DML actions on it and returns a list of allowed actions to the client which is then forwarded to the tablet servers so that it doesn't have to talk to Ranger. This significantly reduces the number of requests to Ranger, but it messes with the audit logs, as it will show ALL, and if it's denied, then also SELECT, UPDATE, INSERT and DELETE for each open table request, even if the client is only doing one of these things. which can be confusing.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)