Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.1.0
-
None
-
None
Description
Currently we do not have any clue on what’s going on with the ACL information in Sentry namenode plug-in.
Solution: To understand the changes happening to HDFS ACL’s, sentry could use the current HDFS audit logging to log the ACL changes and event that triggered the change.
- Permission grants and event that caused it.
- Let’s take an example: READ permission granted on /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Grant
- Permission revoke and the event that caused it.
- Let’s take an example:
READ permission removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Revoke.
READ/WRITE permissions removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit File removed. - Permission change because of changes to roles is not possible to show as the data would be huge.
- Let’s take an example: