Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-2279 Make debugging easy for HDFS-sync.
  3. SENTRY-2323

Audit log to understand the changes to path and permission information in Sentry namenode-plugin

Add voteWatch issue
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.1.0
    • None
    • Sentry
    • None

    Description

      Currently we do not have any clue on what’s going on with the ACL information in Sentry namenode plug-in.
      Solution: To understand the changes happening to HDFS ACL’s, sentry could use the current HDFS audit logging to log the ACL changes and event that triggered the change.

      1. Permission grants and event that caused it.
        • Let’s take an example: READ permission granted on /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Grant
      2. Permission revoke and the event that caused it.
        • Let’s take an example:
          READ permission removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit Revoke.
          READ/WRITE permissions removed from /user/hive/warehouse/x/y/z to groups group1, group2.. etc Event: Explicit File removed.
        • Permission change because of changes to roles is not possible to show as the data would be huge.

      Attachments

        Activity

          People

            arjunmishra13 Arjun Mishra
            kkalyan Krishna Kalyan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment