Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-13235

Revisit the security auditing semantics.

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.1.0, 2.0.0
    • Component/s: None
    • Labels:
      None

      Description

      More specifically, the following things need a closer look. (Will include more based on feedback and/or suggestions)

      • Table name (say test) instead of fully qualified table name(default:test) being used.
      • Right now, we're using the scope to be similar to arguments for operation. Would be better to decouple the arguments for operation and scope involved in checking. For e.g. say for createTable, we have the following audit log
        Access denied for user esteban; reason: Insufficient permissions; remote address: /10.20.30.1; request: createTable; context: (user=srikanth@XXX, scope=default, action=CREATE)
        

        The scope was rightly being used as default namespace, but we're missing out the information like operation params for CREATE which we used to log prior to HBASE-12511.

      Would love to hear inputs on this!

        Attachments

        1. HBASE-13235_v2.patch
          13 kB
          Srikanth Srungarapu
        2. HBASE-13235_v2.patch
          13 kB
          Srikanth Srungarapu
        3. HBASE-13235_v3.patch
          13 kB
          Srikanth Srungarapu
        4. HBASE-13235_v4.patch
          13 kB
          Srikanth Srungarapu
        5. HBASE-13235.patch
          13 kB
          Srikanth Srungarapu

          Issue Links

            Activity

              People

              • Assignee:
                srikanth235 Srikanth Srungarapu
                Reporter:
                srikanth235 Srikanth Srungarapu
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: