Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-7916 Support for Apache Ranger authorization provider
  3. IMPALA-8716

Log a a group of privileges into a single audit event

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • Impala 3.3.0
    • Frontend
    • None
    • ghx-label-7

    Description

      Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, SELECT, REFRESH). For example if we run "show partitions foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be creating 2 audit logs:

      • Attempt to check if there's INSERT privilege on table "foo.bar" – denied, INSERT, foo.bar
      • Attempt to check if there's SELECT privilege on table "foo.bar" – allowed, SELECT, foo.bar

      This can be confusing. A better solution is to log this as a single audit log, e.g.

      • allowed, VIEW_METADATA, foo.bar

      Attachments

        Activity

          People

            fredyw Fredy Wijaya
            fredyw Fredy Wijaya
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: