Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
-
ghx-label-13
Description
After IMPALA-9350, Impala is able to produce the corresponding Ranger audits when a query involves policies of column masking. However, redundant audit events could be produced in some cases.
For example, currently Impala will always generate audit events for column masking even though the requesting user is not granted the necessary privilege on the specified resource because AuthorizationChecker#postAuthorize() is always called whether there is an AuthorizationException or not.
Another example is that if a table occurs several times in a query, we would have duplicate audits for the same column involved in a column masking policy. Take the following query for example, since the query would result in 2 calls to SelectStmt#analyze() on the same table, given that there is a column masking policy for the column of string_col, we will see 2 duplicate audit events for this column.
with iv as (select id, bool_col, string_col from functional.alltypestiny) select * from iv;
We should thus eliminate the redundant audits in the cases described above.
Attachments
Issue Links
- causes
-
IMPALA-10192 IllegalStateException in processing column masking audit events
-
- Resolved
-