Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-3293

Confusing Ranger audit logs

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • authz, ranger
    • None

    Description

      When a client opens a table, the master authorizes DML actions on it and returns a list of allowed actions to the client which is then forwarded to the tablet servers so that it doesn't have to talk to Ranger. This significantly reduces the number of requests to Ranger, but it messes with the audit logs, as it will show ALL, and if it's denied, then also SELECT, UPDATE, INSERT and DELETE for each open table request, even if the client is only doing one of these things. which can be confusing.

      Attachments

        Activity

          People

            Unassigned Unassigned
            abukor Attila Bukor
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: