[RANGER-3685] hive 'show' sql produces excessive audit log - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Implemented
Affects Version/s: 2.1.0
Fix Version/s: None
Component/s: audit
Labels:
None

Description

Since ranger2.1.0. For "show databases", user needs any permission on Database to get authorized. RangerHiveAuthorizer.filterListCmdObjects() is implemented to filter out the database which user don't have access to.

This is a good implementation, but a problem comes with it：the method will record an audit log for each database(each table for "show tables"). In our production environment, There are 80,000 tables under a database of hive. A show tables operation will generate 80001(The extra one is the verification of USE permissions) audit logs. Unfortunately, our customers will frequently call the show tables operation.

This brings up two problems:

Valuable audit logs are flooded
Take up a lot of storage resources

For problem.2, such a scenario has occurred in our environment: our audit log destination is down. All audit logs are spooled in disk files, several days later, the size of the disk file exceeded 800G, causing other components to fail to provide services normally.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

RANGER-3685-hive-show-sql-produces-excessive-audit-l.patch
24/Sep/22 14:48
5 kB
Xuze Yang

Issue Links

is fixed by

RANGER-3214 Configure default audit filters when ranger repo is created

Resolved

Activity

People

Assignee:: Xuze Yang

Reporter:: Xuze Yang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 26/Mar/22 08:44

Updated:: 11/Oct/22 07:36

Resolved:: 11/Oct/22 07:36