ranger git commit: RANGER-1841: Audit log record for 'use dbName' hive command contains large number of tags

Mon, 16 Oct 2017 16:34:14 -0700 

Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 eb8129534 -> 616a646d1


RANGER-1841: Audit log record for 'use dbName' hive command contains large 
number of tags


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/616a646d
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/616a646d
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/616a646d

Branch: refs/heads/ranger-0.7
Commit: 616a646d1f8275a1c61c7b0ff4e1135dbcbcb0b7
Parents: eb81295
Author: Abhay Kulkarni <akulka...@hortonworks.com>
Authored: Mon Oct 16 16:33:52 2017 -0700
Committer: Abhay Kulkarni <akulka...@hortonworks.com>
Committed: Mon Oct 16 16:33:52 2017 -0700

----------------------------------------------------------------------
 .../hive/authorizer/RangerHiveAuditHandler.java           | 10 ++++++++++
 1 file changed, 10 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/616a646d/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
----------------------------------------------------------------------
diff --git 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index 9dea37a..89bc0d8 100644
--- 
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ 
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -54,6 +54,16 @@ public class RangerHiveAuditHandler extends 
RangerDefaultAuditHandler {
                auditEvent.setResourcePath(resourcePath);
                auditEvent.setResourceType("@" + resourceType); // to be 
consistent with earlier release
 
+               if (request instanceof RangerHiveAccessRequest && resource 
instanceof RangerHiveResource) {
+                       RangerHiveAccessRequest hiveAccessRequest = 
(RangerHiveAccessRequest) request;
+                       RangerHiveResource hiveResource = (RangerHiveResource) 
resource;
+
+                       if (hiveAccessRequest.getHiveAccessType() == 
HiveAccessType.USE && hiveResource.getObjectType() == HiveObjectType.DATABASE) {
+                               // this should happen only for SHOWDATABASES 
and USE <db-name> commands
+                               auditEvent.setTags(null);
+                       }
+               }
+
                return auditEvent;
        }

Reply via email to