Xuze Yang created RANGER-3685: --------------------------------- Summary: hive 'show' sql produces excessive audit log Key: RANGER-3685 URL: https://issues.apache.org/jira/browse/RANGER-3685 Project: Ranger Issue Type: Improvement Components: audit Affects Versions: 2.1.0 Reporter: Xuze Yang
Since ranger2.1.0. For "show databases", user needs any permission on Database to get authorized. RangerHiveAuthorizer.filterListCmdObjects() is implemented to filter out the database which user don't have access to. This is a good implementation, but a problem comes with it:the method will record an audit log for each database(each table for "show tables"). In our production environment, There are 80,000 tables under a database of hive. A show tables operation will generate 80001(The extra one is the verification of USE permissions) audit logs. Unfortunately, our customers will frequently call the show tables operation. This brings up two problems: # Valuable audit logs are flooded # Take up a lot of storage resources For problem.2, such a scenario has occurred in our environment: our audit log destination is down. All audit logs are spooled in disk files, several days later, the size of the disk file exceeded 800G, causing other components to fail to provide services normally. -- This message was sent by Atlassian Jira (v8.20.1#820001)