Xuze Yang created RANGER-3685:
---------------------------------
Summary: hive 'show' sql produces excessive audit log
Key: RANGER-3685
URL: https://issues.apache.org/jira/browse/RANGER-3685
Project: Ranger
Issue Type: Improvement
Components: audit
Affects Versions: 2.1.0
Reporter: Xuze Yang
Since ranger2.1.0. For "show databases", user needs any permission on Database
to get authorized. RangerHiveAuthorizer.filterListCmdObjects() is implemented
to filter out the database which user don't have access to.
This is a good implementation, but a problem comes with it:the method will
record an audit log for each database(each table for "show tables"). In our
production environment, There are 80,000 tables under a database of hive. A
show tables operation will generate 80001(The extra one is the verification of
USE permissions) audit logs. Unfortunately, our customers will frequently call
the show tables operation.
This brings up two problems:
# Valuable audit logs are flooded
# Take up a lot of storage resources
For problem.2, such a scenario has occurred in our environment: our audit log
destination is down. All audit logs are spooled in disk files, several days
later, the size of the disk file exceeded 800G, causing other components to
fail to provide services normally.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
