Subhrat Chaudhary created RANGER-4826:
-----------------------------------------
Summary: Add group or role information in the access audits
Key: RANGER-4826
URL: https://issues.apache.org/jira/browse/RANGER-4826
Project: Ranger
Issue Type: Improvement
Components: audit, plugins
Reporter: Subhrat Chaudhary
Assignee: Subhrat Chaudhary
Currently when access audits are generated for any operation, only the user
name is added in the AuthzAuditEvent object, for the user who requested access.
But in many cases, the user gets access though some group or role, of which the
user is a member. In these cases, the group or role details is not added to the
audit event.
It could be useful for the system administrator or end user, to get the details
of group or role through which the user got access.
Please find the details of the approach:
* We can update the principal with which user got access in {{finally}} block
of {{RangerPolicyEngineImpl.evaluateAuditPolicies}}
* We will need to add fields group and role to {{AuthzAuditEvent}}
* The audit principal can be updated to audit event in
{{RangerDefaultAuditHandler.getAuthzEvents}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
