> On Aug. 8, 2018, 7:25 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > > Line 1396 (original), 1336 (patched) > > <https://reviews.apache.org/r/68268/diff/1/?file=2070542#file2070542line1399> > > > > do we generate audit message when owner privilege is removed in > > notification processor?
There is not audit process in the NotificationProcessor. That would require different parameters in the Audit loger and how the JSON are generated as well. Currently all privileges are cleaned-up when a DROP command is found and are not audited. We should consider investigat that issue in another patch as cleaning an unexistent object of privileges is different from revoking privileges. > On Aug. 8, 2018, 7:25 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > > Lines 1577 (patched) > > <https://reviews.apache.org/r/68268/diff/1/?file=2070542#file2070542line1641> > > > > should this be audit.onUpdateOwnerPrivilege()? Update implies a grant, so I'd rather use grant to avoid having two methods that do the same. > On Aug. 8, 2018, 7:25 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > > Lines 1582 (patched) > > <https://reviews.apache.org/r/68268/diff/1/?file=2070542#file2070542line1646> > > > > should this be audit.onUpdateOwnerPrivilege()? Update implies a grant, so I'd rather use grant to avoid having two methods that do the same. - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68268/#review206991 ----------------------------------------------------------- On Aug. 8, 2018, 2:29 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68268/ > ----------------------------------------------------------- > > (Updated Aug. 8, 2018, 2:29 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li. > > > Bugs: sentry-2157 > https://issues.apache.org/jira/browse/sentry-2157 > > > Repository: sentry > > > Description > ------- > > This patch logs owner privileges grants and revokes. > > > Diffs > ----- > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > 61f9168b1970144dbf0b7a7378f2d25e70f1761d > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/audit/SentryAuditLogger.java > PRE-CREATION > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java > 61becceac881443b02182e6ab1012add4c046499 > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java > 6479a6055e8c7087f0e484080ec9d46a9c146212 > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java > 307f38eadb65bf12dc6225cfe43a5d590657d055 > > > Diff: https://reviews.apache.org/r/68268/diff/1/ > > > Testing > ------- > > I run the patch in a cluster and the audit logs is displaying the correct > messages. > > {"serviceName":"Sentry-Service","userName":"ubuntu","impersonator":"","ipAddress":"/127.0.0.1","operation":"GRANT_PRIVILEGE","eventTime":"1533738512795","operationText":"OWNER > privilege granted to USER: > sergio","allowed":"true","databaseName":"default","tableName":"t2","column":null,"resourcePath":null,"objectType":"PRINCIPAL"} > > > Thanks, > > Sergio Pena > >
