> On Aug. 8, 2018, 7:25 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > > Lines 1577 (patched) > > <https://reviews.apache.org/r/68268/diff/1/?file=2070542#file2070542line1641> > > > > should this be audit.onUpdateOwnerPrivilege()? > > Sergio Pena wrote: > Update implies a grant, so I'd rather use grant to avoid having two > methods that do the same. > > Na Li wrote: > update implies a grant and also removing. It is alter, not just grant. It > is better to be accurate, so we can differentiate different scenarios. In > this way, it is easier to debug when something goes wrong. To do this, you > need to add more functions for update message such as "OWNER privilege is > transferred to USER" OR "OWNER privilege is transferred to ROLE" base on the > new owner type, not "OWNER privilege granted to USER"
Aaa true. I changed it to audit.onTransferOwnerPrivilege() - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68268/#review206991 ----------------------------------------------------------- On Aug. 8, 2018, 2:29 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68268/ > ----------------------------------------------------------- > > (Updated Aug. 8, 2018, 2:29 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li. > > > Bugs: sentry-2157 > https://issues.apache.org/jira/browse/sentry-2157 > > > Repository: sentry > > > Description > ------- > > This patch logs owner privileges grants and revokes. > > > Diffs > ----- > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > 61f9168b1970144dbf0b7a7378f2d25e70f1761d > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/audit/SentryAuditLogger.java > PRE-CREATION > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/log/entity/JsonLogEntityFactory.java > 61becceac881443b02182e6ab1012add4c046499 > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/log/util/CommandUtil.java > 6479a6055e8c7087f0e484080ec9d46a9c146212 > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/log/entity/TestJsonLogEntityFactory.java > 307f38eadb65bf12dc6225cfe43a5d590657d055 > > > Diff: https://reviews.apache.org/r/68268/diff/1/ > > > Testing > ------- > > I run the patch in a cluster and the audit logs is displaying the correct > messages. > > {"serviceName":"Sentry-Service","userName":"ubuntu","impersonator":"","ipAddress":"/127.0.0.1","operation":"GRANT_PRIVILEGE","eventTime":"1533738512795","operationText":"OWNER > privilege granted to USER: > sergio","allowed":"true","databaseName":"default","tableName":"t2","column":null,"resourcePath":null,"objectType":"PRINCIPAL"} > > > Thanks, > > Sergio Pena > >
