[jira] [Updated] (IMPALA-8716) Log a a group of privileges into a single audit event

[Fredy Wijaya (JIRA)]

     [ 
https://issues.apache.org/jira/browse/IMPALA-8716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Fredy Wijaya updated IMPALA-8716:
---------------------------------
    Description: 
Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, 
SELECT, REFRESH). For example if we run "show partitions foo.barfoo.bar" and we 
have SELECT privilege on table "foo.bar", we will be creating 2 audit logs:
- Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, 
INSERT, foo.bar
- Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, 
SELECT, foo.bar

This can be confusing. A better solution is to log this as a single audit log, 
e.g.
- allowed, VIEW_METADATA, foo.bar

  was:
Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, 
SELECT, REFRESH). For example if we have run "show partitions foo.barfoo.bar" 
and we have SELECT privilege on table "foo.bar", we will be creating 2 audit 
logs:
- Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, 
INSERT, foo.bar
- Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, 
SELECT, foo.bar

This can be confusing. A better solution is to log this as a single audit log, 
e.g.
- allowed, VIEW_METADATA, foo.bar


> Log a a group of privileges into a single audit event
> -----------------------------------------------------
>
>                 Key: IMPALA-8716
>                 URL: https://issues.apache.org/jira/browse/IMPALA-8716
>             Project: IMPALA
>          Issue Type: Sub-task
>          Components: Frontend
>            Reporter: Fredy Wijaya
>            Assignee: Fredy Wijaya
>            Priority: Major
>
> Some privileges, such as VIEW_METADATA consists of multiple privileges 
> (INSERT, SELECT, REFRESH). For example if we run "show partitions 
> foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be 
> creating 2 audit logs:
> - Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, 
> INSERT, foo.bar
> - Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, 
> SELECT, foo.bar
> This can be confusing. A better solution is to log this as a single audit 
> log, e.g.
> - allowed, VIEW_METADATA, foo.bar



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org