[ https://issues.apache.org/jira/browse/IMPALA-8716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Fredy Wijaya updated IMPALA-8716: --------------------------------- Description: Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, SELECT, REFRESH). For example if we run "show partitions foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be creating 2 audit logs: - Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, INSERT, foo.bar - Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, SELECT, foo.bar This can be confusing. A better solution is to log this as a single audit log, e.g. - allowed, VIEW_METADATA, foo.bar was: Some privileges, such as VIEW_METADATA consists of multiple privileges (INSERT, SELECT, REFRESH). For example if we have run "show partitions foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be creating 2 audit logs: - Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, INSERT, foo.bar - Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, SELECT, foo.bar This can be confusing. A better solution is to log this as a single audit log, e.g. - allowed, VIEW_METADATA, foo.bar > Log a a group of privileges into a single audit event > ----------------------------------------------------- > > Key: IMPALA-8716 > URL: https://issues.apache.org/jira/browse/IMPALA-8716 > Project: IMPALA > Issue Type: Sub-task > Components: Frontend > Reporter: Fredy Wijaya > Assignee: Fredy Wijaya > Priority: Major > > Some privileges, such as VIEW_METADATA consists of multiple privileges > (INSERT, SELECT, REFRESH). For example if we run "show partitions > foo.barfoo.bar" and we have SELECT privilege on table "foo.bar", we will be > creating 2 audit logs: > - Attempt to check if there's INSERT privilege on table "foo.bar" -- denied, > INSERT, foo.bar > - Attempt to check if there's SELECT privilege on table "foo.bar" -- allowed, > SELECT, foo.bar > This can be confusing. A better solution is to log this as a single audit > log, e.g. > - allowed, VIEW_METADATA, foo.bar -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org