Bryan Beaudreault created HBASE-26160: -----------------------------------------
Summary: Configurable disallowlist for live editing of loglevels Key: HBASE-26160 URL: https://issues.apache.org/jira/browse/HBASE-26160 Project: HBase Issue Type: Improvement Reporter: Bryan Beaudreault Assignee: Bryan Beaudreault We currently use log4j/slf4j for audit logging in AccessController. This is convenient but presents a security/compliance risk because we allow live-editing of logLevels via the UI. One can simply set the logger to OFF and then perform actions un-audited. We should add a configuration for setting certain log levels to read-only -- This message was sent by Atlassian Jira (v8.3.4#803005)