kalyan kumar kalvagadda created SENTRY-2323:
-----------------------------------------------
Summary: Audit log to understand the changes to path and
permission information in Sentry namenode-plugin
Key: SENTRY-2323
URL: https://issues.apache.org/jira/browse/SENTRY-2323
Project: Sentry
Issue Type: Sub-task
Components: Sentry
Affects Versions: 2.1.0
Reporter: kalyan kumar kalvagadda
Currently we do not have any clue on what’s going on with the ACL information
in Sentry namenode plug-in.
*Solution: *To understand the changes happening to HDFS ACL’s, sentry could use
the current HDFS audit logging to log the ACL changes and event that triggered
the change.
# Permission grants and event that caused it.
** Let’s take an example: READ permission granted on /user/hive/warehouse/x/y/z
to groups group1, group2.. etc Event: Explicit Grant
# Permission revoke and the event that caused it.
** Let’s take an example:
READ permission removed from /user/hive/warehouse/x/y/z to groups group1,
group2.. etc Event: Explicit Revoke.
READ/WRITE permissions removed from /user/hive/warehouse/x/y/z to groups
group1, group2.. etc Event: Explicit File removed.
** Permission change because of changes to roles is not possible to show as the
data would be huge.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
