[Impala-ASF-CR] IMPALA-8716: Log a group of privileges into a single audit event.

Mon, 01 Jul 2019 12:23:45 -0700 

Fredy Wijaya has uploaded a new patch set (#3). ( 
http://gerrit.cloudera.org:8080/13744 )

Change subject: IMPALA-8716: Log a group of privileges into a single audit 
event.
......................................................................

IMPALA-8716: Log a group of privileges into a single audit event.

This patch updates the audit log handler to group a privilege that
consists of multiple privileges into a single audit event.

For example if we run "show partitions foo.bar" and we have
SELECT privilege on table "foo.bar", before this patch, we would be
creating 2 audit events:
- Attempt to check if there's INSERT privilege on table "foo.bar"
  Result: denied, access type: insert, resource: foo.bar
- Attempt to check if there's SELECT privilege on table "foo.bar"
  Result: allowed, access type: select, resource: foo.bar

After this patch, we will only create a single audit event, e.g.
Result: allowed, access type: view_metadata, resource: foo.bar

Testing:
- Updated tests in RangerAuditLogTest
- Ran FE tests

Change-Id: Ib53102bc1ceaf9d62544090dc00f3231fae0efca
---
M 
fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java
M 
fe/src/main/java/org/apache/impala/authorization/ranger/RangerBufferAuditHandler.java
M 
fe/src/test/java/org/apache/impala/authorization/ranger/RangerAuditLogTest.java
3 files changed, 95 insertions(+), 24 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/44/13744/3
--
To view, visit http://gerrit.cloudera.org:8080/13744
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ib53102bc1ceaf9d62544090dc00f3231fae0efca
Gerrit-Change-Number: 13744
Gerrit-PatchSet: 3
Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Bharath Vissapragada <bhara...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>

Reply via email to