Csaba Ringhofer has posted comments on this change. ( http://gerrit.cloudera.org:8080/18850 )
Change subject: IMPALA-11494: Don't always produce Ranger audit log for authorized query ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/18850/1/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java File fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java: http://gerrit.cloudera.org:8080/#/c/18850/1/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@198 PS1, Line 198: // When the query was authorized, we do not send any audit log entry to the Ranger : // server when there was an AnalysisException during query analysis. I am a bit unsure about this case - when should we produce audit logs, when a the user actually uses a resource (e.g. table), or when he/she tries to access them? For example what will happen in case of an explain statement? I don't necessarily see that as different than a failed analyses. Do you know how Hive works in this case? -- To view, visit http://gerrit.cloudera.org:8080/18850 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I701652e457d3118f43249e83be933713b17ce48f Gerrit-Change-Number: 18850 Gerrit-PatchSet: 1 Gerrit-Owner: Fang-Yu Rao <fangyu....@cloudera.com> Gerrit-Reviewer: Aman Sinha <amsi...@cloudera.com> Gerrit-Reviewer: Csaba Ringhofer <csringho...@cloudera.com> Gerrit-Reviewer: Fang-Yu Rao <fangyu....@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Quanlong Huang <huangquanl...@gmail.com> Gerrit-Comment-Date: Tue, 16 Aug 2022 05:51:56 +0000 Gerrit-HasComments: Yes