Srikanth Srungarapu created HBASE-13235:
-------------------------------------------
Summary: Revisit the security auditing semantics.
Key: HBASE-13235
URL: https://issues.apache.org/jira/browse/HBASE-13235
Project: HBase
Issue Type: Improvement
Reporter: Srikanth Srungarapu
Assignee: Srikanth Srungarapu
More specifically, the following things need a closer look. (Will include more
based on feedback and/or suggestions)
* Table name (say test) instead of fully qualified table name(default:test)
being used.
* Right now, we're using the scope to be similar to arguments for operation.
Would be better to decouple the arguments for operation and scope involved in
checking. For e.g. say for createTable, we have the following audit log
{code}
Access denied for user esteban; reason: Insufficient permissions; remote
address: /10.20.30.1; request: createTable; context: (user=srikanth@XXX,
scope=default, action=CREATE)
{code}
The scope was rightly being used as default namespace, but we're missing out
the information like operation params for CREATE which we used to log prior to
HBASE-12511.
Would love to hear inputs on this!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
