hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Srikanth Srungarapu (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-13235) Revisit the security auditing semantics.
Date Fri, 13 Mar 2015 19:20:38 GMT
Srikanth Srungarapu created HBASE-13235:
-------------------------------------------

             Summary: Revisit the security auditing semantics.
                 Key: HBASE-13235
                 URL: https://issues.apache.org/jira/browse/HBASE-13235
             Project: HBase
          Issue Type: Improvement
            Reporter: Srikanth Srungarapu
            Assignee: Srikanth Srungarapu


More specifically, the following things need a closer look. (Will include more based on feedback
and/or suggestions)
* Table name (say test) instead of fully qualified table name(default:test) being used.
* Right now, we're using the scope to be similar to arguments for operation. Would be better
to decouple the arguments for operation and scope involved in checking. For e.g. say for createTable,
we have the following audit log
{code}
Access denied for user esteban; reason: Insufficient permissions; remote address: /10.20.30.1;
request: createTable; context: (user=srikanth@XXX, scope=default, action=CREATE)
{code}
The scope was rightly being used as default namespace, but we're missing out the information
like operation params for CREATE which we used to log prior to HBASE-12511.

Would love to hear inputs on this!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message