hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-6386) Audit log messages do not include column family / qualifier information consistently
Date Thu, 02 Aug 2012 20:47:05 GMT

    [ https://issues.apache.org/jira/browse/HBASE-6386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427597#comment-13427597
] 

Andrew Purtell edited comment on HBASE-6386 at 8/2/12 8:46 PM:
---------------------------------------------------------------

@Marcelo, thanks for digging in, sounds good to me.

Edit: Fix typo.
                
      was (Author: apurtell):
    @Marcelo, thanks for digging it, sounds good to me.
                  
> Audit log messages do not include column family / qualifier information consistently
> ------------------------------------------------------------------------------------
>
>                 Key: HBASE-6386
>                 URL: https://issues.apache.org/jira/browse/HBASE-6386
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 0.96.0
>            Reporter: Marcelo Vanzin
>         Attachments: hbase-6386-v1.patch
>
>
> The code related to this issue is in AccessController.java:permissionGranted().
> When creating audit logs, that method will do one of the following:
> * grant access, create audit log with table name only
> * deny access because of table permission, create audit log with table name only
> * deny access because of column family / qualifier permission, create audit log with
specific family / qualifier
> So, in the case where more than one column family and/or qualifier are in the same request,
there will be a loss of information. Even in the case where only one column family and/or
qualifier is involved, information may be lost.
> It would be better if this behavior consistently included all the information in the
request; regardless of access being granted or denied, and regardless which permission caused
the denial, the column family and qualifier info should be part of the audit log message.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message