Return-Path: 
 <issues-return-57849-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 94EC2D493
	for <apmail-hbase-issues-archive@www.apache.org>;
 Wed, 15 Aug 2012 02:27:39 +0000 (UTC)
Received: (qmail 31288 invoked by uid 500); 15 Aug 2012 02:27:39 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 31184 invoked by uid 500); 15 Aug 2012 02:27:39 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 30961 invoked by uid 99); 15 Aug 2012 02:27:39 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Aug 2012 02:27:38 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 9748C2C5BE5
	for <issues@hbase.apache.org>; Wed, 15 Aug 2012 02:27:38 +0000 (UTC)
Date: Wed, 15 Aug 2012 13:27:38 +1100 (NCT)
From: "Marcelo Vanzin (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <1071349438.11353.1344997658620.JavaMail.jiratomcat@arcas>
In-Reply-To: <1515575935.9974.1344980678128.JavaMail.jiratomcat@arcas>
Subject: [jira] [Commented] (HBASE-6585) Audit log messages should contain
 info about the higher level operation being executed
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-6585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13434762#comment-13434762 ] 

Marcelo Vanzin commented on HBASE-6585:
---------------------------------------

The "delete" case was just one example. If you need others:
. I can't differentiate add / modify / delete column, since all are "CREATE | ADMIN"
. I can't differentiate create / enable / disable / delete table, since all are "CREATE | ADMIN"
. Similar conflicts for move / assign / unassign.
. Maybe others I missed.

I understand that the issue you mention (whether "delete" should be its own action) might be something that makes sense in HBase, but there's more here than just delete.

                
> Audit log messages should contain info about the higher level operation being executed
> --------------------------------------------------------------------------------------
>
>                 Key: HBASE-6585
>                 URL: https://issues.apache.org/jira/browse/HBASE-6585
>             Project: HBase
>          Issue Type: Improvement
>    Affects Versions: 0.96.0
>            Reporter: Marcelo Vanzin
>            Priority: Minor
>
> Currently, audit log messages contains the "action" for which access was checked; this is one of READ, WRITE, CREATE or ADMIN.
> These give very little information to the person digging into the logs about what was done, though. You can't ask "who deleted rows from table x?", because "delete" is translated to a "WRITE" action.
> It would be nice if the audit logs contained the higher-level operation, either replacing or in addition to the RWCA information.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira