hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12831) Changing the set of vis labels a user has access to doesn't generate an audit log event
Date Mon, 12 Jan 2015 19:31:37 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12831?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14274020#comment-14274020
] 

Andrew Purtell commented on HBASE-12831:
----------------------------------------

Can we make this more like the AccessController's audit logging, f.e.:
{code}
      AUDITLOG.trace("Access " + (result.isAllowed() ? "allowed" : "denied") +
          " for user " + (result.getUser() != null ? result.getUser().getShortName() : "UNKNOWN")
+
          "; reason: " + result.getReason() +
          "; remote address: " + (remoteAddr != null ? remoteAddr : "") +
          "; request: " + result.getRequest() +
          "; context: " + result.toContextString());
{code}
Then the same regex or parser can be used for both, and both the AC and VC will emit the same
information on client and context.

> Changing the set of vis labels a user has access to doesn't generate an audit log event
> ---------------------------------------------------------------------------------------
>
>                 Key: HBASE-12831
>                 URL: https://issues.apache.org/jira/browse/HBASE-12831
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 1.0.0, 2.0.0, 0.98.6
>            Reporter: Sean Busbey
>            Assignee: Ashish Singhi
>              Labels: audit
>             Fix For: 1.0.1, 0.98.11
>
>         Attachments: HBASE-12831.patch
>
>
> Right now, the AccessController makes sure that (when users care about audit events)
we generate an audit log event for any access change, like granting or removing a permission
from a user.
> When the set of labels a user has access to is altered, it gets handled by the VisibilityLabelService
and we don't log anything to the audit log.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message