hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13235) Revisit the security auditing semantics.
Date Thu, 19 Mar 2015 08:58:38 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13235?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14368715#comment-14368715

Hudson commented on HBASE-13235:

FAILURE: Integrated in HBase-1.1 #302 (See [https://builds.apache.org/job/HBase-1.1/302/])
HBASE-13235 Revisit the security auditing semantics (Srikanth Srungarapu) (matteo.bertozzi:
rev 6b411b5d00e114946aeee1c6fa6f0d60fe04087a)
* hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
* hbase-common/src/main/java/org/apache/hadoop/hbase/TableName.java
* hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AuthResult.java

> Revisit the security auditing semantics.
> ----------------------------------------
>                 Key: HBASE-13235
>                 URL: https://issues.apache.org/jira/browse/HBASE-13235
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Srikanth Srungarapu
>            Assignee: Srikanth Srungarapu
>             Fix For: 2.0.0, 1.1.0
>         Attachments: HBASE-13235.patch, HBASE-13235_v2.patch, HBASE-13235_v2.patch, HBASE-13235_v3.patch,
> More specifically, the following things need a closer look. (Will include more based
on feedback and/or suggestions)
> * Table name (say test) instead of fully qualified table name(default:test) being used.
> * Right now, we're using the scope to be similar to arguments for operation. Would be
better to decouple the arguments for operation and scope involved in checking. For e.g. say
for createTable, we have the following audit log
> {code}
> Access denied for user esteban; reason: Insufficient permissions; remote address: /;
request: createTable; context: (user=srikanth@XXX, scope=default, action=CREATE)
> {code}
> The scope was rightly being used as default namespace, but we're missing out the information
like operation params for CREATE which we used to log prior to HBASE-12511.
> Would love to hear inputs on this!

This message was sent by Atlassian JIRA

View raw message