hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Shelukhin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-13113) add audit log to HS2, especially for SQL auth
Date Mon, 22 Feb 2016 19:39:18 GMT

     [ https://issues.apache.org/jira/browse/HIVE-13113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergey Shelukhin updated HIVE-13113:
------------------------------------
    Description: 
We need a separate audit log similar to HDFS audit log, where table/etc. accesses can be logged
(on, and separate, by default). It is especially important with SQL standard auth, since the
default model for that is doAs=false, and the lack of impersonation makes HDFS audit logs
relatively useless. There's some audit logging in metastore, but it goes into the main log
and I don't think anyone ensured it is sufficient and consistently applied even within the
scope of metastore itself; there's also a question of whether accesses at the task level should
be audited, and how (should HS2 audit-log each task x input combo, since tasks cannot log
to a permanent location?).


  was:
We need a separate audit log similar to HDFS audit log, where table/etc. accesses can be logged
(on, and separate, by default). It is especially important with SQL standard auth, since the
default model for that is doAs=false, and the lack of impersonation makes HDFS audit logs
relatively useless. There's some audit logging in metastore, but it goes into the main log
and I don't think anyone ensured it is sufficient and consistently applied even within the
scope of metastore itself; there's also a question of whether accesses at the task level can
be audited, and how (should HS2 audit-log each task x input combo, since tasks cannot log
to a permanent location?).



> add audit log to HS2, especially for SQL auth
> ---------------------------------------------
>
>                 Key: HIVE-13113
>                 URL: https://issues.apache.org/jira/browse/HIVE-13113
>             Project: Hive
>          Issue Type: New Feature
>            Reporter: Sergey Shelukhin
>
> We need a separate audit log similar to HDFS audit log, where table/etc. accesses can
be logged (on, and separate, by default). It is especially important with SQL standard auth,
since the default model for that is doAs=false, and the lack of impersonation makes HDFS audit
logs relatively useless. There's some audit logging in metastore, but it goes into the main
log and I don't think anyone ensured it is sufficient and consistently applied even within
the scope of metastore itself; there's also a question of whether accesses at the task level
should be audited, and how (should HS2 audit-log each task x input combo, since tasks cannot
log to a permanent location?).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message