ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject Re: Review Request 66251: Avoid creation of spurious audit record in HDFS 2.8.0 and later versions
Date Fri, 23 Mar 2018 18:09:16 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66251/
-----------------------------------------------------------

(Updated March 23, 2018, 6:09 p.m.)


Review request for ranger and Madhan Neethiraj.


Summary (updated)
-----------------

Avoid creation of spurious audit record in HDFS 2.8.0 and later versions


Bugs: RANGER-2037
    https://issues.apache.org/jira/browse/RANGER-2037


Repository: ranger


Description
-------

HDFS 2.8.0 calls authorizer twice for each access request; first for traverse-only check and
second for specific access permission check. Currently, first check produces an audit record
which is unnecessary and confusing as it seems to suggest that Ranger authorizer denied the
request.


Diffs (updated)
-----

  hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
59cf6b12f 


Diff: https://reviews.apache.org/r/66251/diff/2/

Changes: https://reviews.apache.org/r/66251/diff/1-2/


Testing (updated)
-------

Tested in a local VM.


Thanks,

Abhay Kulkarni


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message