[
https://issues.apache.org/jira/browse/SENTRY-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14069694#comment-14069694
]
Prasad Mujumdar commented on SENTRY-347:
----------------------------------------
bq. 1. impersonator: I'm wondering how to get this field, do you have any idea?
This would be the user connecting at thirft level
bq. 2. ipAddress: From the thrift server, I can get the client IP if I extends
SentryPolicyService.Processor, but I didn’t find a way to pass the IP to the
method. Does this field must be included in the audit log?
yes, the thrift server can extract the IP address and connecting user by
extending the processor and storing the information in thread local variables.
For example,
https://github.com/apache/hive/blob/trunk/service/src/java/org/apache/hive/service/auth/TSetIpAddressProcessor.java
bq. 3. objectType: For this field, currently, I set the value as “PRINCIPAL”
for every command(eg, "create role....", "grant role....." etc). Is it ok for
this field or there is a map between command and this field.
hmm I think it should be ROLE
bq. 1. The audit log is in json format, because the audit server can parse the
log in json only, right?
that is correct.
bq. 2. If the operation is failed, there is no message in the audit log except
"allowed": "false". Do I need to add another field like "failedMessage" to the
audit log?
no, I don't think so. just "allowed": "false" should be sufficient.
> Generate the audit log in Json format
> --------------------------------------
>
> Key: SENTRY-347
> URL: https://issues.apache.org/jira/browse/SENTRY-347
> Project: Sentry
> Issue Type: Sub-task
> Affects Versions: 1.4.0
> Reporter: Colin Ma
> Assignee: Colin Ma
> Attachments: sentry-347.v1.patch
>
>
> The audit log should be in json format for other component to read.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
