-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63055/
-----------------------------------------------------------
Review request for ranger, Madhan Neethiraj and Ramesh Mani.
Bugs: RANGER-1841
https://issues.apache.org/jira/browse/RANGER-1841
Repository: ranger
Description
-------
When a Hive service is configured for tag-based authorization, the audit log
generated for ‘use dbName’ or 'show databases' command would contain all the
tags associated with: the database, all tables in the database, all the columns
in the database. The number of tags in this audit log could be too many; and
having such large number of tags in audit logs of 'use <dbName>' command may
not be useful. It will be better not to log tags in audit logs for 'use
<dbName>' commands. Policy-id recorded in the audit log can be used to identity
the tag, if a tag-based policy authorized the command.
Diffs
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
9dea37a
Diff: https://reviews.apache.org/r/63055/diff/1/
Testing
-------
Tested with local VM
Thanks,
Abhay Kulkarni
