----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/63055/#review188238 -----------------------------------------------------------
Ship it! Ship It! - Ramesh Mani On Oct. 16, 2017, 11:20 p.m., Abhay Kulkarni wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/63055/ > ----------------------------------------------------------- > > (Updated Oct. 16, 2017, 11:20 p.m.) > > > Review request for ranger, Madhan Neethiraj and Ramesh Mani. > > > Bugs: RANGER-1841 > https://issues.apache.org/jira/browse/RANGER-1841 > > > Repository: ranger > > > Description > ------- > > When a Hive service is configured for tag-based authorization, the audit log > generated for ‘use dbName’ or 'show databases' command would contain all the > tags associated with: the database, all tables in the database, all the > columns in the database. The number of tags in this audit log could be too > many; and having such large number of tags in audit logs of 'use <dbName>' > command may not be useful. It will be better not to log tags in audit logs > for 'use <dbName>' commands. Policy-id recorded in the audit log can be used > to identity the tag, if a tag-based policy authorized the command. > > > Diffs > ----- > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > 9dea37a > > > Diff: https://reviews.apache.org/r/63055/diff/1/ > > > Testing > ------- > > Tested with local VM > > > Thanks, > > Abhay Kulkarni > >
