[
https://issues.apache.org/jira/browse/RANGER-3685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xuze Yang updated RANGER-3685:
------------------------------
Attachment: submit patch.pdf
> hive 'show' sql produces excessive audit log
> --------------------------------------------
>
> Key: RANGER-3685
> URL: https://issues.apache.org/jira/browse/RANGER-3685
> Project: Ranger
> Issue Type: Improvement
> Components: audit
> Affects Versions: 2.1.0
> Reporter: Xuze Yang
> Priority: Major
> Attachments: 0001-1.-hive-show-sql.patch, submit patch.pdf
>
>
> Since ranger2.1.0. For "show databases", user needs any permission on
> Database to get authorized. RangerHiveAuthorizer.filterListCmdObjects() is
> implemented to filter out the database which user don't have access to.
> This is a good implementation, but a problem comes with it:the method will
> record an audit log for each database(each table for "show tables"). In our
> production environment, There are 80,000 tables under a database of hive. A
> show tables operation will generate 80001(The extra one is the verification
> of USE permissions) audit logs. Unfortunately, our customers will frequently
> call the show tables operation.
> This brings up two problems:
> # Valuable audit logs are flooded
> # Take up a lot of storage resources
> For problem.2, such a scenario has occurred in our environment: our audit log
> destination is down. All audit logs are spooled in disk files, several days
> later, the size of the disk file exceeded 800G, causing other components to
> fail to provide services normally.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
