[
https://issues.apache.org/jira/browse/RANGER-3685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17615554#comment-17615554
]
Madhan Neethiraj commented on RANGER-3685:
------------------------------------------
[~Xuze Yang] - glad this was helpful. More details of audit-filters feature
are available in wiki at
[https://cwiki.apache.org/confluence/display/RANGER/Ranger+Audit+Filters.]
> hive 'show' sql produces excessive audit log
> --------------------------------------------
>
> Key: RANGER-3685
> URL: https://issues.apache.org/jira/browse/RANGER-3685
> Project: Ranger
> Issue Type: Improvement
> Components: audit
> Affects Versions: 2.1.0
> Reporter: Xuze Yang
> Assignee: Xuze Yang
> Priority: Major
> Attachments:
> RANGER-3685-hive-show-sql-produces-excessive-audit-l.patch
>
>
> Since ranger2.1.0. For "show databases", user needs any permission on
> Database to get authorized. RangerHiveAuthorizer.filterListCmdObjects() is
> implemented to filter out the database which user don't have access to.
> This is a good implementation, but a problem comes with it:the method will
> record an audit log for each database(each table for "show tables"). In our
> production environment, There are 80,000 tables under a database of hive. A
> show tables operation will generate 80001(The extra one is the verification
> of USE permissions) audit logs. Unfortunately, our customers will frequently
> call the show tables operation.
> This brings up two problems:
> # Valuable audit logs are flooded
> # Take up a lot of storage resources
> For problem.2, such a scenario has occurred in our environment: our audit log
> destination is down. All audit logs are spooled in disk files, several days
> later, the size of the disk file exceeded 800G, causing other components to
> fail to provide services normally.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
