[jira] [Updated] (RANGER-4291) If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created

Abhay Kulkarni (Jira) Fri, 16 Jun 2023 10:40:56 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-4291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Abhay Kulkarni updated RANGER-4291:
-----------------------------------
    Summary: If a ROW_FILTER type policy resources match, then an audit log 
record with Result=Denied is created  (was: If a ROW_FILTER type policy 
resources match, then an audit log record with Result=Denied i created)

> If a ROW_FILTER type policy resources match, then an audit log record with 
> Result=Denied is created
> ---------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4291
>                 URL: https://issues.apache.org/jira/browse/RANGER-4291
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>
> ROW_FILTER (and DATA_MASKING) policies are supported for Hive service type. 
> For a Hive resource being authorized, if a ROW_FILTER (or DATA_MASKING) 
> policy's resource-specification are matched but none of the policy-items 
> match, then effectively the policy did not match. However, if the policy has 
> audit enabled, then an audit log record is created with Access 
> Type=ROW_FILTER and Result=Denied.
> This is a spurious and misleading audit record, and it should not be 
> generated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4291) If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created

Reply via email to