[jira] [Updated] (RANGER-4291) If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created

Madhan Neethiraj (Jira) Thu, 20 Jun 2024 17:29:55 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-4291?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Madhan Neethiraj updated RANGER-4291:
-------------------------------------
    Fix Version/s: 3.0.0
                   2.5.0

> If a ROW_FILTER type policy resources match, then an audit log record with 
> Result=Denied is created
> ---------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-4291
>                 URL: https://issues.apache.org/jira/browse/RANGER-4291
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Abhay Kulkarni
>            Assignee: Abhay Kulkarni
>            Priority: Major
>             Fix For: 3.0.0, 2.5.0
>
>
> ROW_FILTER policies are supported for Hive service type. For a Hive resource 
> being authorized, if a ROW_FILTER  policy's resource-specification are 
> matched but none of the policy-items match, then effectively the policy did 
> not match. However, if the policy has audit enabled, then an audit log record 
> is created with Access Type=ROW_FILTER and Result=Denied.
> This is a spurious and misleading audit record, and it should not be 
> generated.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (RANGER-4291) If a ROW_FILTER type policy resources match, then an audit log record with Result=Denied is created

Reply via email to