Fang-Yu Rao created IMPALA-14956:
------------------------------------
Summary: Create Ranger audit events for GRANT/REVOKE statement
Key: IMPALA-14956
URL: https://issues.apache.org/jira/browse/IMPALA-14956
Project: IMPALA
Issue Type: Task
Reporter: Fang-Yu Rao
Assignee: Fang-Yu Rao
Take the {{GRANT ROLE}} statement for example, when Ranger is the authorization
provider for Apache Hive, we execute "{{{}createAuditEvent(){}}}" to produce
the respective audit event as follows
([https://github.com/apache/ranger/blob/master/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java#L609])
to produce its Ranger audit event. We should produce a Ranger audit event for
the GRANT/REVOKE statements too in Impala.
{code:java}
public void grantRole(List<HivePrincipal> hivePrincipals, List<String>
roles, boolean grantOption, HivePrincipal grantorPrinc) throws
HiveAccessControlException {
LOG.debug("RangerHiveAuthorizerBase.grantRole()");
boolean result = false;
RangerHiveAuditHandler auditHandler = new
RangerHiveAuditHandler(hivePlugin.getConfig());
String username = getGrantorUsername(grantorPrinc);
List<String> principals = new ArrayList<>();
try {
GrantRevokeRoleRequest request = new GrantRevokeRoleRequest();
...
hivePlugin.grantRole(request, auditHandler);
result = true;
} catch (Exception excp) {
throw new HiveAccessControlException(excp);
} finally {
RangerAccessResult accessResult = createAuditEvent(hivePlugin,
username, principals, HiveOperationType.GRANT_ROLE, HiveAccessType.ALTER,
roles, result);
auditHandler.processResult(accessResult);
auditHandler.flushAudit();
}
}
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
