[jira] [Commented] (HBASE-13235) Revisit the security auditing semantics.

Sun, 15 Mar 2015 19:38:33 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-13235?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362673#comment-14362673
 ] 

Srikanth Srungarapu commented on HBASE-13235:
---------------------------------------------

The following are the excerpts from audit logs relevant to the changes:
{code}
46:2015-03-15 19:20:47,052 TRACE 
SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController: Access 
allowed for user ssrungarapu; reason: Global check allowed; remote address: 
/192.168.1.5; request: createNamespace; context: (user=ssrungarapu, 
scope=GLOBAL, non-scope=[namespace=ns],action=ADMIN)
49:2015-03-15 19:20:53,873 TRACE 
SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController: Access 
allowed for user ssrungarapu; reason: Namespace permission granted; remote 
address: /192.168.1.5; request: createTable; context: (user=ssrungarapu, 
scope=default, non-scope=[table=default:test,family=f1],action=CREATE)
77:2015-03-15 19:21:03,780 TRACE 
SecurityLogger.org.apache.hadoop.hbase.security.access.AccessController: Access 
allowed for user ssrungarapu; reason: Table permission granted; remote address: 
/192.168.1.5; request: addColumn; context: (user=ssrungarapu, 
scope=default:test, non-scope=[family=f2],action=ADMIN)
{code}

> Revisit the security auditing semantics.
> ----------------------------------------
>
>                 Key: HBASE-13235
>                 URL: https://issues.apache.org/jira/browse/HBASE-13235
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Srikanth Srungarapu
>            Assignee: Srikanth Srungarapu
>         Attachments: HBASE-13235.patch
>
>
> More specifically, the following things need a closer look. (Will include 
> more based on feedback and/or suggestions)
> * Table name (say test) instead of fully qualified table name(default:test) 
> being used.
> * Right now, we're using the scope to be similar to arguments for operation. 
> Would be better to decouple the arguments for operation and scope involved in 
> checking. For e.g. say for createTable, we have the following audit log
> {code}
> Access denied for user esteban; reason: Insufficient permissions; remote 
> address: /10.20.30.1; request: createTable; context: (user=srikanth@XXX, 
> scope=default, action=CREATE)
> {code}
> The scope was rightly being used as default namespace, but we're missing out 
> the information like operation params for CREATE which we used to log prior 
> to HBASE-12511.
> Would love to hear inputs on this!



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to