[
https://issues.apache.org/jira/browse/HBASE-22759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16901362#comment-16901362
]
Hudson commented on HBASE-22759:
--------------------------------
Results for branch branch-2.1
[build #1455 on
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/1455/]:
(x) *{color:red}-1 overall{color}*
----
details (if available):
(x) {color:red}-1 general checks{color}
-- For more information [see general
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/1455//General_Nightly_Build_Report/]
(/) {color:green}+1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/1455//JDK8_Nightly_Build_Report_(Hadoop2)/]
(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/1455//JDK8_Nightly_Build_Report_(Hadoop3)/]
(x) {color:red}-1 source release artifact{color}
-- See build output for details.
(x) {color:red}-1 client integration test{color}
-- Something went wrong with this stage, [check relevant console
output|https://builds.apache.org/job/HBase%20Nightly/job/branch-2.1/1455//console].
> Add user info to AUDITLOG events when doing grant/revoke
> --------------------------------------------------------
>
> Key: HBASE-22759
> URL: https://issues.apache.org/jira/browse/HBASE-22759
> Project: HBase
> Issue Type: Improvement
> Components: logging, security
> Affects Versions: 3.0.0, 2.2.0, 2.1.5
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Major
> Fix For: 3.0.0, 2.3.0, 2.2.1, 2.1.6
>
>
> On *branch-2.1* the AUDITLOG events is raised like this:
> {noformat}
> AUDITLOG.trace("Granted permission " + perm.toString());{noformat}
> I'd like to extend this line with "caller" user info like this:
> {noformat}
> AUDITLOG.trace("User {} granted permission {}", caller,
> perm.toString());{noformat}
> Similar change is proposed for Revoke event.
> On branch-2.2+ grant() and revoke() methods in AccessController have been
> deprecated and logic was moved to {{MasterRpcServices}}, but that class
> doesn't do any audit logging. I'm not sure about why audit logging has been
> removed and about any replacement in the refactored logic, but Audit logging
> is a crucial security tool in our environment to track change events on ACLs.
> I'm planning to add AUDITLOG to {{MasterRpcServices}} to bring back this
> functionality, but please FIXME and point me in the right direction if needed.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
