[
https://issues.apache.org/jira/browse/HBASE-22759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Somogyi resolved HBASE-22759.
-----------------------------------
Resolution: Fixed
Thanks [~andorm]!
Merged #427 and #445 addendum to branch-2.1; #428 to branch-2.2+.
> Add user info to AUDITLOG events when doing grant/revoke
> --------------------------------------------------------
>
> Key: HBASE-22759
> URL: https://issues.apache.org/jira/browse/HBASE-22759
> Project: HBase
> Issue Type: Improvement
> Components: logging, security
> Affects Versions: 3.0.0, 2.2.0, 2.1.5
> Reporter: Andor Molnar
> Assignee: Andor Molnar
> Priority: Major
> Fix For: 3.0.0, 2.3.0, 2.2.1, 2.1.6
>
>
> On *branch-2.1* the AUDITLOG events is raised like this:
> {noformat}
> AUDITLOG.trace("Granted permission " + perm.toString());{noformat}
> I'd like to extend this line with "caller" user info like this:
> {noformat}
> AUDITLOG.trace("User {} granted permission {}", caller,
> perm.toString());{noformat}
> Similar change is proposed for Revoke event.
> On branch-2.2+ grant() and revoke() methods in AccessController have been
> deprecated and logic was moved to {{MasterRpcServices}}, but that class
> doesn't do any audit logging. I'm not sure about why audit logging has been
> removed and about any replacement in the refactored logic, but Audit logging
> is a crucial security tool in our environment to track change events on ACLs.
> I'm planning to add AUDITLOG to {{MasterRpcServices}} to bring back this
> functionality, but please FIXME and point me in the right direction if needed.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
