[jira] [Commented] (HBASE-22759) Add user info to AUDITLOG events when doing grant/revoke

Wed, 07 Aug 2019 19:07:02 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-22759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16902586#comment-16902586
 ] 

Hudson commented on HBASE-22759:
--------------------------------

Results for branch master
        [build #1317 on 
builds.a.o|https://builds.apache.org/job/HBase%20Nightly/job/master/1317/]: (x) 
*{color:red}-1 overall{color}*
----
details (if available):

(/) {color:green}+1 general checks{color}
-- For more information [see general 
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1317//General_Nightly_Build_Report/]




(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2) 
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1317//JDK8_Nightly_Build_Report_(Hadoop2)/]


(/) {color:green}+1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3) 
report|https://builds.apache.org/job/HBase%20Nightly/job/master/1317//JDK8_Nightly_Build_Report_(Hadoop3)/]


(/) {color:green}+1 source release artifact{color}
-- See build output for details.


(/) {color:green}+1 client integration test{color}


> Add user info to AUDITLOG events when doing grant/revoke
> --------------------------------------------------------
>
>                 Key: HBASE-22759
>                 URL: https://issues.apache.org/jira/browse/HBASE-22759
>             Project: HBase
>          Issue Type: Improvement
>          Components: logging, security
>    Affects Versions: 3.0.0, 2.2.0, 2.1.5
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>             Fix For: 3.0.0, 2.3.0, 2.2.1, 2.1.6
>
>
> On *branch-2.1* the AUDITLOG events is raised like this:
> {noformat}
> AUDITLOG.trace("Granted permission " + perm.toString());{noformat}
> I'd like to extend this line with "caller" user info like this:
> {noformat}
> AUDITLOG.trace("User {} granted permission {}", caller, 
> perm.toString());{noformat}
> Similar change is proposed for Revoke event.
> On branch-2.2+ grant() and revoke() methods in AccessController have been 
> deprecated and logic was moved to {{MasterRpcServices}}, but that class 
> doesn't do any audit logging. I'm not sure about why audit logging has been 
> removed and about any replacement in the refactored logic, but Audit logging 
> is a crucial security tool in our environment to track change events on ACLs.
> I'm planning to add AUDITLOG to {{MasterRpcServices}} to bring back this 
> functionality, but please FIXME and point me in the right direction if needed.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Reply via email to