[
https://issues.apache.org/jira/browse/HBASE-26160?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17391513#comment-17391513
]
Bryan Beaudreault commented on HBASE-26160:
-------------------------------------------
Good point [~anoop.hbase]. I was thinking you'd have to explicitly reference
each logger, but I just pushed a commit so that we do a startsWith check
instead of equals. This should work more like how log4j log levels work.
> Configurable disallowlist for live editing of loglevels
> -------------------------------------------------------
>
> Key: HBASE-26160
> URL: https://issues.apache.org/jira/browse/HBASE-26160
> Project: HBase
> Issue Type: Improvement
> Reporter: Bryan Beaudreault
> Assignee: Bryan Beaudreault
> Priority: Minor
>
> We currently use log4j/slf4j for audit logging in AccessController. This is
> convenient but presents a security/compliance risk because we allow
> live-editing of logLevels via the UI. One can simply set the logger to OFF
> and then perform actions un-audited.
> We should add a configuration for setting certain log levels to read-only
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
