Marcelo Vanzin created HBASE-6386:
-------------------------------------
Summary: Audit log messages do not include column family /
qualifier information consistently
Key: HBASE-6386
URL: https://issues.apache.org/jira/browse/HBASE-6386
Project: HBase
Issue Type: Improvement
Components: security
Reporter: Marcelo Vanzin
The code related to this issue is in AccessController.java:permissionGranted().
When creating audit logs, that method will do one of the following:
* grant access, create audit log with table name only
* deny access because of table permission, create audit log with table name only
* deny access because of column family / qualifier permission, create audit log
with specific family / qualifier
So, in the case where more than one column family and/or qualifier are in the
same request, there will be a loss of information. Even in the case where only
one column family and/or qualifier is involved, information may be lost.
It would be better if this behavior consistently included all the information
in the request; regardless of access being granted or denied, and regardless
which permission caused the denial, the column family and qualifier info should
be part of the audit log message.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
