[
https://issues.apache.org/jira/browse/HBASE-6386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13427495#comment-13427495
]
Marcelo Vanzin commented on HBASE-6386:
---------------------------------------
I haven't profiled the code. But I think I can easily make it on par with the
previous version by keeping the old single family / qualifier behavior as an
optimization; that way there's no need to create a family map all the time. The
only places that would need to create the map are places that today already
create a new structure for that info (e.g. preCheckAndPut()).
bq. AuthResult methods can either be public or package scoped.
I think Stack was worried that I changed the visibility from public to private,
so if anyone was using those methods for any reason, things will break for
them. I wouldn't expect anyone to be doing that, but you never know.
> Audit log messages do not include column family / qualifier information
> consistently
> ------------------------------------------------------------------------------------
>
> Key: HBASE-6386
> URL: https://issues.apache.org/jira/browse/HBASE-6386
> Project: HBase
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.96.0
> Reporter: Marcelo Vanzin
> Attachments: hbase-6386-v1.patch
>
>
> The code related to this issue is in
> AccessController.java:permissionGranted().
> When creating audit logs, that method will do one of the following:
> * grant access, create audit log with table name only
> * deny access because of table permission, create audit log with table name
> only
> * deny access because of column family / qualifier permission, create audit
> log with specific family / qualifier
> So, in the case where more than one column family and/or qualifier are in the
> same request, there will be a loss of information. Even in the case where
> only one column family and/or qualifier is involved, information may be lost.
> It would be better if this behavior consistently included all the information
> in the request; regardless of access being granted or denied, and regardless
> which permission caused the denial, the column family and qualifier info
> should be part of the audit log message.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
