[
https://issues.apache.org/jira/browse/HBASE-6585?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13434762#comment-13434762
]
Marcelo Vanzin commented on HBASE-6585:
---------------------------------------
The "delete" case was just one example. If you need others:
. I can't differentiate add / modify / delete column, since all are "CREATE |
ADMIN"
. I can't differentiate create / enable / disable / delete table, since all are
"CREATE | ADMIN"
. Similar conflicts for move / assign / unassign.
. Maybe others I missed.
I understand that the issue you mention (whether "delete" should be its own
action) might be something that makes sense in HBase, but there's more here
than just delete.
> Audit log messages should contain info about the higher level operation being
> executed
> --------------------------------------------------------------------------------------
>
> Key: HBASE-6585
> URL: https://issues.apache.org/jira/browse/HBASE-6585
> Project: HBase
> Issue Type: Improvement
> Affects Versions: 0.96.0
> Reporter: Marcelo Vanzin
> Priority: Minor
>
> Currently, audit log messages contains the "action" for which access was
> checked; this is one of READ, WRITE, CREATE or ADMIN.
> These give very little information to the person digging into the logs about
> what was done, though. You can't ask "who deleted rows from table x?",
> because "delete" is translated to a "WRITE" action.
> It would be nice if the audit logs contained the higher-level operation,
> either replacing or in addition to the RWCA information.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
