Fang-Yu Rao created IMPALA-12329:
------------------------------------
Summary: Access type of Ranger audit event being set up in more
than one place inconsistently
Key: IMPALA-12329
URL: https://issues.apache.org/jira/browse/IMPALA-12329
Project: IMPALA
Issue Type: Bug
Reporter: Fang-Yu Rao
Assignee: Fang-Yu Rao
We found that for some queries, the access type of Ranger audit event could be
set up in more than one place inconsistently.
For instance, take the TRUNCATE TABLE statement for example. During the
authorization of this query, the access type of the corresponding Ranger audit
event would be first set up to "update" at
[RangerAuthorizationChecker#authorizeResource()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java#L664].
But later at
[RangerAuthorizationChecker#updateAuditEvents()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java#L645],
the access type will be set up to "insert" which is the value of
privilege.name().toLowerCase().
We probably should not have to set up the access type differently in 2 places.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
