Attila Bukor created KUDU-3293:
----------------------------------
Summary: Confusing Ranger audit logs
Key: KUDU-3293
URL: https://issues.apache.org/jira/browse/KUDU-3293
Project: Kudu
Issue Type: Bug
Components: authz, ranger
Reporter: Attila Bukor
When a client opens a table, the master authorizes DML actions on it and
returns a list of allowed actions to the client which is then forwarded to the
tablet servers so that it doesn't have to talk to Ranger. This significantly
reduces the number of requests to Ranger, but it messes with the audit logs, as
it will show ALL, and if it's denied, then also SELECT, UPDATE, INSERT and
DELETE for each open table request, even if the client is only doing one of
these things. which can be confusing.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
