Csaba Ringhofer has posted comments on this change. ( http://gerrit.cloudera.org:8080/16524 )
Change subject: IMPALA-10192: Filter out redundant AuthzAuditEvent's for column masking ...................................................................... Patch Set 3: Code-Review+1 (2 comments) http://gerrit.cloudera.org:8080/#/c/16524/1//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/16524/1//COMMIT_MSG@9 PS1, Line 9: We found that Ranger would generate an AuthzAuditEvent as long as : there exists a column masking policy corresponding to the column : even though the policy does not apply to the requesting user > Thanks Csaba! I have consulted Abhay Kulkarni on the Ranger project about t Thanks for investigating this! If this is an expected behavior than I agree that it is the best to just remove the extra event as the patch does. http://gerrit.cloudera.org:8080/#/c/16524/1//COMMIT_MSG@30 PS1, Line 30: Furthermore, we also revise all the checks : for the generated AuthzAuditEvent's due to the evaluation of column : masking policies so that a failed check would also result in an entry in : the error log. > Thanks Csaba for the feedback! I will add back the removed checks according I see that you kept both the checks and the logs - do you think that the logs are necessary? The failed preconditions are always added to the error log AFAIK. -- To view, visit http://gerrit.cloudera.org:8080/16524 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I1dbf65874003523b5176680e42f26fa2114c229b Gerrit-Change-Number: 16524 Gerrit-PatchSet: 3 Gerrit-Owner: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Comment-Date: Tue, 06 Oct 2020 20:51:40 +0000 Gerrit-HasComments: Yes
