Fang-Yu Rao has uploaded this change for review. ( http://gerrit.cloudera.org:8080/18656
Change subject: IMPALA-11382: Produce log for unauthorized SELECT on non-existing table ...................................................................... IMPALA-11382: Produce log for unauthorized SELECT on non-existing table This patch revised the logic of Ranger audit log generation such that unauthorized SELECT operation on non-existing tables would be produced as well. In addition, this patch also fixed a subtle bug where an authorized table event could be produced even though the authorization failed with respect to a deny policy on a column in the same table. The code comments in RangerAuthorizationChecker#authorizeTableAccess() was also updated to reflect Impala's current behavior with respect to Ranger audit log generation. Testing: - Added a test case to verified the log corresponding to an unauthorized SELECT operation on a non-existing table is produced. Change-Id: I92b2a6acc920de1d2d14b991c374a4550e742f7b --- M fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java M fe/src/test/java/org/apache/impala/authorization/ranger/RangerAuditLogTest.java 2 files changed, 43 insertions(+), 21 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/56/18656/1 -- To view, visit http://gerrit.cloudera.org:8080/18656 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I92b2a6acc920de1d2d14b991c374a4550e742f7b Gerrit-Change-Number: 18656 Gerrit-PatchSet: 1 Gerrit-Owner: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Aman Sinha <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Kurt Deschler <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]>
