Fang-Yu Rao created IMPALA-14226:
------------------------------------
Summary: Create Ranger audit event for KILL QUERY statement
Key: IMPALA-14226
URL: https://issues.apache.org/jira/browse/IMPALA-14226
Project: IMPALA
Issue Type: Bug
Reporter: Fang-Yu Rao
Assignee: Fang-Yu Rao
Currently no Ranger audit event is produced after the authorization of the KILL
QUERY statement implemented in IMPALA-12648.
There are 2 cases to consider.
- When the requesting user is granted the ALL privilege on SERVER. This case
is easier. For the KILL QUERY statement, during the authorization, we need to
call authzCtx.setRetainAudits(true) to make Impala produce Ranger's audit event.
- When the requesting user is the owner of the query to be killed. This
requires more work. We may call
{{ExecEnv::GetInstance()->frontend()->CallQueryCompleteHooks()}} as done in
[https://github.com/apache/impala/blob/master/be/src/service/client-request-state.cc]
when generating the query lineage. We will have to figure out a) how to
generate the respective AuthzAuditEvent, and b) how to instantiate a
RangerBufferAuditHandler to send the audit event to Ranger service via
{{flush()}}.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
