[teiid-issues] [JBoss JIRA] (TEIID-3554) Audit log is missing details related to what role was applied and what info was allowed or denied

Van Halbert (JIRA) issues at jboss.org
Tue Jun 23 15:48:02 EDT 2015 

    [ https://issues.jboss.org/browse/TEIID-3554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13083031#comment-13083031 ] 

Van Halbert commented on TEIID-3554:
------------------------------------

Can the info that's put in the exception be different than what's written to the audit log?

If so, would be good if the role that is in the VDB that controls the access be written to audit log, but not put into the exception.    So when its denied, only care what role thats important (and what the user doesn't have).     Additionally, when access is given, the role that was used for access.   Also, if the VDB is sequenced, a report could be run between metadata and audit log to analyze for any differences.   It would be a backdoor check to make sure no one changes the the VDB and gives access that isn't modeled thru the standard process.

> Audit log is missing details related to what role was applied and what info was allowed or denied
> -------------------------------------------------------------------------------------------------
>
>                 Key: TEIID-3554
>                 URL: https://issues.jboss.org/browse/TEIID-3554
>             Project: Teiid
>          Issue Type: Quality Risk
>          Components: Server
>    Affects Versions: 8.7.1.6_2
>            Reporter: Van Halbert
>            Assignee: Steven Hawkins
>         Attachments: portfolioroles_data.xlsx
>
>
> Using the dynamicvdb-dataroles quick start as the basis for triggering the audit log.   Executing the view query:  "Select * from StockPrice" .  The query will only present the "price" column value when the user has the "prices" role.  When performing queries with a user (name=teiidUser) that doesn't have the "prices" role versus one that does (name=portfolio), doesn't provide any discerning information in the audit log to indicate that a role was applied to the data.  
> Attaching excel file of the audit log data.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

More information about the teiid-issues mailing list