[
https://issues.jboss.org/browse/TEIID-3554?page=com.atlassian.jira.plugin...
]
Van Halbert commented on TEIID-3554:
------------------------------------
Can the info that's put in the exception be different than what's written to the
audit log?
If so, would be good if the role that is in the VDB that controls the access be written to
audit log, but not put into the exception. So when its denied, only care what role
thats important (and what the user doesn't have). Additionally, when access is
given, the role that was used for access. Also, if the VDB is sequenced, a report could
be run between metadata and audit log to analyze for any differences. It would be a
backdoor check to make sure no one changes the the VDB and gives access that isn't
modeled thru the standard process.
Audit log is missing details related to what role was applied and
what info was allowed or denied
-------------------------------------------------------------------------------------------------
Key: TEIID-3554
URL:
https://issues.jboss.org/browse/TEIID-3554
Project: Teiid
Issue Type: Quality Risk
Components: Server
Affects Versions: 8.7.1.6_2
Reporter: Van Halbert
Assignee: Steven Hawkins
Attachments: portfolioroles_data.xlsx
Using the dynamicvdb-dataroles quick start as the basis for triggering the audit log.
Executing the view query: "Select * from StockPrice" . The query will only
present the "price" column value when the user has the "prices" role.
When performing queries with a user (name=teiidUser) that doesn't have the
"prices" role versus one that does (name=portfolio), doesn't provide any
discerning information in the audit log to indicate that a role was applied to the data.
Attaching excel file of the audit log data.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)