Auditing Data Access Operations
Describes MapR-FS, MapR-DB, and MapR-ES operations that are audited by default and operations that can be selectively enabled or disabled for auditing.
This type of auditing is for operations that are managed by the MapR-FS, MapR-DB, and MapR-ES. These operations take place within volumes and have effects at the level of the MapR file system.
Auditing of Operations on Directories and Files
The following table shows whether (Y) or not (N)
the following operations on files and directories are audited. In the table, the
operations with Y in the Selective Auditing Support column
can be included and/or excluded from auditing and operations with N
in the Selective Auditing Support column are audited by default and cannot be
excluded from auditing. Use the name specified in the Operation Name to use for
Selective Auditing column when you run the maprcli
command to enable or disable auditing for that operation.
| Operation | Name in Audit Logs | Operation Name to use for Selective Auditing | Directories | Files | Selective Auditing Support |
|---|---|---|---|---|---|
| Change group owner | CHGRP | chgrp | Y | Y | Y |
| Change owner | CHOWN | chown | Y | Y | Y |
| Change permissions | CHPERM | chperm | Y | Y | Y |
| Create | CREATE | create | N/A | Y | Y |
| Create symbolic link | CREATESYM | createsym | Y | Y | Y |
| Delete file | DELETE | delete | N/A | Y | Y |
| Disable auditing | DISABLEAUDIT | N/A | Y | Y | N |
| Enable auditing | ENABLEAUDIT | N/A | Y | Y | N |
| Get attributes | GETATTR | geattr | N | N | Y |
| Get extended attributes | GETXATTR | getxattr | Y | Y | Y |
| Get the mode bits for files/directories accessed over NFS | GETPERM | getperm | Y | Y | Y |
| List extended attributes | LISTXATTR | listxattr | Y | Y | Y |
| Lookup | LOOKUP | lookup | Y | Y | Y |
| Create directory | MKDIR | mkdir | Y | N/A | Y |
| Read a file | READ | read | N/A | Y | Y |
| Read a directory | READDIR | readdir | Y | N/A | Y |
| Remove extended attributes | REMOVEXATTR | removexattr | Y | Y | Y |
| Rename | RENAME | rename | Y | Y | Y |
| Delete a directory | RMDIR | rmdir | Y | N/A | Y |
| Set attributes | SETATTR | setattr | Y | Y | Y |
| Set extended attributes | SETXATTR | setxattr | Y | Y | Y |
| Truncate a file | TRUNCATE | truncate | N/A | Y | Y |
| Write to a file | WRITE | write | N/A | Y | Y |
Auditing of Operations on MapR-DB Binary Tables and JSON Tables
The following operations on both types of MapR-DB tables are audited by default.
Operations with Y in the Selective Auditing Support column
can be included and/or excluded from auditing. Operations with N in
the Selective Auditing Support column are audited by default and cannot be
excluded from auditing. Use the name specified in the Operation Name to use for
Selective Auditing column when you run the maprcli
command to enable or disable auditing for that operation.
| Operation | Name in Audit Logs | Operation Name to use for Selective Auditing | Selective Auditing Support |
|---|---|---|---|
| Create a column family | DB_CFCREATE | tablecfcreate | Y |
| Modify a column family | DB_CFMODIFY | tablecfmodify | Y |
| Delete a column family | DB_CFREMOVE | tablecfdelete | Y |
| Scan a column | DB_CFSCAN | tablecfscan | Y |
| Get data | DB_GET | tableget | Y |
| Perform incremental bulk load | DB_IMPORTBUCKET | N/A | N |
| Perform full bulk load | DB_IMPORTSEGMENT | N/A | N |
| Put data | DB_PUT | tableput | Y |
| Compact a table region | DB_REGIONCOMPACT | N/A | N |
| Look up a region on the current node | DB_REGIONLOOKUP | N/A | N |
| Merge two consecutive regions | DB_REGIONMERGE | N/A | N |
| Split a region into two | DB_REGIONSPLIT | N/A | N |
| Configure a replica for a table | DB_REPLICAADD | N/A | N |
| Edit the replica for a table | DB_REPLICAEDIT | N/A | N |
| List the replicas for a table | DB_REPLICALIST | N/A | N |
| Remove a replica for a table | DB_REPLICAREMOVE | N/A | N |
| Scan a table | DB_SCAN | tablescan | Y |
| Create a table | DB_TABLECREATE | tablecreate | Y |
| View information about a table | DB_TABLEINFO | tableinfo | Y |
| Modify a table | DB_TABLEMODIFY | tablemodify | Y |
| Add an upstream source to a replica | DB_UPSTREAMADD | N/A | N |
| List all upstream sources for a replica | DB_UPSTREAMLIST | N/A | N |
| Remove an upstream source for a replica | DB_UPSTREAMREMOVE | N/A | N |
Auditing of Operations on MapR-ES
The following operations on MapR-ES are audited by default. Operations with
Y in the Selective Auditing Support column can be
included and/or excluded from auditing. Operations with N in the
Selective Auditing Support column are audited by default and cannot be
excluded from auditing. Use the name specified in the Operation Name to use for
Selective Auditing column when you run the maprcli
command to enable or disable auditing for that operation.
| Operation | Name in Audit Logs | Operation Name to use for Selective Auditing | Selective Auditing Support |
|---|---|---|---|
| Modify attributes or permissions of a stream | DB_CFMODIFY | tablecfmodify | Y |
| Produce messages to topics of a stream | DB_PUT | tableput | Y |
| Add a replica | DB_REPLICAADD | N/A | N |
| Edit a replica | DB_REPLICAEDIT | N/A | N |
| List the replicas for a stream | DB_REPLICALIST | N/A | N |
| Remove a replica | DB_REPLICAREMOVE | N/A | N |
| Consume messages from topics of a stream | DB_SCAN | tablescan | Y |
| Add an upstream source to a replica | DB_UPSTREAMADD | N/A | N |
| List all upstream sources for a replica | DB_UPSTREAMLIST | N/A | N |
| Remove an upstream source from a replica | DB_UPSTREAMREMOVE | N/A | N |